chore(repo): Resolve dependabot alerts

[wobsoriano]

Description

This PR addresses Dependabot security alerts by updating vulnerable dependencies across 4 packages. An additional 14 transitive dependency alerts will be automatically resolved when these updates propagate through the dependency tree.

@clerk/agent-toolkit

• https://github.com/clerk/javascript/security/dependabot/469
• https://github.com/clerk/javascript/security/dependabot/444

@clerk/nextjs

• https://github.com/clerk/javascript/security/dependabot/501
• https://github.com/clerk/javascript/security/dependabot/452
• https://github.com/clerk/javascript/security/dependabot/451
• https://github.com/clerk/javascript/security/dependabot/450

@clerk/fastify

• https://github.com/clerk/javascript/security/dependabot/518
• https://github.com/clerk/javascript/security/dependabot/517

@clerk/react-router

• https://github.com/clerk/javascript/security/dependabot/478
• https://github.com/clerk/javascript/security/dependabot/476
• https://github.com/clerk/javascript/security/dependabot/474
• https://github.com/clerk/javascript/security/dependabot/472

Dependabot should rescan and close transitive dependency alerts

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• Chores
  • Updated Model Context Protocol SDK dependency to address security alerts.
  • Updated development dependencies: Fastify, Next.js, and React Router to latest stable versions for improved compatibility and stability.

[changeset-bot]

🦋 Changeset detected

Latest commit: 178b9ee

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@clerk/agent-toolkit	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Feb 3, 2026 6:52am

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a new changeset file and updates multiple package dependencies across the monorepo. The @modelcontextprotocol/sdk dependency in the agent-toolkit package is bumped from 1.7.0 to 1.25.2 to address security alerts. Development dependencies are also updated: fastify from ^5.6.1 to ^5.7.2, Next.js from 15.2.8 to 15.5.10, and react-router from 7.9.4 to 7.12.0. No changes are made to exported or public code entities.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'chore(repo): Resolve dependabot alerts' accurately reflects the main objective of updating vulnerable dependencies across multiple packages to address security alerts.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7739

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7739

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7739

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7739

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7739

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7739

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7739

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7739

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7739

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7739

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7739

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7739

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7739

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7739

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7739

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7739

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7739

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7739

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7739

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7739

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7739

commit: 178b9ee