• Lockfile-aware deployment skipping for monorepos

    Skip unaffected deploymentsSkip unaffected deployments

    Vercel now maps dependencies in your package manager’s lockfile to applications in your monorepo. Deployments only occur for applications using updated dependencies.

    Previously, any change to the lockfile would redeploy all applications in the monorepo since it was treated as a shared input. Now, Vercel inspects the lockfile’s contents to determine which applications have dependency changes, further reducing potential queue times.

    Learn more about skipping unaffected projects in monorepos.

    Avatar for dimitropoulosAvatar for tknickmanAvatar for chris-olszewski

    Dimitri Mitropoulos, Tom Knickman, Chris Olszewski

  • Groq, fal, and DeepInfra join the Vercel Marketplace

    AI Providers - DarkAI Providers - Dark

    The Vercel Marketplace now has an AI category for tools to integrate AI models and services directly into Vercel projects.

    Groq, fal, and DeepInfra are available as first-party integrations, allowing users to:

    • Seamlessly connect and experiment with various AI models to power generative applications, embeddings, and more

    • Deploy and run inference with high-performance AI models, optimized for speed and efficiency

    • Leverage single sign-on and integrated billing through Vercel, including new prepaid options for better cost control

    With prepaid plan options, users can now manage AI costs more predictably by purchasing credits upfront from a model provider. These credits can be used across any model offered by that provider.

    Explore the new AI category, read the docs, and get started with Groq, fal, and DeepInfra on the Vercel Marketplace, available to users on all plans.

    You can also explore the most popular models from each provider in the AI SDK playground.

    Avatar for hedizandi-vercelcomAvatar for dvoytenkoAvatar for kropp+8

    Hedi Z, Dima V, Justin K, Fabio B, Walter K, Alex M, Shu U, René-Pier D, Mitul S, Jake U

  • Vercel Firewall protects against the SAMLStorm vulnerability

    We have deployed a proactive security update to the Vercel Firewall, protecting against a recently disclosed vulnerability in the xml-crypto package, dubbed SAMLStorm (CVE-2025-29774 and CVE-2025-29775). This vulnerability, which affects various SAML implementations, could allow attackers to bypass authentication mechanisms.

    What This Means for Vercel Customers

    • Automatic protection with the Vercel Firewall: Vercel Firewall automatically mitigates this risk for you, but updating xml-crypto is still recommended

    • Update xml-crypto: If you're using xml-crypto package 6.0.0 and earlier, or a package that depends on xml-crypto, update to 6.0.1, 3.2.1, or 2.1.6 for the patched versions

    • We'll continue to monitor for new developments and provide updates as necessary

    See the SAMLStorm report for more details on the vulnerability, and reach out to Vercel Support if you have questions.

    Avatar for aaronbrownAvatar for ctgowrieAvatar for sueplex

    Aaron Brown, Casey Gowrie, Sage Abraham