chore(deps): bump the compatible group with 6 updates

[dependabot]

Bumps the compatible group with 6 updates:

Package	From	To
@langchain/core	1.1.36	1.1.38
@modelcontextprotocol/sdk	1.28.0	1.29.0
dotenv	17.3.1	17.4.0
turndown	7.2.2	7.2.3
@types/node	25.5.0	25.5.2
ts-jest	29.4.6	29.4.9

Updates @langchain/core from 1.1.36 to 1.1.38

Release notes

Sourced from @​langchain/core's releases.

@​langchain/core@​1.1.38

Patch Changes

• #10552 589ab9b Thanks @​christian-bromann! - fix(langchain): accept cross-version runnable models in createAgent

@​langchain/core@​1.1.37

Patch Changes

• #10511 6933769 Thanks @​hntrl! - cache Zod-to-JSON-Schema conversions in toJsonSchema()

• #10541 50d5f32 Thanks @​jacoblee93! - revert: Revert "feat(core): Add all chat model/llm invocation params to metadata"

• #10509 5552999 Thanks @​hntrl! - feat(openai): add support for phase parameter on Responses API messages

  • Extract phase from message output items and surface it on text content blocks
  • Support phase in streaming via response.output_item.added events
  • Round-trip phase through both raw provider and standard content paths
  • Move phase into extras dict in the core standard content translator

• #10528 8331833 Thanks @​christian-bromann! - fix(core): normalize single-block content in mergeContent

Commits

• 6b914bc chore: version packages (#10553)
• 7ed93b8 fix(langchain): allow dynamic tools in wrapModelCall with wrapToolCall (#10543)
• 9270c48 fix(openai): preserve reasoning_content in ChatOpenAICompletions (#10551)
• f548053 fix(langchain): bump langgraph dep (#10555)
• 11a295f fix(langchain): add support for dynamic structured output (#10554)
• 589ab9b fix(langchain): accept cross-version runnable models in createAgent (#10552)
• cd86fea fix: implement tool choice required on anthropic (#10519)
• b57760c chore: version packages (#10516)
• 6e2d29e tests(@​langchain/google): Lyria 3 (#10522)
• 68e0a19 fix(langchain): revert zod import in utils.ts to fix v3/v4 interop (#10545)
• Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.28.0 to 1.29.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

• fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @​felixweinberger in modelcontextprotocol/typescript-sdk#1749
• [v1.x] fix: disallow null (infinite) requested TTL by @​LucaButBoring in modelcontextprotocol/typescript-sdk#1339
• [v1.x] fix: add missing size field to ResourceSchema by @​olaservo in modelcontextprotocol/typescript-sdk#1575
• Add typings exports by @​tdraier in modelcontextprotocol/typescript-sdk#1623
• v1.x npm audit fix by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1780
• v1.x #1623 follow up -add missing types to package.json by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1773
• [v1.x backport] Allow servers / clients to advertise extensions in the capability object by @​localden in modelcontextprotocol/typescript-sdk#1811
• fix(stdio): always set windowsHide on Windows, not just in Electron by @​jnMetaCode in modelcontextprotocol/typescript-sdk#1640
• chore: bump version to 1.29.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1820

New Contributors

• @​tdraier made their first contribution in modelcontextprotocol/typescript-sdk#1623
• @​jnMetaCode made their first contribution in modelcontextprotocol/typescript-sdk#1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

Commits

• e12cbd7 chore: bump version to 1.29.0 (#1820)
• 3913fd4 fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)
• 5608e78 [v1.x backport] Allow servers / clients to advertise extensions in the capabi...
• 7213816 v1.x #1623 follow up -add missing types to package.json (#1773)
• 364f38c v1.x npm audit fix (#1780)
• c95cc09 Add typings exports (#1623)
• ddadaa6 [v1.x] fix: add missing size field to ResourceSchema (#1575)
• 2a15851 [v1.x] fix: disallow null (infinite) requested TTL (#1339)
• 13e30f1 fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)
• See full diff in compare view

Updates dotenv from 17.3.1 to 17.4.0

Changelog

Sourced from dotenv's changelog.

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

Commits

• a2e31d6 17.4.0
• 4f041ee changelog 🪵
• bab8b98 README
• 516d47e update
• ce9b98f adjust quickstart
• d3a9065 update links
• 9a3f955 add banner
• d35b6a9 clean up
• a115e3a remove version
• 185e641 hide as2 for now - very early beta
• Additional commits viewable in compare view

Updates turndown from 7.2.2 to 7.2.3

Release notes

Sourced from turndown's releases.

v7.2.3

• Merge pull request #521 from mixmark-io/dependabot/npm_and_yarn/flatted-3.4.2 3cb11bd
• Bump flatted from 3.4.1 to 3.4.2 20bd64e
• Merge pull request #520 from pavelhoral/remove-browserify 0a6d298
• Replace Browserify with RollupJS build 54123af
• Merge pull request #519 from pavelhoral/upgrade-deps 8c2055e
• Merge pull request #477 from za3k/demo-link a1bb94a
• Add Babel transpilation step so that the output stays the same fc21b5f
• Upgrade standard linter and fix connected issues c1e9141
• Merge pull request #518 from pavelhoral/upgrade-deps 88ebe7c
• Upgrade dependencies 5337d5b
• Merge pull request #515 from Corion/master 01b35ad
• Normalize linebreaks within PRE elements ae008ec
• Merge pull request #511 from vicb/vicb/up-rollup 162ef46
• Bump rollup f82dcaa
• Merge pull request #517 from pavelhoral/fix-link-destination 1986fd3
• Fix escaping link destination with spaces ce16479
• Merge pull request #474 from orchitech/fix-image-links a22e6dc
• Properly escape inline link and image attributes. Fix #473. ea45ddd
• Add demo link b6874f7

---

mixmark-io/turndown@v7.2.2...v7.2.3

Commits

• 0c9954b 7.2.3
• 3cb11bd Merge pull request #521 from mixmark-io/dependabot/npm_and_yarn/flatted-3.4.2
• 20bd64e Bump flatted from 3.4.1 to 3.4.2
• 0a6d298 Merge pull request #520 from pavelhoral/remove-browserify
• 54123af Replace Browserify with RollupJS build
• 8c2055e Merge pull request #519 from pavelhoral/upgrade-deps
• a1bb94a Merge pull request #477 from za3k/demo-link
• fc21b5f Add Babel transpilation step so that the output stays the same
• c1e9141 Upgrade standard linter and fix connected issues
• 88ebe7c Merge pull request #518 from pavelhoral/upgrade-deps
• Additional commits viewable in compare view

Updates @types/node from 25.5.0 to 25.5.2

Commits

• See full diff in compare view

Updates ts-jest from 29.4.6 to 29.4.9

Release notes

Sourced from ts-jest's releases.

v29.4.9

Please refer to CHANGELOG.md for details.

v29.4.8

No release notes provided.

v29.4.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.7 (2026-04-01)

Features

• support TypeScript v6 (eda517d)

Commits

• bac2e77 chore(release): bump version to 29.4.9
• f8a9cc9 fix: use correct registry for npm OIDC trusted publishing
• e2eec26 fix: npm permissions
• 263f2ac chore: remove npm auth token
• 5df0e45 OIDC
• f82c144 Merge pull request #5250 from kulshekhar/copilot/bump-patch-version
• e6ec5ae Update CHANGELOG.md
• 62c3199 Update CHANGELOG.md
• 052e751 Bump patch version to 29.4.7
• f79e77b Merge pull request #5249 from ext/feature/ts6-peer
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for ts-jest since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions