Bump the all-dependencies group across 1 directory with 15 updates #43

dependabot · 2025-12-01T17:32:06Z

Bumps the all-dependencies group with 15 updates in the / directory:

Package	From	To
@modelcontextprotocol/sdk	`1.12.3`	`1.23.0`
@octokit/rest	`22.0.0`	`22.0.1`
dotenv	`16.5.0`	`17.2.3`
express	`5.1.0`	`5.2.0`
@types/express	`5.0.3`	`5.0.5`
glob	`11.0.3`	`13.0.0`
js-yaml	`4.1.0`	`4.1.1`
octokit	`5.0.3`	`5.0.5`
simple-git	`3.28.0`	`3.30.0`
zod	`3.25.64`	`4.1.13`
@biomejs/biome	`1.9.4`	`2.3.8`
@types/node	`24.0.3`	`24.10.1`
jest	`30.0.0`	`30.2.0`
ts-jest	`29.4.0`	`29.4.5`
typescript	`5.8.3`	`5.9.3`

Updates @modelcontextprotocol/sdk from 1.12.3 to 1.23.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

1.23.0

What's Changed

Migrate to vitest from jest by @mattzcarey in modelcontextprotocol/typescript-sdk#1074

ci: add workflow_dispatch trigger for manual CI runs by @felixweinberger in modelcontextprotocol/typescript-sdk#1114

Fix: @types/node incompatibility with vite warnings on npm install by @KKonstantinov in modelcontextprotocol/typescript-sdk#1121

Fix: clean up accidental spec.types.ts by @KKonstantinov in modelcontextprotocol/typescript-sdk#1122

fix: Pass RequestInit options to auth requests by @dsp-ant in modelcontextprotocol/typescript-sdk#1066

SEP-1036: URL Elicitation by @nbarbettini in modelcontextprotocol/typescript-sdk#1105

add none to test and the router. by @m-henderson in modelcontextprotocol/typescript-sdk#1116

[auth] Adjust scope management to line up with SEP-835 by @pcarleton in modelcontextprotocol/typescript-sdk#1133

chore: add .idea/ to .gitignore by @maxisbey in modelcontextprotocol/typescript-sdk#1134

chore: remove unused @types/eslint__js dependency by @mattzcarey in modelcontextprotocol/typescript-sdk#1128

feat: url based client metadata registration (SEP 991) by @mattzcarey in modelcontextprotocol/typescript-sdk#1127

feat: zod v4 with backwards compatibility for v3.25+ by @dclark27 in modelcontextprotocol/typescript-sdk#1040

fix: remove pnpm lock and regenerate package-lock by @mattzcarey in modelcontextprotocol/typescript-sdk#1138

docs: update installation instructions for zod peer dependency by @mattzcarey in modelcontextprotocol/typescript-sdk#1139

Implement SEP-1577 - Sampling With Tools by @ochafik in modelcontextprotocol/typescript-sdk#1101

Follow up: unify v3 and v4 zod types via describe matrix and a test helper by @KKonstantinov in modelcontextprotocol/typescript-sdk#1141

chore: Add deprecated marker to old elicitInput overload by @nbarbettini in modelcontextprotocol/typescript-sdk#1142

fix: Connect error in URL elicitation example by @nbarbettini in modelcontextprotocol/typescript-sdk#1136

Support upscoping on insufficient_scope 403 by @Nayana-Parameswarappa in modelcontextprotocol/typescript-sdk#1115

Support beta releases by publishing with --tag beta by @felixweinberger in modelcontextprotocol/typescript-sdk#1146

Bump version to 1.23.0-beta.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1147

SEP-1613: use.catchall() on inputSchema/outputSchema to support JSON Schema 2020-12 by @felixweinberger in modelcontextprotocol/typescript-sdk#1135

sampling: validate tools, tool_use, tool_result constraints by @ochafik in modelcontextprotocol/typescript-sdk#1156

fix: React to upstream RC schema changes for form mode elicitation requests by @felixweinberger in modelcontextprotocol/typescript-sdk#1164

feat: implement SEP-1699 SSE polling via server-side disconnect by @felixweinberger in modelcontextprotocol/typescript-sdk#1129

chore: bump package number for release by @felixweinberger in modelcontextprotocol/typescript-sdk#1170

New Contributors

@nbarbettini made their first contribution in modelcontextprotocol/typescript-sdk#1105

@m-henderson made their first contribution in modelcontextprotocol/typescript-sdk#1116

@maxisbey made their first contribution in modelcontextprotocol/typescript-sdk#1134

@dclark27 made their first contribution in modelcontextprotocol/typescript-sdk#1040

@Nayana-Parameswarappa made their first contribution in modelcontextprotocol/typescript-sdk#1115

Full Changelog: modelcontextprotocol/typescript-sdk@1.22.0...1.23.0

1.23.0-beta.0

Special Note: zod v4

This beta release adds support for zod v4, a highly requested addition.

Special thanks to @dclark27 @colinhacks for all the work on modelcontextprotocol/typescript-sdk#1040 which adds this support while staying backwards compatible with zod v3!

NOTE: if you run into any issues with zod v4 in this SDK please raise an issue! We'll be monitoring actively for any issues while trying to use zod v4 as it's a highly anticipated update. In order to make this upgrade possible we needed to also require v3.25+ for zod v3. You may need to update your version of zod v3 if you've been using an older one. We're also making this a beta release while we get initial feedback on the update here.

