build(deps): bump the minor-and-patch group across 1 directory with 6 updates

[dependabot]

Bumps the minor-and-patch group with 6 updates in the / directory:

Package	From	To
@anthropic-ai/sdk	0.39.0	0.95.1
@slack/bolt	4.6.0	4.7.2
@slack/web-api	7.14.1	7.15.2
tailwind-merge	3.5.0	3.6.0
autoprefixer	10.4.24	10.5.0
postcss	8.5.6	8.5.14

Updates @anthropic-ai/sdk from 0.39.0 to 0.95.1

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.95.1

0.95.1 (2026-05-07)

Full Changelog: sdk-v0.95.0...sdk-v0.95.1

Chores

• redact api-key headers in debug logs (fad8fee)

sdk: v0.95.0

0.95.0 (2026-05-06)

Full Changelog: sdk-v0.94.0...sdk-v0.95.0

Features

• api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (e0c0e9b)

Bug Fixes

• api: Adjust webhook configuration (deed3f6)

sdk: v0.94.0

0.94.0 (2026-05-05)

Full Changelog: sdk-v0.93.0...sdk-v0.94.0

Features

• client: allow targeting a workspace for OIDC federation token exchange (bde6620)

sdk: v0.93.0

0.93.0 (2026-05-04)

Full Changelog: sdk-v0.92.0...sdk-v0.93.0

Features

• client: add Workload Identity Federation, interactive OAuth, and auth profiles (d5d6abd)

sdk: v0.92.0

0.92.0 (2026-04-30)

Full Changelog: sdk-v0.91.1...sdk-v0.92.0

Features

• api: improve Managed Agents APIs (ca1bf4a)
• support setting headers via env (32f67d4)

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.95.1 (2026-05-07)

Full Changelog: sdk-v0.95.0...sdk-v0.95.1

Chores

• redact api-key headers in debug logs (fad8fee)

0.95.0 (2026-05-06)

Full Changelog: sdk-v0.94.0...sdk-v0.95.0

Features

• api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (e0c0e9b)

Bug Fixes

• api: Adjust webhook configuration (deed3f6)

0.94.0 (2026-05-05)

Full Changelog: sdk-v0.93.0...sdk-v0.94.0

Features

• client: allow targeting a workspace for OIDC federation token exchange (bde6620)

0.93.0 (2026-05-04)

Full Changelog: sdk-v0.92.0...sdk-v0.93.0

Features

• client: add Workload Identity Federation, interactive OAuth, and auth profiles (d5d6abd)

0.92.0 (2026-04-30)

Full Changelog: sdk-v0.91.1...sdk-v0.92.0

Features

• api: improve Managed Agents APIs (ca1bf4a)
• support setting headers via env (32f67d4)

Bug Fixes

• bedrock: throw APIError for error events delivered in chunk frames (#1021) (3ae887b)

... (truncated)

Commits

• e6f4239 chore: release main
• 6f06905 chore: redact api-key headers in debug logs
• 7693ec9 chore: release main (#1030)
• 9ddb1ad chore: release main
• 6d73820 feat(client): allow targeting a workspace for OIDC federation token exchange
• d6f562c chore: release main (#1025)
• d3aff28 chore: release main (#1017)
• 3ae887b fix(bedrock): throw APIError for error events delivered in chunk frames (#1021)
• 74ac150 chore: release main (#1014)
• 22cb810 chore: release main (#1008)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by packy-anthropic, a new releaser for @​anthropic-ai/sdk since your current version.

Updates @slack/bolt from 4.6.0 to 4.7.2

Release notes

Sourced from @​slack/bolt's releases.

@​slack/bolt@​4.7.0

What's Changed

Bring magic to a conversation with sayStream for streaming messages and show loading status with setStatus. Now available for app.event and app.message listeners:

app.event('app_mention', async ({ sayStream, setStatus }) => {
  setStatus({
    status: 'Thinking...',
    loading_messages: ['Waking up...', 'Loading a witty response...'],
  });
  const stream = sayStream({ buffer_size: 100 });
  await stream.append({ markdown_text: 'Thinking... :thinking_face:\n\n' });
  await stream.append({ markdown_text: 'Here is my response!' });
  await stream.stop();
});

The respond function now accepts thread_ts to publish responses in a thread:

app.action('my_action', async ({ ack, respond }) => {
  await ack();
  await respond({ text: 'Replying in thread!', thread_ts: '1234567890.123456' });
});

Configure ping timeouts, reconnect behavior, and other Socket Mode settings directly through App options:

const app = new App({
  socketMode: true,
  appToken: process.env.SLACK_APP_TOKEN,
  token: process.env.SLACK_BOT_TOKEN,
  clientPingTimeout: 15000,
  serverPingTimeout: 60000,
  pingPongLoggingEnabled: true,
});

👾 Enhancements

• feat: add support for sayStream listener argument in #2841 - Thanks @​WilliamBergamin!
• feat: surface the setStatus argument to listeners if required event details are available in #2843 - Thanks @​WilliamBergamin!
• Add thread_ts to RespondFn type in #2732 - Thanks @​misscoded!
• feat(SocketModeReceiver): expose Socket Mode timeout and reconnect options in #2786 - Thanks @​shivasymbl!
• Enable esModuleInterop in tsconfig in #2719 - Thanks @​misscoded!

🐛 Fixes

... (truncated)

Changelog

Sourced from @​slack/bolt's changelog.

4.7.2

Patch Changes

• 4545150: Require exact ssl_check=1 value to bypass signature verification, preventing truthy but incorrect values from skipping authentication checks.

4.7.1

Patch Changes

• a18c359: fix: correct InvalidCustomPropertyError code and MemoryStore promise handling

Commits

• 81b2b3e chore: release (#2901)
• 4545150 fix: require exact ssl_check=1 value to bypass signature verification (#2899)
• 8318ca5 chore(deps): bump @​slack/socket-mode from 2.0.6 to 2.0.7 (#2900)
• e23efe8 fix: strip smuggled payload from ssl_check requests (#2898)
• ad576a1 ci: upload codecov coverage from Node.js 24.x (#2896)
• a5135ba ci: skip publish step if no release is needed (#2894)
• a24cf85 ci: auto-approve dependabot PRs for example project dependencies (#2893)
• e896807 chore(deps): update @​slack/bolt requirement from ^4.7.0 to ^4.7.1 in /example...
• 7432ca0 chore(deps): update @​slack/bolt requirement from ^4.7.0 to ^4.7.1 in /example...
• 7c61c15 chore(deps): update @​slack/bolt requirement from ^4.7.0 to ^4.7.1 in /example...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​slack/bolt since your current version.

Updates @slack/web-api from 7.14.1 to 7.15.2

Release notes

Sourced from @​slack/web-api's releases.

@​slack/web-api@​7.15.2

Patch Changes

• 4b6fe3a: feat: add authorship arguments - icon_emoji, icon_url, and username - to the assistant.threads.setStatus and chat.startStream methods
• Updated dependencies [4f03ee8]
  • @​slack/types@​2.21.0

@​slack/web-api@​7.15.1

Patch Changes

• 3a9c444: build(deps): bump minimum axios version to 1.15.0
• 175dcb8: Fix user-agent header to URI-encode characters outside the Latin-1 range, preventing errors when process.title contains non-ASCII characters

@​slack/web-api@​7.15.0

Minor Changes

• 75649f4: feat: add support for apps.user.connection.update

Patch Changes

• b8d922f: build: add support for node 24
• Updated dependencies [b8d922f]
• Updated dependencies [b8d922f]
  • @​slack/logger@​4.0.1
  • @​slack/types@​2.20.1

Commits

• fde2a7a chore: release (#2577)
• 4b6fe3a feat(web-api): add authorship arguments to assistant threads and chat stream ...
• f5696c3 cli-test(fix): wait for cli run start trace instead of activity output (#2355)
• 11dd0f5 feat(types): add Card, Carousel, and Alert block types (#2567)
• 4f03ee8 feat(types): add Card, Carousel, and Alert block types (#2567)
• a5a2954 chore(deps): bump slackapi/slack-github-action from 3.0.1 to 3.0.3 (#2574)
• 14f98c9 chore(deps): bump dependabot/fetch-metadata from 3.0.0 to 3.1.0 (#2575)
• b8b88cb chore(deps): bump uuid from 13.0.1 to 14.0.0 in /examples/openid-connect (#2576)
• ea8998b chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#2573)
• 4af912d ci: simplify test scripts and separate coverage from test runs (#2566)
• Additional commits viewable in compare view

Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

• Add support for Tailwind CSS v4.3 by @​dcastil in dcastil/tailwind-merge#677
  • Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries
• Add support for readonly array values by @​unional in dcastil/tailwind-merge#652

Documentation

• Fix broken links in README by @​maurer2 in dcastil/tailwind-merge#662

Other

• Harden internal CI pipeline security by omitting git checkout by @​dcastil, suggested by @​kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph, @​mike-healy and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• d54f7e5 v3.6.0
• 638871a Update README to add info about Tailwind CSS v4.3 support
• 39fc7b5 Revert "v3.6.0"
• bd8390f v3.6.0
• 802877c add v3.6.0 changelog
• a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
• 940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
• 005af6d pin to specific version
• 5816ced implement breaking changes
• 17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
• Additional commits viewable in compare view

Updates autoprefixer from 10.4.24 to 10.5.0

Release notes

Sourced from autoprefixer's releases.

10.5.0 “Each Endeavouring, All Achieving”

• Added mask-position-x and mask-position-y support (by @​toporek).

10.4.27

• Removed development key from package.json.

10.4.26

• Reduced package size.

10.4.25

• Fixed broken gradients on CSS Custom Properties (by @​serger777).

Changelog

Sourced from autoprefixer's changelog.

10.5.0 “Each Endeavouring, All Achieving”

• Added mask-position-x and mask-position-y support (by @​toporek).

10.4.27

• Removed development key from package.json.

10.4.26

• Reduced package size.

10.4.25

• Fixed broken gradients on CSS Custom Properties (by @​serger777).

Commits

• faf456a Release 10.5 version
• b841fc5 Update dependencies
• 47d6e68 Update email
• 45cfc08 Replace ESLint and Prettier to oxlint and oxfmt
• 7e3ec7d Add prefixing support for mask-position-x and mask-position-y (#1548)
• 360f2d9 Release 10.4.27 version
• ab5260c Update clean-publish
• 09e9dd1 Release 10.4.26 version
• ec75540 Ignore local patches
• 59601b8 Update c8 and clean-publish
• Additional commits viewable in compare view

Updates postcss from 8.5.6 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

• 3ec1394 Release 8.5.14 version
• f2bb827 Update dependencies
• d75953d Merge pull request #2084 from 43081j/raw-raws-rawing
• 68bd213 fix: always call raw to retrieve raw values
• af58cf1 Release 8.5.13 version
• f227dbd Temporary ignore pnpm 11 config
• d3abd40 Update dependencies
• dd06c3e Revert stringifier changes because of the conflict with postcss-scss
• ae889c8 Try to fix CI
• e0093e4 Move to pnpm 11
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions