Skip to content

chore(deps): bump @vercel/blob from 2.3.1 to 2.3.3#120

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vercel/blob-2.3.3
Open

chore(deps): bump @vercel/blob from 2.3.1 to 2.3.3#120
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vercel/blob-2.3.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026

Bumps @vercel/blob from 2.3.1 to 2.3.3.

Release notes

Sourced from @​vercel/blob's releases.

@​vercel/blob@​2.3.3

Patch Changes

  • d2ea7cf: Enforce maximumSizeInBytes client-side for multipart uploads. Bodies with a known size (Blob, File, Buffer) are now checked before the upload starts, avoiding wasted API calls.
  • 949e994: Fix multipart upload hanging forever on empty streams, and fix createChunkTransformStream bypassing backpressure by removing incorrect queueMicrotask wrapping.

@​vercel/blob@​2.3.2

Patch Changes

  • c9d9a1a: Apply ifMatch/allowOverwrite validation to handleUpload and generateClientTokenFromReadWriteToken. When ifMatch is set via onBeforeGenerateToken or direct token generation, allowOverwrite is now implicitly enabled. Explicitly passing allowOverwrite: false with ifMatch throws a clear error.
  • 6dcecb8: Make ifMatch imply allowOverwrite: true on put(). Previously, using ifMatch without explicitly setting allowOverwrite: true would cause the server to send conflicting conditional headers to S3, resulting in 500 errors. Now the SDK implicitly enables allowOverwrite when ifMatch is set, and throws a clear error if allowOverwrite: false is explicitly combined with ifMatch.
Changelog

Sourced from @​vercel/blob's changelog.

2.3.3

Patch Changes

  • d2ea7cf: Enforce maximumSizeInBytes client-side for multipart uploads. Bodies with a known size (Blob, File, Buffer) are now checked before the upload starts, avoiding wasted API calls.
  • 949e994: Fix multipart upload hanging forever on empty streams, and fix createChunkTransformStream bypassing backpressure by removing incorrect queueMicrotask wrapping.

2.3.2

Patch Changes

  • c9d9a1a: Apply ifMatch/allowOverwrite validation to handleUpload and generateClientTokenFromReadWriteToken. When ifMatch is set via onBeforeGenerateToken or direct token generation, allowOverwrite is now implicitly enabled. Explicitly passing allowOverwrite: false with ifMatch throws a clear error.
  • 6dcecb8: Make ifMatch imply allowOverwrite: true on put(). Previously, using ifMatch without explicitly setting allowOverwrite: true would cause the server to send conflicting conditional headers to S3, resulting in 500 errors. Now the SDK implicitly enables allowOverwrite when ifMatch is set, and throws a clear error if allowOverwrite: false is explicitly combined with ifMatch.
Commits
  • 690b293 Version Packages (#1038)
  • 949e994 fix(blob): resolve multipart deadlock on empty streams, fix TransformStream b...
  • d2ea7cf fix(blob): enforce maximumSizeInBytes client-side for multipart uploads (#1036)
  • 7f34f12 chore(deps): update dependency ts-jest to v29.4.9 (#1035)
  • 3285008 Version Packages (#1026)
  • c9d9a1a [@​vercel/blob] Apply ifMatch/allowOverwrite validation to handleUpload and ge...
  • 6dcecb8 [@​vercel/blob] Make ifMatch imply allowOverwrite, throw on contradiction (#1022)
  • 7cdaa4b chore(deps): update jest monorepo to v30.3.0 (#1005)
  • 135fae5 chore(deps): update dependency @​types/node to v24.12.0 (#1001)
  • 9565cdc chore(deps): update dependency @​types/node to v24.11.2 (#1000)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump @vercel/blob from 2.3.1 to 2.3.3
4b82cf1 
Bumps [@vercel/blob](https://github.com/vercel/storage/tree/HEAD/packages/blob) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/vercel/storage/releases)
- [Changelog](https://github.com/vercel/storage/blob/main/packages/blob/CHANGELOG.md)
- [Commits](https://github.com/vercel/storage/commits/@vercel/blob@2.3.3/packages/blob)

---
updated-dependencies:
- dependency-name: "@vercel/blob"
  dependency-version: 2.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 13, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
francescoronel Ready Ready Preview, Comment Apr 13, 2026 4:12am

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants