Skip to content

Bump the inkeep-agents group across 1 directory with 9 updates#3428

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/create-agents-template/inkeep-agents-8e73141cb3
Open

Bump the inkeep-agents group across 1 directory with 9 updates#3428
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/create-agents-template/inkeep-agents-8e73141cb3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the inkeep-agents group with 5 updates in the /create-agents-template directory:

Package From To
@inkeep/agents-core 0.59.4 0.80.2
@inkeep/agents-manage-ui 0.59.4 0.80.2
@inkeep/agents-sdk 0.59.4 0.80.2
@inkeep/agents-cli 0.59.4 0.80.2
@inkeep/agents-api 0.59.4 0.80.2

Updates @inkeep/agents-core from 0.59.4 to 0.80.2

Release notes

Sourced from @​inkeep/agents-core's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-core's changelog.

0.80.2

Patch Changes

  • ac3476b: Include Vercel-format message parts in conversation and feedback webhook payloads, matching the Get Conversation response

0.80.1

Patch Changes

  • d94d837: Add time-to-first-token (TTFT) telemetry. Records three interaction-level span attributes (inkeep.agent.time_to_first_model_token, time_to_first_visible_token, time_to_first_visible_part) on the request span for classic SSE and Vercel data-stream responses, graph-correctly across transfers and delegations.

0.80.0

Minor Changes

  • 11f7dad: Add agentName to outbound webhook event envelope

Patch Changes

  • 35000b5: Add optional startDate/endDate query filters to evaluation result routes; align feedback date filter params to ISO datetime format
  • d667b35: Fix MCP tool schemas being stripped of $ref/$defs, nested objects, unions, and enums. Tool input schemas are now converted via z.fromJSONSchema at ingestion (preserving the full structure for the model and validation), and the system prompt renders the full schema (resolving $ref, recursing nested objects/arrays, and showing enums and nullables) instead of a flattened one-level view.
  • 1ca58a3: Disable user-initiated organization creation via the auth API; organizations are provisioned through setup flows
  • c228447: ?conversationId= filter for slack webhook events

0.79.1

Patch Changes

  • 1f02799: Deliver classic (non-durable) tool approvals across server instances via a shared decision store, fixing approvals lost when the response lands on a different instance than the one running the agent

0.79.0

Minor Changes

  • 62616af: Security: scope the user-providers lookup to an organization, fixing a cross-tenant IDOR in POST /manage/api/users/providers. getUserProvidersFromDb now requires an organizationId and returns providers only for members of that org, so an org admin can no longer enumerate auth providers of users in other orgs.
  • 356084b: Outbound webhook destinations delivered via Slack Bot API

Patch Changes

  • 62616af: Normalize error responses: conversation-media errors now use the standard RFC-7807 envelope (code/title/status/detail) instead of bare {error}; evaluator create/update gives clear 'model/schema is required' messages and rejects non-object model/schema instead of a generic invalid_union dump

0.78.5

Patch Changes

  • 78594e9: Improve performance speed of evaluator results pages

0.78.4

... (truncated)

Commits

Updates @inkeep/agents-manage-ui from 0.59.4 to 0.80.2

Release notes

Sourced from @​inkeep/agents-manage-ui's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-manage-ui's changelog.

0.80.2

Patch Changes

  • f73615b: Widget view shown in traces
  • Updated dependencies [ac3476b]
    • @​inkeep/agents-core@​0.80.2

0.80.1

Patch Changes

  • d94d837: Fix time-to-first-token showing 0 ms in the conversation view. The trace lookup matched the wrong span because SigNoz returns 0 for numeric attributes a span lacks; now only a positive value counts as a present TTFT.
  • d94d837: Show time-to-first-token (TTFT) in the conversation trace view: a customer-facing first-token timing with a fast/moderate/slow band on the conversation detail, and model/visible-token/visible-part timings in the operator span panel.
  • d94d837: Fix inconsistent conversation trace timing. Anchor the user-message event at the request-arrival span start (matching the conversation list and TTFT) instead of a mid-handler timestamp, and stop labeling the user-message row with the whole-request span duration, so time-to-first-token, conversation duration, and the message event no longer contradict each other.
  • Updated dependencies [d94d837]
    • @​inkeep/agents-core@​0.80.1

0.80.0

Patch Changes

  • 888f8ee: Add user properties to UI and webhooks
  • 35000b5: Add optional startDate/endDate query filters to evaluation result routes; align feedback date filter params to ISO datetime format
  • b0d0011: Remove unneeded signoz query and timeline fetches
  • c228447: ?conversationId= filter for slack webhook events
  • Updated dependencies [35000b5]
  • Updated dependencies [d667b35]
  • Updated dependencies [1ca58a3]
  • Updated dependencies [11f7dad]
  • Updated dependencies [c228447]
    • @​inkeep/agents-core@​0.80.0

0.79.1

Patch Changes

  • Updated dependencies [1f02799]
    • @​inkeep/agents-core@​0.79.1

0.79.0

Minor Changes

  • 356084b: Outbound webhook destinations delivered via Slack Bot API

Patch Changes

  • Updated dependencies [62616af]
  • Updated dependencies [62616af]

... (truncated)

Commits

Updates @inkeep/agents-sdk from 0.59.4 to 0.80.2

Release notes

Sourced from @​inkeep/agents-sdk's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-sdk's changelog.

0.80.2

Patch Changes

  • Updated dependencies [ac3476b]
    • @​inkeep/agents-core@​0.80.2

0.80.1

Patch Changes

  • Updated dependencies [d94d837]
    • @​inkeep/agents-core@​0.80.1

0.80.0

Patch Changes

  • Updated dependencies [35000b5]
  • Updated dependencies [d667b35]
  • Updated dependencies [1ca58a3]
  • Updated dependencies [11f7dad]
  • Updated dependencies [c228447]
    • @​inkeep/agents-core@​0.80.0

0.79.1

Patch Changes

  • Updated dependencies [1f02799]
    • @​inkeep/agents-core@​0.79.1

0.79.0

Patch Changes

  • Updated dependencies [62616af]
  • Updated dependencies [62616af]
  • Updated dependencies [356084b]
    • @​inkeep/agents-core@​0.79.0

0.78.5

Patch Changes

  • Updated dependencies [78594e9]
    • @​inkeep/agents-core@​0.78.5

0.78.4

... (truncated)

Commits

Updates @inkeep/agents-cli from 0.59.4 to 0.80.2

Release notes

Sourced from @​inkeep/agents-cli's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-cli's changelog.

0.80.2

Patch Changes

  • Updated dependencies [ac3476b]
  • Updated dependencies [f73615b]
    • @​inkeep/agents-core@​0.80.2
    • @​inkeep/agents-manage-ui@​0.80.2
    • @​inkeep/agents-sdk@​0.80.2

0.80.1

Patch Changes

  • Updated dependencies [d94d837]
  • Updated dependencies [d94d837]
  • Updated dependencies [d94d837]
  • Updated dependencies [d94d837]
    • @​inkeep/agents-manage-ui@​0.80.1
    • @​inkeep/agents-core@​0.80.1
    • @​inkeep/agents-sdk@​0.80.1

0.80.0

Patch Changes

  • Updated dependencies [888f8ee]
  • Updated dependencies [35000b5]
  • Updated dependencies [d667b35]
  • Updated dependencies [1ca58a3]
  • Updated dependencies [b0d0011]
  • Updated dependencies [11f7dad]
  • Updated dependencies [c228447]
    • @​inkeep/agents-manage-ui@​0.80.0
    • @​inkeep/agents-core@​0.80.0
    • @​inkeep/agents-sdk@​0.80.0

0.79.1

Patch Changes

  • Updated dependencies [1f02799]
    • @​inkeep/agents-core@​0.79.1
    • @​inkeep/agents-manage-ui@​0.79.1
    • @​inkeep/agents-sdk@​0.79.1

0.79.0

Patch Changes

... (truncated)

Commits

Updates @inkeep/agents-api from 0.59.4 to 0.80.2

Release notes

Sourced from @​inkeep/agents-api's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-api's changelog.

0.80.2

Patch Changes

  • ac3476b: Include Vercel-format message parts in conversation and feedback webhook payloads, matching the Get Conversation response
  • f73615b: Widget view shown in traces
  • Updated dependencies [ac3476b]
    • @​inkeep/agents-core@​0.80.2
    • @​inkeep/agents-work-apps@​0.80.2
    • @​inkeep/agents-email@​0.80.2
    • @​inkeep/agents-mcp@​0.80.2

0.80.1

Patch Changes

  • f9d1483: Fix chat-to-edit turns erroring with "having some issues" after a successful tool call by reconciling unpaired tool calls on every generation step, not only when compression runs
  • d94d837: Add time-to-first-token (TTFT) telemetry. Records three interaction-level span attributes (inkeep.agent.time_to_first_model_token, time_to_first_visible_token, time_to_first_visible_part) on the request span for classic SSE and Vercel data-stream responses, graph-correctly across transfers and delegations.
  • Updated dependencies [d94d837]
    • @​inkeep/agents-core@​0.80.1
    • @​inkeep/agents-work-apps@​0.80.1
    • @​inkeep/agents-email@​0.80.1
    • @​inkeep/agents-mcp@​0.80.1

0.80.0

Minor Changes

  • 35000b5: Add optional startDate/endDate query filters to evaluation result routes; align feedback date filter params to ISO datetime format

Patch Changes

  • 888f8ee: Add user properties to UI and webhooks
  • 0f067b4: Allowlist sub-agent read/update tools referenced by the agent builder prompts
  • d667b35: Fix MCP tool schemas being stripped of $ref/$defs, nested objects, unions, and enums. Tool input schemas are now converted via z.fromJSONSchema at ingestion (preserving the full structure for the model and validation), and the system prompt renders the full schema (resolving $ref, recursing nested objects/arrays, and showing enums and nullables) instead of a flattened one-level view.
  • 953e70e: Fix intermittent 'Tool results are missing for tool calls' errors by reconciling tool-call/tool-result pairing in mid-generation compression output
  • b0d0011: Remove unneeded signoz query and timeline fetches
  • 11f7dad: Add agentName to outbound webhook event envelope
  • c228447: ?conversationId= filter for slack webhook events
  • Updated dependencies [35000b5]
  • Updated dependencies [d667b35]
  • Updated dependencies [1ca58a3]
  • Updated dependencies [11f7dad]
  • Updated dependencies [c228447]
    • @​inkeep/agents-core@​0.80.0
    • @​inkeep/agents-work-apps@​0.80.0
    • @​inkeep/agents-email@​0.80.0
    • @​inkeep/agents-mcp@​0.80.0

0.79.1

... (truncated)

Commits

Updates @inkeep/agents-email from 0.59.4 to 0.80.2

Release notes

Sourced from @​inkeep/agents-email's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-email's changelog.

0.80.2

0.80.1

0.80.0

0.79.1

0.79.0

0.78.5

0.78.4

0.78.3

0.78.2

0.78.1

0.78.0

0.77.1

0.77.0

0.76.0

0.75.4

0.75.3

0.75.2

0.75.1

0.75.0

0.74.4

0.74.3

0.74.2

0.74.1

0.74.0

0.73.5

... (truncated)

Commits

Updates @inkeep/agents-mcp from 0.59.4 to 0.80.2

Release notes

Sourced from @​inkeep/agents-mcp's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-mcp's changelog.

0.80.2

0.80.1

0.80.0

0.79.1

0.79.0

0.78.5

0.78.4

0.78.3

0.78.2

0.78.1

0.78.0

0.77.1

0.77.0

0.76.0

0.75.4

0.75.3

0.75.2

0.75.1

0.75.0

0.74.4

0.74.3

0.74.2

0.74.1

0.74.0

0.73.5

... (truncated)

Commits

Updates @inkeep/agents-ui from 0.15.20 to 0.17.6

Commits

Updates @inkeep/agents-work-apps from 0.59.4 to 0.80.2

Release notes

Sourced from @​inkeep/agents-work-apps's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the inkeep-agents group with 5 updates in the /create-agents-template directory:

| Package | From | To |
| --- | --- | --- |
| [@inkeep/agents-core](https://github.com/inkeep/agents/tree/HEAD/packages/agents-core) | `0.59.4` | `0.80.2` |
| [@inkeep/agents-manage-ui](https://github.com/inkeep/agents/tree/HEAD/agents-manage-ui) | `0.59.4` | `0.80.2` |
| [@inkeep/agents-sdk](https://github.com/inkeep/agents/tree/HEAD/packages/agents-sdk) | `0.59.4` | `0.80.2` |
| [@inkeep/agents-cli](https://github.com/inkeep/agents/tree/HEAD/agents-cli) | `0.59.4` | `0.80.2` |
| [@inkeep/agents-api](https://github.com/inkeep/agents/tree/HEAD/agents-api) | `0.59.4` | `0.80.2` |



Updates `@inkeep/agents-core` from 0.59.4 to 0.80.2
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/packages/agents-core/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/packages/agents-core)

Updates `@inkeep/agents-manage-ui` from 0.59.4 to 0.80.2
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/agents-manage-ui/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/agents-manage-ui)

Updates `@inkeep/agents-sdk` from 0.59.4 to 0.80.2
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/packages/agents-sdk/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/packages/agents-sdk)

Updates `@inkeep/agents-cli` from 0.59.4 to 0.80.2
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/agents-cli/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/agents-cli)

Updates `@inkeep/agents-api` from 0.59.4 to 0.80.2
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/agents-api/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/agents-api)

Updates `@inkeep/agents-email` from 0.59.4 to 0.80.2
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/packages/agents-email/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/packages/agents-email)

Updates `@inkeep/agents-mcp` from 0.59.4 to 0.80.2
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/packages/agents-mcp/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/packages/agents-mcp)

Updates `@inkeep/agents-ui` from 0.15.20 to 0.17.6
- [Commits](https://github.com/inkeep/agents-ui/commits/HEAD/packages/agents-ui)

Updates `@inkeep/agents-work-apps` from 0.59.4 to 0.80.2
- [Release notes](https://github.com/inkeep/agents/releases)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/packages/agents-workapps)

---
updated-dependencies:
- dependency-name: "@inkeep/agents-core"
  dependency-version: 0.80.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-manage-ui"
  dependency-version: 0.80.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-sdk"
  dependency-version: 0.80.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-cli"
  dependency-version: 0.80.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-api"
  dependency-version: 0.80.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-email"
  dependency-version: 0.80.2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-mcp"
  dependency-version: 0.80.2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-ui"
  dependency-version: 0.17.6
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-work-apps"
  dependency-version: 0.80.2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
@changeset-bot

changeset-bot Bot commented Jun 29, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: fca9540

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions

Copy link
Copy Markdown
Contributor

Thanks for the contribution! A maintainer will review and merge your PR. Your commit attribution is preserved as @dependabot[bot].

What happens next:

  • A maintainer will review your PR.
  • If you don't hear back within a few business days, please comment here to nudge — that's the right thing to do, not annoying.
  • When your change is accepted, this PR closes automatically. Don't be alarmed when it closes — that's how it merges.

This comment will be updated as the status changes.

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Added@​inkeep/​agents-manage-ui@​0.80.2321009610090
Added@​inkeep/​agents-cli@​0.80.2731008710090
Added@​inkeep/​agents-api@​0.80.2791007610090
Added@​inkeep/​agents-core@​0.80.28110010010090
Added@​inkeep/​agents-sdk@​0.80.28610010010090

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Potentially malicious package (AI signal): npm @inkeep/agents-manage-ui is 70.0% likely malicious

Notes: This code fragment contains a critical security anomaly: it can fetch and inject remote SVG content and then execute inline scripts extracted from that SVG using Function(scriptText)(window) when allowed. It also uses innerHTML/dangerouslySetInnerHTML in the SVG/widget rendering path. If an attacker can control the SVG URL/content or if evalScripts is enabled unsafely, this becomes full arbitrary JavaScript execution (XSS/RCE) in the browser. While the AI gateway portions primarily perform authenticated network calls and streaming parsing, the overall security risk is dominated by the explicit script-execution SVG injection capability.

Confidence: 0.70

Severity: 1.00

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is AI-detected potential malware?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Given the AI system's identification of this package as malware, extreme caution is advised. It is recommended to avoid downloading or installing this package until the threat is confirmed or flagged as a false positive.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Potentially malicious package (AI signal): npm @inkeep/agents-manage-ui is 74.0% likely malicious

Notes: The fragment is primarily an AI gateway client plus UI utilities, but it contains a critical, explicit arbitrary-code-execution capability in its SVG injection subsystem: fetched SVG <script> contents are extracted and executed via Function(scriptText)(window) when enabled. This is a high-risk supply-chain/UI injection primitive because attacker-controlled SVG URLs/content can lead to full script execution in the page context. Secondary concerns include additional DOM injection sinks (dangerouslySetInnerHTML/innerHTML) and outbound network egress of bearer-token-authenticated requests containing base64-encoded file data.

Confidence: 0.74

Severity: 0.95

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is AI-detected potential malware?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Given the AI system's identification of this package as malware, extreme caution is advised. It is recommended to avoid downloading or installing this package until the threat is confirmed or flagged as a false positive.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.80.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.80.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @sentry/node-core is 60.0% likely obfuscated

Confidence: 0.60

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-manage-ui@0.80.2npm/@sentry/node-core@10.62.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/node-core@10.62.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm date-fns is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-manage-ui@0.80.2npm/date-fns@4.4.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/date-fns@4.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm drizzle-orm is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-api@0.80.2npm/drizzle-orm@0.45.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/drizzle-orm@0.45.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm es-abstract is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-core@0.80.2npm/@inkeep/agents-api@0.80.2npm/es-abstract@1.24.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.24.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm hash-wasm is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-manage-ui@0.80.2npm/hash-wasm@4.12.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hash-wasm@4.12.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

See 7 more rows in the dashboard

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants