chore(deps): bump the npm-minor-patch group with 3 updates

[dependabot]

Bumps the npm-minor-patch group with 3 updates: @modelcontextprotocol/sdk, @types/node and remotion.

Updates @modelcontextprotocol/sdk from 1.28.0 to 1.29.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

• fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @​felixweinberger in modelcontextprotocol/typescript-sdk#1749
• [v1.x] fix: disallow null (infinite) requested TTL by @​LucaButBoring in modelcontextprotocol/typescript-sdk#1339
• [v1.x] fix: add missing size field to ResourceSchema by @​olaservo in modelcontextprotocol/typescript-sdk#1575
• Add typings exports by @​tdraier in modelcontextprotocol/typescript-sdk#1623
• v1.x npm audit fix by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1780
• v1.x #1623 follow up -add missing types to package.json by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1773
• [v1.x backport] Allow servers / clients to advertise extensions in the capability object by @​localden in modelcontextprotocol/typescript-sdk#1811
• fix(stdio): always set windowsHide on Windows, not just in Electron by @​jnMetaCode in modelcontextprotocol/typescript-sdk#1640
• chore: bump version to 1.29.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1820

New Contributors

• @​tdraier made their first contribution in modelcontextprotocol/typescript-sdk#1623
• @​jnMetaCode made their first contribution in modelcontextprotocol/typescript-sdk#1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

Commits

• e12cbd7 chore: bump version to 1.29.0 (#1820)
• 3913fd4 fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)
• 5608e78 [v1.x backport] Allow servers / clients to advertise extensions in the capabi...
• 7213816 v1.x #1623 follow up -add missing types to package.json (#1773)
• 364f38c v1.x npm audit fix (#1780)
• c95cc09 Add typings exports (#1623)
• ddadaa6 [v1.x] fix: add missing size field to ResourceSchema (#1575)
• 2a15851 [v1.x] fix: disallow null (infinite) requested TTL (#1339)
• 13e30f1 fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)
• See full diff in compare view

Updates @types/node from 25.5.0 to 25.5.2

Commits

• See full diff in compare view

Updates remotion from 4.0.441 to 4.0.445

Release notes

Sourced from remotion's releases.

v4.0.445

What's Changed

• @remotion/studio: Add pinch-to-zoom on timeline by @​JonnyBurger in remotion-dev/remotion#6972
• @remotion/studio-server: Fix saving default props by @​JonnyBurger in remotion-dev/remotion#6982

Full Changelog: remotion-dev/remotion@v4.0.444...v4.0.445

v4.0.444

What's Changed

• remotion: Fix media duration calculation with playbackRate by @​JonnyBurger in remotion-dev/remotion#6961
• @remotion/bundler: Bump loader-utils to 2.0.4 by @​JonnyBurger in remotion-dev/remotion#6980
• @remotion/cloudrun: Add type safety to stream variables by @​bhaktofmahakal in remotion-dev/remotion#6964
• @remotion/player: Fix typo - rename persistance to persistence by @​bhaktofmahakal in remotion-dev/remotion#6975
• @remotion/serverless-client: Fix cost estimate increasing after fatal error by @​JonnyBurger in remotion-dev/remotion#6959
• @remotion/studio: Fix JSON editor error state being immediately cleared by @​JonnyBurger in remotion-dev/remotion#6956
• @remotion/studio: Better handling when you forgot to wrap an asset in staticFile() by @​JonnyBurger in remotion-dev/remotion#6958
• @remotion/studio: 10MB LRU cache for timeline video frames by @​JonnyBurger in remotion-dev/remotion#6960
• @remotion/studio: Errors inside composition don't go fullscreen anymore by @​JonnyBurger in remotion-dev/remotion#6962
• @remotion/studio: Allow copying stack trace in error overlay by @​bugscreater in remotion-dev/remotion#6966
• @remotion/studio: Accept z.discriminatedUnion() as top-level composition schema by @​JonnyBurger in remotion-dev/remotion#6977
• @remotion/web-renderer: Validate container and codec for transparent videos by @​JonnyBurger in remotion-dev/remotion#6955

Templates

• Electron: Bump electron from 40.8.0 to 40.8.4 by @​app/dependabot in remotion-dev/remotion#6969
• Electron: Bump electron from 40.8.4 to 40.8.5 by @​app/dependabot in remotion-dev/remotion#6978

Docs

• Add Hai Nguyen to experts page by @​haingt-dev in remotion-dev/remotion#6963

Internal

• Teach AI how it can look at the output by @​JonnyBurger in remotion-dev/remotion#6971
• Upgrade Turborepo to 2.9.3 by @​JonnyBurger in remotion-dev/remotion#6981

Full Changelog: remotion-dev/remotion@v4.0.443...v4.0.444

v4.0.443

What's Changed

• @remotion/elevenlabs: Add package for converting ElevenLabs output to captions by @​tiwariaayu in remotion-dev/remotion#6930
• remotion: Make <Series> a <Sequence> with layout="none" by @​JonnyBurger in remotion-dev/remotion#6952
• @remotion/transitions: Fix stack traces by avoiding exports mutation by @​JonnyBurger in remotion-dev/remotion@65ed44f845
• @remotion/studio: Show audio waveform in video timeline layers by @​JonnyBurger in remotion-dev/remotion#6949
• @remotion/studio: Fix 1px gaps between timeline video thumbnails by @​JonnyBurger in remotion-dev/remotion#6948
• @remotion/studio: Fix sequence props watcher warning on scrub by @​JonnyBurger in remotion-dev/remotion#6947
• @remotion/studio: Broaden rotation regex to accept all CSS number forms by @​app/pullfrog in remotion-dev/remotion#6946
• @remotion/studio: Parse rotation values directly to preserve angles beyond 360° by @​JonnyBurger in remotion-dev/remotion#6943
• @remotion/studio: Add stack traces to Composition and improve menu bar by @​JonnyBurger in remotion-dev/remotion#6950
• @remotion/studio-server: Cache AST node paths to survive stale source maps by @​JonnyBurger in remotion-dev/remotion#6942
• @remotion/design: Remove box-content from Switch inner element by @​JonnyBurger in remotion-dev/remotion#6941

Docs

... (truncated)

Commits

• cae0c7e v4.0.445
• bcf39b0 Merge pull request #6982 from remotion-dev/fix-default-props-visitor-4oc
• 688fe29 @​remotion/studio-server: Fix getCompositionDefaultPropsLine ast-types visitor
• 5e0e674 Merge pull request #6972 from remotion-dev/studio/timeline-pinch-zoom
• f9b9a9f v4.0.444
• e3ddeea @​remotion/studio: Timeline pinch zoom, anchorContentX, and playhead layout sync
• 084e78f @remotion/studio: allow copying stack trace in error overlay (#6966)
• f5c224e @​remotion/studio: Fix timeline pinch zoom sensitivity and anchor anchoring
• 2f5569d Merge branch 'main' into studio/timeline-pinch-zoom
• 11cca54 Merge pull request #6979 from remotion-dev/studio/delete-jsx-node-api
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 7569b42.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@modelcontextprotocol/sdk	1.29.0	Unknown	Unknown
npm/@types/node	25.5.2	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed

Scanned Files

• package-lock.json