chore(deps)(deps-dev): bump the dev-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the dev-dependencies group with 8 updates in the / directory:

Package	From	To
@next/bundle-analyzer	16.1.6	16.2.6
@next/mdx	16.1.6	16.2.6
@tailwindcss/postcss	4.1.18	4.3.0
@typescript-eslint/parser	8.54.0	8.59.2
agent-browser	0.8.4	0.27.0
ajv	8.17.1	8.20.0
vitest	4.0.18	4.1.5
wrangler	4.61.0	4.90.0

Updates @next/bundle-analyzer from 16.1.6 to 16.2.6

Release notes

Sourced from @​next/bundle-analyzer's releases.

v16.2.6

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.5

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)

... (truncated)

Commits

• ee6e79b v16.2.6
• 766148f v16.2.5
• 2275bd8 v16.2.4
• d5f649b v16.2.3
• 52faae3 v16.2.2
• ed7d2ce v16.2.1
• c5c94df v16.2.0
• 3683192 v16.2.0-canary.104
• 6689814 v16.2.0-canary.103
• ad66dbc v16.2.0-canary.102
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​next/bundle-analyzer since your current version.

Updates @next/mdx from 16.1.6 to 16.2.6

Release notes

Sourced from @​next/mdx's releases.

v16.2.6

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.5

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)

... (truncated)

Commits

• ee6e79b v16.2.6
• 766148f v16.2.5
• 2275bd8 v16.2.4
• d5f649b v16.2.3
• 52faae3 v16.2.2
• ed7d2ce v16.2.1
• c5c94df v16.2.0
• 3683192 v16.2.0-canary.104
• 6689814 v16.2.0-canary.103
• ad66dbc v16.2.0-canary.102
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​next/mdx since your current version.

Updates @tailwindcss/postcss from 4.1.18 to 4.3.0

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.3.0

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

v4.2.4

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

• Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
• Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
• Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
• Upgrade: never migrate files that are ignored by git (#19846)

... (truncated)

Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.3.0] - 2026-05-08

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

[4.2.4] - 2026-04-21

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

• Canonicalization: improve canonicalization for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)

... (truncated)

Commits

• 588bd73 4.3.0 (#20023)
• 12eb5ae Cleanup noisy test output (#20015)
• 4255671 Improve snapshot tests (#20013)
• 52f94c7 Improve codebase quality (#19999)
• d194d4c docs: fix various typos in comments and documentation (#19878)
• bfb5732 Fall back to the plugin base when PostCSS has no from option (#19980)
• 3a890c3 Bump dependencies (#19957)
• 69ad7cc 4.2.4 (#19948)
• 685c19e Fix issue around resolving paths in @tailwindcss/vite (#19947)
• 2e3fa49 4.2.3 (#19944)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tailwindcss/postcss since your current version.

Updates @typescript-eslint/parser from 8.54.0 to 8.59.2

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.59.2

8.59.2 (2026-05-04)

🩹 Fixes

• eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)
• eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
• rule-tester: add TypeScript as a peer dependency (#12288)

❤️ Thank You

• Dariusz Czajkowski
• Dima Barabash
• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)
• eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)
• eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)
• eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)
• eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

• anasm266 @​anasm266
• Anshika Jain @​Anshikakalpana
• Ulrich Stark
• yugo innami @​nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

• eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.59.2 (2026-05-04)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.1 (2026-04-27)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.0 (2026-04-20)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.2 (2026-04-13)

🩹 Fixes

• remove tsbuildinfo cache file from published packages (#12187)

❤️ Thank You

• Abhijeet Singh @​cseas

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.1 (2026-04-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

... (truncated)

Commits

• 2ec35f1 chore(release): publish 8.59.2
• 5245793 chore(release): publish 8.59.1
• ea9ae4f chore(release): publish 8.59.0
• 90c2803 chore(release): publish 8.58.2
• be6b49a fix: remove tsbuildinfo cache file from published packages (#12187)
• 5311ed3 chore(release): publish 8.58.1
• 4933417 chore(release): publish 8.58.0
• 8cde2d0 feat: support TypeScript 6 (#12124)
• be4d54d chore(release): publish 8.57.2
• c7c38aa chore(release): publish 8.57.1
• Additional commits viewable in compare view

