chore(deps): bump the patch-updates group across 1 directory with 14 updates

[dependabot]

Bumps the patch-updates group with 14 updates in the / directory:

Package	From	To
@hono/node-server	1.19.9	1.19.14
eslint-plugin-import-x	4.16.1	4.16.2
prettier	3.8.1	3.8.2
ts-jest	29.4.6	29.4.9
mongodb	7.1.0	7.1.1
sql.js	1.14.0	1.14.1
@types/sql.js	1.4.9	1.4.11
handlebars	4.7.8	4.7.9
fumadocs-docgen	3.0.8	3.0.10
fumadocs-mdx	14.2.9	14.2.13
fumadocs-twoslash	3.1.14	3.1.17
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
postcss	8.5.6	8.5.9

Updates @hono/node-server from 1.19.9 to 1.19.14

Release notes

Sourced from @​hono/node-server's releases.

v1.19.14

What's Changed

• fix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by @​usualoma in honojs/node-server#340

Full Changelog: honojs/node-server@v1.19.13...v1.19.14

v1.19.13

Security Fix

Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (//) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-92pp-h63x-v22m for details.

v1.19.12

What's Changed

• chore: ignore claude setting by @​yusukebe in honojs/node-server#314
• fix: request draining for early 413 responses by @​usualoma in honojs/node-server#329

Full Changelog: honojs/node-server@v1.19.11...v1.19.12

v1.19.11

What's Changed

• fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @​usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

Commits

• b5e63a3 1.19.14
• c02d777 fix: add custom inspect to lightweight Request/Response to prevent TypeError ...
• fd64e65 1.19.13
• 025c30f Merge commit from fork
• 6cdb5a7 1.19.12
• 70250f7 fix: request draining for early 413 responses (#329)
• cfc08b3 chore: ignore claude setting (#314)
• ecd4d6b 1.19.11
• c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
• 2f8ca36 1.19.10
• Additional commits viewable in compare view

Updates eslint-plugin-import-x from 4.16.1 to 4.16.2

Release notes

Sourced from eslint-plugin-import-x's releases.

v4.16.2

Patch Changes

• #457 1da4043 Thanks @​SukkaW! - Make the no-unused-modules rule no-op on ESLint 10 or later for now before we can implement an alternative. A warning message about this behavior is added, and can be suppressed with the new suppressMissingFileEnumeratorAPIWarning rule option (import-x/no-unused-modules: ['error', { suppressMissingFileEnumeratorAPIWarning: true }]).

• #450 a51be0f Thanks @​andrewgaun! - fix(deps): Bumping minimatch 10 version to avoid dependency with a critical vulnerability

  Updating the minimum minimatch 10 version to 10.1.2 which updates a dependency (@​isaacs/brace-expansion) with a critical vulnerability. See GHSA-7h2j-956f-4vf2

• #466 b669aca Thanks @​SukkaW! - Make eslint-plugin-import-x compatible with ESLint's defineConfig

• #434 a3aae61 Thanks @​stepankuzmin! - fix(deps): replace type-fest with @​package-json/types

  PackageJson types are imported in published declaration files (lib/rules/no-extraneous-dependencies.d.ts and lib/utils/read-pkg-up.d.ts), which causes TypeScript compilation errors for consumers who don't have skipLibCheck enabled. Replacing type-fest with the smaller @​package-json/types package ensures the types are available to all consumers while reducing bundle size.

• #458 60312ee Thanks @​SukkaW! - Bump peer deps version range to include ESLint 10 support

• #443 b416a8a Thanks @​baevm! - consistent-type-specifier-style: Add exception for TS resolution-mode import attributes

• #454 d3f8d67 Thanks @​SukkaW! - First step toward ESLint 10 support:

  • sourceType determination now prefers context.languageOptions when possible
  • Ensure context.parserOptions no longer results in crashes with ESLint 10
  • Merge getParser and getParserPath implementations into one getParserOrPath

• #406 d0a7816 Thanks @​marcalexiei! - fix(package): remove config and rules exports pointing to empty files

Changelog

Sourced from eslint-plugin-import-x's changelog.

4.16.2

Patch Changes

• #457 1da4043 Thanks @​SukkaW! - Make the no-unused-modules rule no-op on ESLint 10 or later for now before we can implement an alternative. A warning message about this behavior is added, and can be suppressed with the new suppressMissingFileEnumeratorAPIWarning rule option (import-x/no-unused-modules: ['error', { suppressMissingFileEnumeratorAPIWarning: true }]).

• #450 a51be0f Thanks @​andrewgaun! - fix(deps): Bumping minimatch 10 version to avoid dependency with a critical vulnerability

  Updating the minimum minimatch 10 version to 10.1.2 which updates a dependency (@​isaacs/brace-expansion) with a critical vulnerability. See GHSA-7h2j-956f-4vf2

• #466 b669aca Thanks @​SukkaW! - Make eslint-plugin-import-x compatible with ESLint's defineConfig

• #434 a3aae61 Thanks @​stepankuzmin! - fix(deps): replace type-fest with @​package-json/types

  PackageJson types are imported in published declaration files (lib/rules/no-extraneous-dependencies.d.ts and lib/utils/read-pkg-up.d.ts), which causes TypeScript compilation errors for consumers who don't have skipLibCheck enabled. Replacing type-fest with the smaller @​package-json/types package ensures the types are available to all consumers while reducing bundle size.

• #458 60312ee Thanks @​SukkaW! - Bump peer deps version range to include ESLint 10 support

• #443 b416a8a Thanks @​baevm! - consistent-type-specifier-style: Add exception for TS resolution-mode import attributes

• #454 d3f8d67 Thanks @​SukkaW! - First step toward ESLint 10 support:

  • sourceType determination now prefers context.languageOptions when possible
  • Ensure context.parserOptions no longer results in crashes with ESLint 10
  • Merge getParser and getParserPath implementations into one getParserOrPath

• #406 d0a7816 Thanks @​marcalexiei! - fix(package): remove config and rules exports pointing to empty files

Commits

• 69ddbba chore: release eslint-plugin-import-x (#407)
• b669aca fix(#421): defineConfig compatible (#466)
• 60312ee chore: prepare for ESLint 10 more (#458)
• 1da4043 refactor: make no-unused-modules no-op on ESLint 10 or later (#457)
• d801fd7 docs: remove SublimeLinter-eslint mention in README (#432)
• 1909953 chore(deps): update dependency minimatch to v9.0.8 [security] (#460)
• b416a8a fix: consistent-type-specifier-style with prefer-inline and TS resolution...
• a51be0f chore(deps): bumping minimatch 10 to 10.1.2 to avoid dependencies with cr...
• d3f8d67 refactor: first step toward ESLint 10 support (#454)
• a3aae61 fix(deps): replace type-fest w/ @package-json/types (#434)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-import-x since your current version.

Updates prettier from 3.8.1 to 3.8.2

Release notes

Sourced from prettier's releases.

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

<!-- Input -->
@let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.1 -->
@​let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.2 -->
@​let fn = (a) => (a ? 1 : 2);
{{ fn(a instanceof b) }}

Commits

• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• 881360b Support default never in Angular v21.2 (#19034)
• 07d6724 Bump Prettier dependency to 3.8.1
• 8b4a53a Clean changelog_unreleased
• See full diff in compare view

Updates ts-jest from 29.4.6 to 29.4.9

Release notes

Sourced from ts-jest's releases.

v29.4.9

Please refer to CHANGELOG.md for details.

v29.4.8

No release notes provided.

v29.4.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.7 (2026-04-01)

Features

• support TypeScript v6 (eda517d)

Commits

• bac2e77 chore(release): bump version to 29.4.9
• f8a9cc9 fix: use correct registry for npm OIDC trusted publishing
• e2eec26 fix: npm permissions
• 263f2ac chore: remove npm auth token
• 5df0e45 OIDC
• f82c144 Merge pull request #5250 from kulshekhar/copilot/bump-patch-version
• e6ec5ae Update CHANGELOG.md
• 62c3199 Update CHANGELOG.md
• 052e751 Bump patch version to 29.4.7
• f79e77b Merge pull request #5249 from ext/feature/ts6-peer
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for ts-jest since your current version.

