[Snyk] Upgrade @mastra/core from 0.22.2 to 0.23.3

[ssdeanx]

Snyk has created this PR to upgrade @mastra/core from 0.22.2 to 0.23.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 7 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: @mastra/core

• 0.23.3 - 2025-10-29
• 0.23.2 - 2025-10-29
• 0.23.2-alpha.1 - 2025-10-28
• 0.23.2-alpha.0 - 2025-10-28
• 0.23.1 - 2025-10-24
• 0.23.0 - 2025-10-24
• 0.23.0-alpha.0 - 2025-10-24
• 0.22.2 - 2025-10-22

from @mastra/core GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-upgrade-973b36f852a20c9c54d3231114c7b1c7

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @ssdeanx, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request updates the @mastra/core dependency to its latest recommended version. This ensures the project benefits from the most recent features, bug fixes, and security patches, contributing to better maintainability and reduced risk from outdated components.

Highlights

• Dependency Upgrade: The @mastra/core package has been upgraded from version 0.22.2 to 0.23.3.
• Automated Update: This pull request was automatically generated by Snyk to keep project dependencies up-to-date, aiding in vulnerability management and overall project health.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🤖 Hi @ssdeanx, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[gemini-code-assist]

Code Review

This pull request from Snyk upgrades @mastra/core from 0.22.2 to 0.23.3. While keeping dependencies up-to-date is important, this change introduces a potential version inconsistency within the @mastra ecosystem. I've added a comment highlighting that @mastra/deployer remains at version ^0.22.2, which could be incompatible with the new version of @mastra/core. To prevent potential runtime issues, it's advisable to update related @mastra packages together.

[gemini-code-assist]

This upgrade of @mastra/core may cause issues due to version mismatches with other @mastra packages. The @mastra/deployer package is still at version ^0.22.2, which matches the previous version of @mastra/core. It's common for packages within the same scope (like @mastra/*) to have dependencies on each other and require synchronized versioning. To ensure compatibility and prevent potential runtime errors, I recommend also upgrading @mastra/deployer and any other related packages to a compatible ^0.23.x version.

[roomote-v0]

Rooviewer   See task on Roo Cloud

No issues found. The upgrade of @mastra/core from 0.22.2 to 0.23.3 updates the lockfile and package.json without code changes. However, note that several other @mastra packages (e.g., @mastra/deployer ^0.22.2) have peer dependency constraints requiring core <0.23.0, which this violates. Monitor for runtime issues or update those packages accordingly.

• Dependency upgrade reviewed

_{Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.}

[github-actions]

🤖 I'm sorry @ssdeanx, but I was unable to process your request. Please see the logs for more details.

[Copilot]

Pull request overview

This PR upgrades @mastra/core from version 0.22.2 to 0.23.3, a jump of 7 versions released over approximately one month. However, this upgrade introduces critical peer dependency incompatibilities that will prevent the application from installing or running correctly.

Key changes:

• @mastra/core upgraded from ^0.22.2 to ^0.23.3
• @mastra/schema-compat internally upgraded from 0.11.4 to 0.11.6
• @mastra/loggers upgraded from 0.10.17 to 0.10.19 (with proper peer dependency support for <0.25.0-0)
• Various transitive Babel dependencies updated (7.28.4 → 7.28.5)

Critical Issue: Most @mastra ecosystem packages still require @mastra/core: <0.23.0-0, making them incompatible with version 0.23.3. This will cause npm/yarn to fail during installation or runtime due to unmet peer dependencies.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
package.json	Updates @mastra/core version to ^0.23.3, which is incompatible with most other @mastra packages in the dependency tree
package-lock.json	Reflects the version bump and includes transitive dependency updates; shows multiple peer dependency conflicts with packages requiring @mastra/core <0.23.0-0

[Copilot]

Critical Peer Dependency Incompatibility

Upgrading @mastra/core to version 0.23.3 will break compatibility with multiple @mastra packages that have peer dependency constraints requiring @mastra/core: <0.23.0-0.

The following packages in your dependencies are incompatible with @mastra/core@0.23.3:

• @mastra/deployer@0.22.2 - requires >=0.22.0-0 <0.23.0-0
• @mastra/evals@0.14.1 - requires >=0.21.0-0 <0.23.0-0
• @mastra/mcp@0.14.0 - requires >=0.20.1-0 <0.23.0-0
• @mastra/couchbase@0.11.14 - requires >=0.18.1-0 <0.23.0-0
• Many other @mastra packages - require >=0.18.1-0 <0.23.0-0

Recommendation: Either:

1. Upgrade all incompatible @mastra packages to versions that support @mastra/core@0.23.x (if available)
2. Wait for compatible versions of these packages to be released
3. Revert this upgrade and stay on @mastra/core@0.22.2 until the ecosystem catches up

Note: @mastra/loggers was properly updated to 0.10.19 which supports <0.25.0-0, but this is the exception rather than the rule.

Suggested change

	"@mastra/core": "^0.23.3",
	"@mastra/core": "^0.22.2",