Skip to content

chore(deps): bump @composio/core from 0.10.0 to 0.13.1 in /web#275

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/web/composio/core-0.13.1
Open

chore(deps): bump @composio/core from 0.10.0 to 0.13.1 in /web#275
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/web/composio/core-0.13.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 28, 2026

Copy link
Copy Markdown
Contributor

Bumps @composio/core from 0.10.0 to 0.13.1.

Release notes

Sourced from @​composio/core's releases.

@​composio/core@​0.13.1

Patch Changes

  • 605a726: Add Tool Router session deletion APIs.

@​composio/core@​0.13.0

Minor Changes

  • d17a268: Add the first-class composio.sessions.create() API while keeping composio.create() as an alias, expose the experimental shared-connection ACL patch helper as connectedAccounts.updateAcl() while keeping experimental.updateAcl() as an alias, and include SDK docs/source in the published package.

    MCP is now opt-in. Sessions return native tools by default; the hosted MCP endpoint is only surfaced on the type when you create the session with { mcp: true }. The default create() / use() now return SessionWithoutMcp (the runtime object is unchanged — session.mcp still exists at runtime — but it is no longer in the type).

    Migration: read session.mcp only after creating with { mcp: true }.

  • d17a268: Surface the resolved workbench config on Tool Router sessions.

    • Session.workbench is now populated from the API response (on create/retrieve/attach/update). It exposes the resolved workbench config, e.g. session.workbench?.enable (defaults to true server-side).

    This lets callers create a session with the remote workbench disabled (workbench: { enable: false }) and detect that state — the foundation for running code in a sandbox you own via the experimental @composio/experimental/workbench helpers.

Patch Changes

  • d17a268: Prefer sandbox for session code-execution configuration while continuing to accept the existing workbench alias.
  • d17a268: Add triggers.parse() to parse and optionally verify incoming webhook requests.
  • d17a268: Add triggers.setWebhookSubscription() to create or update the project webhook subscription from the TypeScript SDK.

@​composio/core@​0.12.0

Minor Changes

  • a0bef5d: Bump @composio/client to 0.1.0-alpha.74.

  • dfd7a08: Add per-request cancellation to public SDK methods via a new ComposioRequestOptions ({ signal?: AbortSignal }) trailing argument, plus a typed ComposioRequestCancelledError for detecting caller-initiated aborts.

    Without this, a slow tools.get or tools.execute had no way to be cancelled — a 100s search would block the calling agent indefinitely. The new shape:

    try {
      const tools = await composio.tools.get(
        'user_1',
        { search: 'send email', limit: 50 },
        { signal: AbortSignal.timeout(5_000) }
      );
    } catch (err) {
      if (err instanceof ComposioRequestCancelledError) {
        return;
      }
      throw err;
    }

    The signal is forwarded to the underlying @composio/client fetch. Any abort error (APIUserAbortError, AbortError, or DOMException(name='AbortError')) coming back is normalized to ComposioRequestCancelledError so callers can instanceof-detect cancellation without unwrapping nested causes. Catch-and-wrap paths in tools.execute / tools.getRawComposioToolBySlug / toolkits.get re-throw the cancellation error rather than remapping it to ComposioToolExecutionError / ComposioToolNotFoundError / ComposioToolkitFetchError.

... (truncated)

Changelog

Sourced from @​composio/core's changelog.

0.13.1

Patch Changes

  • 605a726: Add Tool Router session deletion APIs.

0.13.0

Minor Changes

  • d17a268: Add the first-class composio.sessions.create() API while keeping composio.create() as an alias, expose the experimental shared-connection ACL patch helper as connectedAccounts.updateAcl() while keeping experimental.updateAcl() as an alias, and include SDK docs/source in the published package.

    MCP is now opt-in. Sessions return native tools by default; the hosted MCP endpoint is only surfaced on the type when you create the session with { mcp: true }. The default create() / use() now return SessionWithoutMcp (the runtime object is unchanged — session.mcp still exists at runtime — but it is no longer in the type).

    Migration: read session.mcp only after creating with { mcp: true }.

  • d17a268: Surface the resolved workbench config on Tool Router sessions.

    • Session.workbench is now populated from the API response (on create/retrieve/attach/update). It exposes the resolved workbench config, e.g. session.workbench?.enable (defaults to true server-side).

    This lets callers create a session with the remote workbench disabled (workbench: { enable: false }) and detect that state — the foundation for running code in a sandbox you own via the experimental @composio/experimental/workbench helpers.

Patch Changes

  • d17a268: Prefer sandbox for session code-execution configuration while continuing to accept the existing workbench alias.
  • d17a268: Add triggers.parse() to parse and optionally verify incoming webhook requests.
  • d17a268: Add triggers.setWebhookSubscription() to create or update the project webhook subscription from the TypeScript SDK.

0.12.0

Minor Changes

  • a0bef5d: Bump @composio/client to 0.1.0-alpha.74.

  • dfd7a08: Add per-request cancellation to public SDK methods via a new ComposioRequestOptions ({ signal?: AbortSignal }) trailing argument, plus a typed ComposioRequestCancelledError for detecting caller-initiated aborts.

    Without this, a slow tools.get or tools.execute had no way to be cancelled — a 100s search would block the calling agent indefinitely. The new shape:

    try {
      const tools = await composio.tools.get(
        'user_1',
        { search: 'send email', limit: 50 },
        { signal: AbortSignal.timeout(5_000) }
      );
    } catch (err) {
      if (err instanceof ComposioRequestCancelledError) {
        return;
      }
      throw err;
    }

... (truncated)

Commits
  • 156a1eb Release: update version (#3686)
  • 956f9be chore(agents): normalize repo guidance skills (#3666)
  • 605a726 Add tool router session deletion (#3679)
  • 20bf1b6 chore(ts): quiet tsdown build warnings (#3665)
  • d102ab0 Release: update version (#3676)
  • d17a268 docs: sessions-first rewrite — new guides, examples & components (+ core 0.13...
  • 9764ce3 Release: update version (#3616)
  • f6b5505 fix(core): preserve SDK reference types
  • 507318d fix(anthropic): harden tool property-key sanitizer (#3650)
  • dfd7a08 feat(core): add AbortSignal cancellation to public SDK methods + ComposioRequ...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​composio/core since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@composio/core](https://github.com/ComposioHQ/composio/tree/HEAD/ts/packages/core) from 0.10.0 to 0.13.1.
- [Release notes](https://github.com/ComposioHQ/composio/releases)
- [Changelog](https://github.com/ComposioHQ/composio/blob/next/ts/packages/core/CHANGELOG.md)
- [Commits](https://github.com/ComposioHQ/composio/commits/@composio/core@0.13.1/ts/packages/core)

---
updated-dependencies:
- dependency-name: "@composio/core"
  dependency-version: 0.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants