Skip to content

build(deps): bump mastra from 0.13.4 to 0.18.6 #1100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump mastra from 0.13.4 to 0.18.6 #1100

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 6, 2025
edited
Loading

Bumps mastra from 0.13.4 to 0.18.6.

Release notes

Sourced from mastra's releases.

2025-09-23

Mastra Release - 2025-09-23

Agents

  • Bugs related to agent type handling. #8072
  • An error related to the tripwire controller being closed prematurely. #8099
  • The type system for agent output options by introducing a single OUTPUT generic, ensuring mutual exclusivity between 'output' and 'structuredOutput', improving type inference and safety, and laying the groundwork for future structured output streaming. #7969
  • Agent instructions to support full SystemMessage types, enabling more flexible and structured instruction formats, updates related functions for compatibility, and adds comprehensive tests. #7987

Deployer

  • Configure the project root to support private packages in the build bundle process. #8004
  • New APIs to update and reorder models in the list, adding model fallback methods to both the server deployer and the client JS, along with corresponding tests. #7378

Developer Tools & UI

  • The codebase by removing all usage of SWR and replacing it with TanStack Query. #7931
  • The code to compute links from a provider instead of passing them through props, improving configuration and usage. #8016
  • The Template form by moving the AI model section, enhances the AgentMetadataModelSwitcher with auto-save, a new Save button, agent name filtering, and responsive styles, and applies minor style improvements to other Template components. #8071
  • A style and padding issue in the DateTimePicker popover content. #8106
  • A user interface for scoring on traces and spans. #8089
  • Navigation between scorers and entity types by using scorer names instead of IDs, resolving issues with broken navigation and duplicate scorer entries. #8129

Evals

  • A 'type' parameter to scorer creation, enabling automatic typing of scorer input and output based on the specified type (currently 'agent'), simplifying scorer definitions and payload handling. #8032
  • New server APIs and updates the client SDK to enable scoring of traces. #8064
  • The 'agent' type to all built-in scorers and corrects their names where necessary. #8101
  • A missing changeset for setting the type on built-in scorers, addressing an oversight from a previous pull request. #8132

Memory

  • An issue with the PGVector adapter that caused the memory_messages_vector_idx index to be unnecessarily dropped and recreated, improving performance and preventing chat disruptions. #8020

Observability

  • An issue with orphaned spans in the Braintrust exporter, ensuring proper span association and addressing bug #6773. #7660
  • A critical bug in the langfuse exporter that caused spans finishing after their root span to be lost by ensuring they are no longer incorrectly treated as out-of-order. #8104

Storage

  • A missing changeset related to schema compatibility. #8090
  • Vector type qualification in PgVector for AWS RDS with custom schemas by detecting the installed schema of the pgvector extension, properly qualifying vector type references in all SQL queries, enhancing installation logic, and adding comprehensive tests. #8070

Tools

  • A new feature to display tool output in streamVNext and addresses issue #7325. #7983
  • The ability to suspend and resume tool calls, laying groundwork for tool approvals, and includes related test updates. #8084 [IMPORTANT]
  • The English-to-Japanese translation service by refactoring the relevant code. #8126

... (truncated)

Changelog

Sourced from mastra's changelog.

0.18.6

Patch Changes

0.18.6-alpha.0

Patch Changes

0.18.5

Patch Changes

  • Updated dependencies [880f12b]:
    • @​mastra/core@​0.24.5
    • @​mastra/deployer@​0.24.5

0.18.5-alpha.0

Patch Changes

  • Updated dependencies [880f12b]:
    • @​mastra/core@​0.24.5-alpha.0
    • @​mastra/deployer@​0.24.5-alpha.0

0.18.4

Patch Changes

  • Updated dependencies [418420f]:
    • @​mastra/core@​0.24.4
    • @​mastra/deployer@​0.24.4

0.18.4-alpha.0

Patch Changes

  • Updated dependencies [418420f]:
    • @​mastra/core@​0.24.4-alpha.0

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Any issues related to dependencies javascript Pull requests that update javascript code labels Dec 6, 2025
@vercel
Copy link

vercel bot commented Dec 6, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Review Updated (UTC)
postiz Ignored Ignored Dec 22, 2025 10:55am

sentry[bot]
sentry bot reviewed Dec 6, 2025
View reviewed changes
pnpm-lock.yaml Outdated
Comment on lines 20464 to 20474
'@mastra/server': 0.24.6(@mastra/core@0.20.2(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76))(zod@3.25.76)
'@neon-rs/load': 0.1.82
'@optimize-lodash/rollup-plugin': 5.0.2(rollup@4.50.2)
'@optimize-lodash/rollup-plugin': 5.1.0(rollup@4.50.2)
'@rollup/plugin-alias': 5.1.1(rollup@4.50.2)
'@rollup/plugin-commonjs': 28.0.9(rollup@4.50.2)
'@rollup/plugin-commonjs': 28.0.6(rollup@4.50.2)
'@rollup/plugin-esm-shim': 0.1.8(rollup@4.50.2)
'@rollup/plugin-json': 6.1.0(rollup@4.50.2)
'@rollup/plugin-node-resolve': 16.0.3(rollup@4.50.2)
'@rollup/plugin-node-resolve': 16.0.2(rollup@4.50.2)
'@rollup/plugin-virtual': 3.0.2(rollup@4.50.2)
'@sindresorhus/slugify': 2.2.1
builtins: 5.1.0
Copy link

@sentry sentry bot Dec 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Backend will crash on startup due to missing @mastra/mcp dependency still being imported.
Severity: CRITICAL | Confidence: High

🔍 Detailed Analysis

The backend server will crash immediately on startup because the @mastra/mcp dependency is missing from pnpm-lock.yaml but is still imported and used during application initialization. Specifically, startMcp calls import { MCPServer } from '@mastra/mcp', which will fail with Cannot find module '@mastra/mcp' as the package was removed during the Mastra dependency upgrade from 0.13.4 to 0.18.6. The startMcp call is not wrapped in a try-catch block, leading to an unhandled exception and application failure.

💡 Suggested Fix

Update code to use the new Mastra API, explicitly add @mastra/mcp back as a dependency, or remove/rewrite the startMcp function.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: pnpm-lock.yaml#L20455-L20474

Potential issue: The backend server will crash immediately on startup because the
`@mastra/mcp` dependency is missing from `pnpm-lock.yaml` but is still imported and used
during application initialization. Specifically, `startMcp` calls `import { MCPServer }
from '@mastra/mcp'`, which will fail with `Cannot find module '@mastra/mcp'` as the
package was removed during the Mastra dependency upgrade from 0.13.4 to 0.18.6. The
`startMcp` call is not wrapped in a try-catch block, leading to an unhandled exception
and application failure.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 339077

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/mastra-0.18.6 branch from 1d2011b to 03ee7dc Compare December 22, 2025 10:28
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/mastra-0.18.6 branch from 03ee7dc to 2a5734a Compare December 22, 2025 10:32
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/mastra-0.18.6 branch from 2a5734a to 4bfcda4 Compare December 22, 2025 10:46
@dependabot
build(deps): bump mastra from 0.13.4 to 0.18.6
dfddd1d 
Bumps [mastra](https://github.com/mastra-ai/mastra/tree/HEAD/packages/cli) from 0.13.4 to 0.18.6.
- [Release notes](https://github.com/mastra-ai/mastra/releases)
- [Changelog](https://github.com/mastra-ai/mastra/blob/mastra@0.18.6/packages/cli/CHANGELOG.md)
- [Commits](https://github.com/mastra-ai/mastra/commits/mastra@0.18.6/packages/cli)

---
updated-dependencies:
- dependency-name: mastra
  dependency-version: 0.18.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/mastra-0.18.6 branch from 4bfcda4 to dfddd1d Compare December 22, 2025 10:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sentry sentry[bot] sentry[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Any issues related to dependencies javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants