From e8f3b9c8f2fc756419e86e2ccc145a2a7fa6b97c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Feb 2026 11:12:10 -0800
Subject: [PATCH 1/6] chore(deps): bump axios from 1.13.4 to 1.13.5 in
/docs/en/samples/pre_post_processing/js/langchain (#2510)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [axios](https://github.com/axios/axios) from 1.13.4 to 1.13.5.
Release notes
Sourced from axios's
releases.
v1.13.5
Release 1.13.5
Highlights
- Security: Fixed a potential Denial of
Service issue involving the
__proto__ key in
mergeConfig. (PR #7369)
- Bug fix: Resolved an issue where
AxiosError could be missing the status field
on and after v1.13.3. (PR #7368)
Changes
Security
- Fix Denial of Service via
__proto__ key in
mergeConfig. (PR #7369)
Fixes
- Fix/5657. (PR #7313)
- Ensure
status is present in AxiosError on
and after v1.13.3. (PR #7368)
Features / Improvements
- Add input validation to
isAbsoluteURL. (PR #7326)
- Refactor: bump minor package versions. (PR #7356)
Documentation
- Clarify object-check comment. (PR #7323)
- Fix deprecated
Buffer constructor usage and README
formatting. (PR #7371)
CI / Maintenance
- Chore: fix issues with YAML. (PR #7355)
- CI: update workflow YAMLs. (PR #7372)
- CI: fix run condition. (PR #7373)
- Dev deps: bump
karma-sourcemap-loader from 0.3.8 to
0.4.0. (PR #7360)
- Chore(release): prepare release 1.13.5. (PR #7379)
New Contributors
Full Changelog: https://github.com/axios/axios/compare/v1.13.4...v1.13.5
Commits
29f7542
chore(release): prepare release 1.13.5 (#7379)431c3a3
ci: fix run condition (#7373)9ff3a78
ci: update ymls (#7372)265b712
docs: fix deprecated Buffer constructor and formatting issues in README
(#7371)475e75a
feat: add input validation to isAbsoluteURL (#7326)28c7215
fix: Denial of Service via proto Key in mergeConfig (#7369)04cf019
docs: clarify object check comment (#7323)696fa75
fix: status is missing in AxiosError on and after v1.13.3 (#7368)569f028
fix: added a option to choose between legacy and the new
request/response int...44b7c9f
chore(deps-dev): bump karma-sourcemap-loader (#7360)- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/genai-toolbox/network/alerts).
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.../js/langchain/package-lock.json | 21 +++++--------------
1 file changed, 5 insertions(+), 16 deletions(-)
diff --git a/docs/en/samples/pre_post_processing/js/langchain/package-lock.json b/docs/en/samples/pre_post_processing/js/langchain/package-lock.json
index 8eed2a79ea8..27ed1a7601e 100644
--- a/docs/en/samples/pre_post_processing/js/langchain/package-lock.json
+++ b/docs/en/samples/pre_post_processing/js/langchain/package-lock.json
@@ -217,13 +217,13 @@
"license": "MIT"
},
"node_modules/axios": {
- "version": "1.13.4",
- "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.4.tgz",
- "integrity": "sha512-1wVkUaAO6WyaYtCkcYCOx12ZgpGf9Zif+qXa4n+oYzK558YryKqiL6UWwd5DqiH3VRW0GYhTZQ/vlgJrCoNQlg==",
+ "version": "1.13.5",
+ "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz",
+ "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==",
"license": "MIT",
"dependencies": {
- "follow-redirects": "^1.15.6",
- "form-data": "^4.0.4",
+ "follow-redirects": "^1.15.11",
+ "form-data": "^4.0.5",
"proxy-from-env": "^1.1.0"
}
},
@@ -1598,17 +1598,6 @@
"funding": {
"url": "https://github.com/sponsors/colinhacks"
}
- },
- "node_modules/zod-to-json-schema": {
- "version": "3.25.1",
- "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.1.tgz",
- "integrity": "sha512-pM/SU9d3YAggzi6MtR4h7ruuQlqKtad8e9S0fmxcMi+ueAK5Korys/aWcV9LIIHTVbj01NdzxcnXSN+O74ZIVA==",
- "license": "ISC",
- "optional": true,
- "peer": true,
- "peerDependencies": {
- "zod": "^3.25 || ^4"
- }
}
}
}
From 276cf604a2bb41861639ed6881557e38dd97a614 Mon Sep 17 00:00:00 2001
From: Benny Magid <62776247+bennymagid@users.noreply.github.com>
Date: Wed, 18 Feb 2026 15:07:40 -0500
Subject: [PATCH 2/6] feat(ui): make tool list panel resizable (#2253)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
## Description
Add draggable resize handle to tool list panel with min/max width
constraints, visual feedback, and localStorage persistence.
## PR Checklist
> Thank you for opening a Pull Request! Before submitting your PR, there
are a
> few things you can do to make sure it goes smoothly:
- [ ] Make sure you reviewed
[CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md)
- [ ] Make sure to open an issue as a
[bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose)
before writing your code! That way we can discuss the change, evaluate
designs, and agree on the general idea
- [ ] Ensure the tests and linter pass
- [ ] Code coverage does not decrease (if any source code was changed)
- [ ] Appropriate docs were updated (if necessary)
- [ ] Make sure to add `!` if this involve a breaking change
🛠️ Fixes #1729
---------
Co-authored-by: Wenxin Du <117315983+duwenxin99@users.noreply.github.com>
---
internal/server/static/css/style.css | 29 ++++++-
internal/server/static/js/resize.js | 116 +++++++++++++++++++++++++++
internal/server/static/tools.html | 10 ++-
internal/server/static/toolsets.html | 8 +-
4 files changed, 156 insertions(+), 7 deletions(-)
create mode 100644 internal/server/static/js/resize.js
diff --git a/internal/server/static/css/style.css b/internal/server/static/css/style.css
index 47d8a35974b..b0c1968c1b6 100644
--- a/internal/server/static/css/style.css
+++ b/internal/server/static/css/style.css
@@ -87,8 +87,29 @@ body {
display: flex;
flex-direction: column;
padding: 15px;
- align-items: center;
+ align-items: stretch;
position: relative;
+ min-width: 200px;
+ max-width: 50vw;
+ overflow: visible;
+ box-sizing: border-box;
+}
+
+.resize-handle {
+ position: absolute;
+ right: -2px;
+ top: 0;
+ bottom: 0;
+ width: 4px;
+ cursor: ew-resize;
+ background-color: transparent;
+ z-index: 10;
+ transition: background-color 0.2s ease;
+}
+
+.resize-handle:hover,
+.resize-handle.active {
+ background-color: var(--toolbox-blue);
}
.nav-logo {
@@ -626,10 +647,13 @@ body {
.search-container {
display: flex;
width: 100%;
+ min-width: 0;
margin-bottom: 15px;
+ box-sizing: border-box;
#toolset-search-input {
- flex-grow: 1;
+ flex: 1;
+ min-width: 0;
padding: 10px 12px;
border: 1px solid #ccc;
border-radius: 20px 0 0 20px;
@@ -637,6 +661,7 @@ body {
font-family: inherit;
font-size: 0.9em;
color: var(--text-primary-gray);
+ box-sizing: border-box;
&:focus {
outline: none;
diff --git a/internal/server/static/js/resize.js b/internal/server/static/js/resize.js
new file mode 100644
index 00000000000..f2ff490fe33
--- /dev/null
+++ b/internal/server/static/js/resize.js
@@ -0,0 +1,116 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+const STORAGE_KEY = 'toolbox-second-nav-width';
+const DEFAULT_WIDTH = 250;
+const MIN_WIDTH = 200;
+const MAX_WIDTH_PERCENT = 50;
+
+/**
+ * Creates and attaches a resize handle to the second navigation panel
+ */
+export function initializeResize() {
+ const secondNav = document.querySelector('.second-nav');
+ if (!secondNav) {
+ return;
+ }
+
+ // Create resize handle
+ const resizeHandle = document.createElement('div');
+ resizeHandle.className = 'resize-handle';
+ resizeHandle.setAttribute('aria-label', 'Resize panel');
+ secondNav.appendChild(resizeHandle);
+
+ // Load saved width or use default
+ let initialWidth = DEFAULT_WIDTH;
+ try {
+ const savedWidth = localStorage.getItem(STORAGE_KEY);
+ if (savedWidth) {
+ const parsed = parseInt(savedWidth, 10);
+ if (!isNaN(parsed) && parsed >= MIN_WIDTH) {
+ initialWidth = parsed;
+ }
+ }
+ } catch (e) {
+ // localStorage may be unavailable in private browsing mode
+ console.warn('Failed to load saved panel width:', e);
+ }
+ setPanelWidth(secondNav, initialWidth);
+
+ // Setup resize functionality
+ let startX = 0;
+ let startWidth = 0;
+
+ const onMouseMove = (e) => {
+ const deltaX = e.clientX - startX;
+ const newWidth = startWidth + deltaX;
+ const maxWidth = (window.innerWidth * MAX_WIDTH_PERCENT) / 100;
+
+ const clampedWidth = Math.max(MIN_WIDTH, Math.min(newWidth, maxWidth));
+ setPanelWidth(secondNav, clampedWidth);
+ };
+
+ const onMouseUp = () => {
+ document.removeEventListener('mousemove', onMouseMove);
+ document.removeEventListener('mouseup', onMouseUp);
+
+ resizeHandle.classList.remove('active');
+ document.body.style.cursor = '';
+ document.body.style.userSelect = '';
+
+ // Save width to localStorage
+ try {
+ localStorage.setItem(STORAGE_KEY, secondNav.offsetWidth.toString());
+ } catch (e) {
+ // localStorage may be unavailable in private browsing mode
+ console.warn('Failed to save panel width:', e);
+ }
+ };
+
+ resizeHandle.addEventListener('mousedown', (e) => {
+ startX = e.clientX;
+ startWidth = secondNav.offsetWidth;
+ resizeHandle.classList.add('active');
+ document.body.style.cursor = 'ew-resize';
+ document.body.style.userSelect = 'none';
+ e.preventDefault();
+
+ document.addEventListener('mousemove', onMouseMove);
+ document.addEventListener('mouseup', onMouseUp);
+ });
+
+ // Handle window resize to enforce max width
+ window.addEventListener('resize', () => {
+ const currentWidth = secondNav.offsetWidth;
+ const maxWidth = (window.innerWidth * MAX_WIDTH_PERCENT) / 100;
+
+ if (currentWidth > maxWidth) {
+ setPanelWidth(secondNav, maxWidth);
+ try {
+ localStorage.setItem(STORAGE_KEY, maxWidth.toString());
+ } catch (e) {
+ // localStorage may be unavailable in private browsing mode
+ console.warn('Failed to save panel width:', e);
+ }
+ }
+ });
+}
+
+/**
+ * Sets the width of the panel and updates flex property
+ */
+function setPanelWidth(panel, width) {
+ panel.style.flex = `0 0 ${width}px`;
+}
+
diff --git a/internal/server/static/tools.html b/internal/server/static/tools.html
index c618c5111b4..f461cc80ad5 100644
--- a/internal/server/static/tools.html
+++ b/internal/server/static/tools.html
@@ -22,12 +22,16 @@
-
diff --git a/internal/server/static/toolsets.html b/internal/server/static/toolsets.html
index adcd5fdfde8..84907222603 100644
--- a/internal/server/static/toolsets.html
+++ b/internal/server/static/toolsets.html
@@ -29,12 +29,16 @@