Updates mongodb from 7.1.0 to 7.1.1

Release notes

Sourced from mongodb's releases.

v7.1.1

7.1.1 (2026-03-24)

The MongoDB Node.js team is pleased to announce version 7.1.1 of the mongodb package!

Release Notes

Tighten OIDC ALLOWED_HOSTS wildcard matching

The OIDC ALLOWED_HOSTS wildcard handling has been fixed to require full subdomain/path matches for *. and */ entries, preventing partial suffix matches from being incorrectly accepted.

Fixed TCP keep-alive and no-delay settings not being applied on TLS connections

Due to a Node.js bug, tls.connect() silently ignores keepAlive, keepAliveInitialDelay, and noDelay options passed through its constructor. This could cause idle connections - particularly through cloud load balancers like Azure (240s idle timeout) or AWS PrivateLink/NLB - to be dropped unexpectedly due to missing TCP keep-alive probes.

The driver now explicitly calls setKeepAlive() and setNoDelay() on the socket after creation, ensuring these settings are always applied regardless of whether TLS is used.

Bug Fixes

• NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
• NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

Changelog

Sourced from mongodb's changelog.

7.1.1 (2026-03-23)

Bug Fixes

• NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
• NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

Commits

• 5e4341e chore(v7.1.x): release 7.1.1 (#4895)
• b14ba21 fix(NODE-7482): explicitly call setKeepAlive and setNoDelay on socket (#4900)
• 237c9ab fix(NODE-7477): OIDC host allowlist fix (#4896)
• fa11559 ci(NODE-7489): pin npm to 11.11.1 for BSON compat tasks (#4901)
• 66e5cd6 chore(NODE-7480): fix ci issues on release branch (#4899)
• 639e17c chore(NODE-7476): added release-7.1 config
• See full diff in compare view

Updates sql.js from 1.14.0 to 1.14.1

Commits

• 8088a68 Fix browser bundle (#625)
• ee29605 Update devcontainer + migrate linting to ESLint 10 (#623)
• d58d741 sqlite 3.45.2 (#581)
• See full diff in compare view

Updates @types/sql.js from 1.4.9 to 1.4.11

Commits

• See full diff in compare view

Updates @types/sql.js from 1.4.9 to 1.4.11

Commits

• See full diff in compare view

Updates handlebars from 4.7.8 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5
  • GHSA-2w6w-674q-4c4q
  • GHSA-3mfm-83xf-c92r
  • GHSA-xhpv-hc6g-r9c6
  • GHSA-xjpj-3mr7-gcpf
  • GHSA-9cx6-37pm-9jff
  • GHSA-2qvq-rjwj-gvw9
  • GHSA-7rx3-28cr-v5wh
  • GHSA-442j-39wm-28r2

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5

Commits

Commits

• dce542c v4.7.9
• 8a41389 Update release notes
• 68d8df5 Fix security issues
• b2a0831 Fix browser tests
• 9f98c16 Fix release script
• 45443b4 Revert "Improve partial indenting performance"
• 8841a5f Fix CI errors with linting
• e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
• e914d60 Improve rendering performance
• 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
• Additional commits viewable in compare view

Updates fumadocs-docgen from 3.0.8 to 3.0.10

Release notes

Sourced from fumadocs-docgen's releases.

fumadocs-docgen@3.0.10

Patch Changes

• 2d8f596: fix npm pack skipping nested node_modules
• Updated dependencies [2d8f596]
  • fumadocs-core@16.7.14

fumadocs-docgen@3.0.9

Patch Changes

• 690ddb9: bundle more deps
• Updated dependencies [690ddb9]
  • fumadocs-core@16.7.13

Commits

• fa60913 Version Packages (#3202)
• 2d8f596 Chore: fix npm pack skipping nested node_modules
• b5af621 Merge pull request #3200 from fuma-nama/changeset-release/dev
• 79995e9 fix tsdown warnings
• 9518cc8 OpenAPI: remove openapi-sampler dep
• 335b9c1 Chore: bundle more deps
• 498425b UI: pre-calculate TOC item positions
• 7cdde7c UI: improve TOC performance
• 690ddb9 Chore: bundle more deps
• 8999346 Version Packages (#3198)
• Additional commits viewable in compare view

Updates fumadocs-mdx from 14.2.9 to 14.2.13

Release notes

Sourced from fumadocs-mdx's releases.

fumadocs-mdx@14.2.13

Patch Changes

• 2d8f596: fix npm pack skipping nested node_modules
• Updated dependencies [2d8f596]
  • @​fumadocs/mdx-remote@​1.4.8
  • fumadocs-core@16.7.14

fumadocs-mdx@14.2.12

Patch Changes

• 690ddb9: bundle more deps
• Updated dependencies [690ddb9]
  • @​fumadocs/mdx-remote@​1.4.7
  • fumadocs-core@16.7.13

Commits

• fa60913 Version Packages (#3202)
• 2d8f596 Chore: fix npm pack skipping nested node_modules
• b5af621 Merge pull request #3200 from fuma-nama/changeset-release/dev
• 79995e9 fix tsdown warnings
• 9518cc8 OpenAPI: remove openapi-sampler dep
• 335b9c1 Chore: bundle more deps
• 498425b UI: pre-calculate TOC item positions
• 7cdde7c UI: improve TOC performance
• 690ddb9 Chore: bundle more deps
• 8999346 Version Packages (#3198)
• Additional commits viewable in compare view

Updates fumadocs-twoslash from 3.1.14 to 3.1.17

Release notes

Sourced from fumadocs-twoslash's releases.

fumadocs-twoslash@3.1.17

Patch Changes

• 2d8f596: fix npm pack skipping nested node_modules
• Updated dependencies [2d8f596]
  • fumadocs-ui@16.7.14

fumadocs-twoslash@3.1.16

Patch Changes

• 690ddb9: bundle more deps
• Updated dependencies [690ddb9]
  • fumadocs-ui@16.7.13

fumadocs-twoslash@3.1.15

Patch Changes

• da50bc3: Force default options for TypeScript 6

Commits

• fa60913 Version Packages (#3202)
• 2d8f596 Chore: fix npm pack skipping nested node_modules
• b5af621 Merge pull request #3200 from fuma-nama/changeset-release/dev
• 79995e9 fix tsdown warnings
• 9518cc8 OpenAPI: remove openapi-sampler dep
• 335b9c1 Chore: bundle more deps
• 498425b UI: pre-calculate TOC item positions
• 7cdde7c UI: improve TOC performance
• 690ddb9 Chore: bundle more deps
• 8999346 Version Packages (#3198)
• Additional commits viewable in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates postcss from 8.5.6 to 8.5.9

Release notes

Sourced from postcss's releases.

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

• fe88ac2 Release 8.5.9 version
• c551632 Avoid RegExp when we can use simple JS
• 89a6b74 Move SECURITY.txt for docs folder to keep GitHub page cleaner
• 6ceb8a4 Create SECURITY.md
• 02ccae6 Another way to fix CI with .ts ext in tests on old Node.js
• 2c36658 Another way to fix CI with TS on old Node.js
• b906003 Another way to fix CI with old Node.js
• 04d32cd Fix another issue with Node.js 10 on CI
• df86cdf Try to fix Node.js 10 on CI
• 82bec0d Move to oxfmt
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
objectos	Ready	Preview, Comment	Apr 13, 2026 2:31am
objectos-demo	Error		Apr 13, 2026 2:31am

[github-actions]

⚠️ This PR is very large. Consider breaking it down into smaller, more focused changes for easier review.