Updates @typescript-eslint/types from 8.54.0 to 8.59.2

Release notes

Sourced from @​typescript-eslint/types's releases.

v8.59.2

8.59.2 (2026-05-04)

🩹 Fixes

• eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)
• eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
• rule-tester: add TypeScript as a peer dependency (#12288)

❤️ Thank You

• Dariusz Czajkowski
• Dima Barabash
• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)
• eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)
• eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)
• eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)
• eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

• anasm266 @​anasm266
• Anshika Jain @​Anshikakalpana
• Ulrich Stark
• yugo innami @​nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

• eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

... (truncated)

Changelog

Sourced from @​typescript-eslint/types's changelog.

8.59.2 (2026-05-04)

This was a version bump only for types to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.1 (2026-04-27)

This was a version bump only for types to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.0 (2026-04-20)

This was a version bump only for types to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.2 (2026-04-13)

🩹 Fixes

• remove tsbuildinfo cache file from published packages (#12187)

❤️ Thank You

• Abhijeet Singh @​cseas

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.1 (2026-04-08)

This was a version bump only for types to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

... (truncated)

Commits

• 2ec35f1 chore(release): publish 8.59.2
• 5245793 chore(release): publish 8.59.1
• ea9ae4f chore(release): publish 8.59.0
• 90c2803 chore(release): publish 8.58.2
• be6b49a fix: remove tsbuildinfo cache file from published packages (#12187)
• 5311ed3 chore(release): publish 8.58.1
• 4933417 chore(release): publish 8.58.0
• 8cde2d0 feat: support TypeScript 6 (#12124)
• be4d54d chore(release): publish 8.57.2
• c7c38aa chore(release): publish 8.57.1
• Additional commits viewable in compare view

Updates agent-browser from 0.8.4 to 0.27.0

Release notes

Sourced from agent-browser's releases.

agent-browser@0.23.2

Patch Changes

• 3c942e2: ### New Features

  • Dashboard session creation - Sessions can now be created directly from the dashboard UI. A new session dialog provides a unified selector grid for local engines (Chrome, Lightpanda) and cloud providers (Browserbase, Browserless, Browser Use, Kernel) with async creation, loading state, and error display (#1092)
  • Dashboard provider icons - The session sidebar now shows the provider or engine icon for each session, making it easy to identify which backend a session is using (#1092)

  Bug Fixes

  • Fixed Browser Use provider using an intermediate API call instead of connecting directly via WSS (wss://connect.browser-use.com), which caused connection failures (#1092)
  • Fixed Browserbase provider not sending an explicit JSON body and Content-Type header, causing session creation to fail (#1092)
  • Fixed provider navigation hanging because wait_for_lifecycle waited for page load events that remote providers may not emit. Navigation with --provider now automatically sets waitUntil=none (#1092)
  • Fixed remote CDP connections timing out by increasing the CDP connect timeout from 10s to 25s for cloud providers (#1092)
  • Fixed zombie daemon processes not being cleaned up when a provider connection fails during session creation from the dashboard (#1092)

agent-browser@0.23.1

Patch Changes

• fbcab37: ### New Features

  • Auto-dismissal for alert and beforeunload dialogs - JavaScript alert() and beforeunload dialogs are now automatically accepted to prevent the agent from blocking indefinitely. confirm and prompt dialogs still require explicit dialog accept/dismiss commands. Disable with --no-auto-dialog flag or AGENT_BROWSER_NO_AUTO_DIALOG environment variable (#1075)
  • Puppeteer browser cache fallback - Chrome discovery now searches ~/.cache/puppeteer/chrome/ (or PUPPETEER_CACHE_DIR) for Chrome binaries, so users with an existing Puppeteer installation can use agent-browser without a separate install step (#1088)
  • Console output improvements - console.log of objects now shows the actual object preview (e.g. {userId: "abc", count: 42}) instead of "Object". JSON output includes a raw args array for programmatic access (#1040)

  Bug Fixes

  • Fixed same-document navigation (e.g. SPA hash routing) hanging forever because wait_for_lifecycle waited for a Page.loadEventFired that never fires on same-document navigations (#1059)
  • Fixed save_state only capturing cookies and localStorage for the current origin, silently dropping cross-domain data (e.g. SSO/CAS auth cookies). Now uses Network.getAllCookies and collects localStorage from all visited origins (#1064)
  • Fixed externally opened tabs not appearing in tab list when using --cdp mode. Tabs opened by the user or another CDP client are now detected and tracked (#1042)
  • Fixed dashboard server not picking up installed files without a restart. dashboard install now takes effect immediately on a running server (#1066)
  • Fixed Windows Chrome extraction failing because zip path normalization used forward slashes while the extraction code expected backslashes (#1088)

agent-browser@0.23.0

Minor Changes

• 0f0f300: ### New Features

  • Observability dashboard - Added a local web UI (dashboard) that shows live browser viewports, command activity feeds, console output, network requests, storage, and extensions for all sessions. Manage it with dashboard start, dashboard stop, and dashboard install. The dashboard runs as a standalone background process and all sessions stream to it automatically (#1034)
  • Runtime stream management - Added stream enable, stream disable, and stream status commands to control WebSocket streaming at runtime. Streaming is now always enabled by default; AGENT_BROWSER_STREAM_PORT overrides the port instead of toggling the feature (#951)
  • Close all sessions - Added close --all flag to close every active browser session at once

  Bug Fixes

  • Fixed Lightpanda engine compatibility (#1050)
  • Fixed Windows daemon TCP bind failing when Hyper-V reserves the port by falling back to an OS-assigned port and writing it to a .port file (#1041)
  • Fixed Windows dashboard relay using Unix socket instead of TCP (#1038)
  • Fixed radio/checkbox elements being dropped from compact snapshot tree because the ref= check required a leading [ that those elements lack (#1008)

Changelog

Sourced from agent-browser's changelog.

0.27.0

New Features

• React introspection - First-class React DevTools integration with new react tree, react inspect <fiberId>, react renders start|stop, and react suspense commands for full component-tree visibility, per-fiber props/hooks/state inspection, render profiling with mount/re-render counts and change details, and Suspense boundary classification with root-cause grouping and recommendations. React DevTools hook is vendored (MIT) and embedded in the binary with zero runtime dependencies (#1257)
• Web Vitals - New vitals [url] command that reports Core Web Vitals (LCP, CLS, TTFB, FCP, INP) plus React hydration phases for any page (#1257)
• SPA navigation - New pushstate <url> command for client-side SPA navigations without a full page load (#1257)
• Init scripts and feature flags - New --init-script <path> flag (repeatable; env AGENT_BROWSER_INIT_SCRIPTS) to register scripts before first navigation, and --enable <feature> flag (repeatable; env AGENT_BROWSER_ENABLE) for built-in init scripts such as react-devtools (#1257)
• Network route resource type filter - network route now accepts --resource-type <csv> to filter intercepted requests by CDP resource type (#1257)
• cURL cookie import - cookies set --curl <file> auto-detects JSON, cURL, and Cookie-header formats for bulk cookie import (#1257)
• Dashboard proxy support - The observability dashboard now works from proxied origins via a same-origin proxy, enabling deployment behind reverse proxies and path-based routing (#1111)

Bug Fixes

• Fixed doctor command generating duplicate check ids when called multiple times in the same process (#1330)

Infrastructure

• Switched npm publishing to trusted publishing via GitHub Actions OIDC, removing the need for manually managed npm tokens (#1273)

Contributors

• @​ctate
• @​quuu
• @​shaper
• @​ThomasK33

0.26.0

New Features

• doctor command - Added agent-browser doctor for one-shot diagnosis of an install. Checks environment, Chrome, running daemons, config files, security, providers, and network connectivity; auto-cleans stale daemon sidecar files on every run; and performs a live headless launch test. Supports --offline to skip network probes, --quick to skip the launch test, --fix for opt-in repairs (install missing Chrome, close version-mismatched daemons, prune expired state files), and --json for structured output (

[dependabot]

Assignees

The following users could not be added as assignees: aicodingstack/maintainers. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.