What's Changed

Migrate to vitest from jest by @mattzcarey in modelcontextprotocol/typescript-sdk#1074

ci: add workflow_dispatch trigger for manual CI runs by @felixweinberger in modelcontextprotocol/typescript-sdk#1114

Fix: @types/node incompatibility with vite warnings on npm install by @KKonstantinov in modelcontextprotocol/typescript-sdk#1121

... (truncated)

Commits

e6c71bb chore: bump package number for release (#1170)
3c50d07 feat: implement SEP-1699 SSE polling via server-side disconnect (#1129)
b59a2bd fix: React to upstream RC schema changes for form mode elicitation requests (...
2a55dfd sampling: validate tools, tool_use, tool_result constraints (#1156)
41c6b35 SEP-1613: use.catchall() on inputSchema/outputSchema to support JSON Schema...
0c1cbf0 Bump version to 1.23.0-beta.0 (#1147)
33229a4 Support beta releases by publishing with --tag beta (#1146)
3485a06 Support upscoping on insufficient_scope 403 (#1115)
fc4a6ec fix: Connect error in URL elicitation example (#1136)
9df0972 chore: Add deprecated marker to old elicitInput overload (#1142)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @modelcontextprotocol/sdk since your current version.

Updates @octokit/rest from 22.0.0 to 22.0.1

Release notes

Sourced from @octokit/rest's releases.

v22.0.1

22.0.1 (2025-10-31)

Bug Fixes

deps: update octokit monorepo (major) (#538) (ded2f17)

Commits

daa3ec9 ci(action): update actions/setup-node action to v6 (#534)
1dec0c7 ci(action): update peter-evans/create-or-update-comment action to v5 (#531)
ded2f17 fix(deps): update octokit monorepo (major) (#538)
0e0eaea chore(deps): update dependency @types/node to v24 (#537)
c04acc8 chore(deps): update vitest monorepo to v4 (major) (#536)
e6dd306 chore(deps): update dependency undici to v7 (#474)
5f380d0 build(deps-dev): Bump form-data from 4.0.2 to 4.0.4 in /docs (#520)
dc6827d build(deps-dev): Bump tar-fs from 2.1.2 to 2.1.3 in /docs (#516)
See full diff in compare view

Updates dotenv from 16.5.0 to 17.2.3

Changelog

Sourced from dotenv's changelog.

17.2.3 (2025-09-29)

Changed

Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)

Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})
# .env
DOTENV_CONFIG_QUIET=true
HELLO="World"
// index.js
require('dotenv').config()
console.log(`Hello ${process.env.HELLO}`)
$ node index.js
Hello World
or
$ DOTENV_CONFIG_QUIET=true node index.js
17.1.0 (2025-07-07)

Added

Add additional security and configuration tips to the runtime log (#884)

Dim the tips text from the main injection information text

... (truncated)

Commits

affe113 17.2.3
db1ff1f changelog 🪵
7063f16 Merge pull request #913 from motdotla/new-tips
0bbe72c test against expected tips
017951b only run .js tests
39eda1f add space back
fcc030e update tips
b6c7a0d updated tips - as Dotenvx Radar has been renamed Dotenvx Ops
b3c8b16 remove unnecessary call to npx
d6e4c17 Merge pull request #912 from adjerbetian/fix/typescript-error-definition
Additional commits viewable in compare view

Updates express from 5.1.0 to 5.2.0

Release notes

Sourced from express's releases.

v5.2.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in expressjs/express#6429

Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in expressjs/express#6137

increased code coverage of utils.js file by @ashish3011 in expressjs/express#6386

chore: remove duplicate word by @dufucun in expressjs/express#6456

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in expressjs/express#6498

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/express#6497

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/express#6496

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6504

ci: update codeql config by @Phillip9587 in expressjs/express#6488

chore: wider range for query test skip by @jonchurch in expressjs/express#6512

chore: fix typos in test by @noritaka1166 in expressjs/express#6535

ci: disable credential persistence for checkout actions by @mertssmnoglu in expressjs/express#6522

ci: allow manual triggering of workflow by @shivarm in expressjs/express#6515

test: add coverage for app.listen() variants by @kgarg1 in expressjs/express#6476

docs: move documentation and charters to the discussions and .github … by @bjohansebas in expressjs/express#6427

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/express#6549

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/express#6548

chore: enforce explicit Buffer import and add lint rule by @shivarm in expressjs/express#6525

chore: use node protocol for querystring by @shivarm in expressjs/express#6520

chore: fix typo by @mountdisk in expressjs/express#6609

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/express#6618

add deprecation warnings for redirect arguments undefined by @bjohansebas in expressjs/express#6405

ci: run CI when the markdown changes by @bjohansebas in expressjs/express#6632

doc: fix CONTRIBUTING link by @jonchurch in expressjs/express#6653

doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in expressjs/express#6601

build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in expressjs/express#6679

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in expressjs/express#6678

lint: add --fix flag to automatic fix linting issue by @shivarm in expressjs/express#6644

chore: ignore yarn.lock file and update example by @shivarm in expressjs/express#6588

lib: use req.socket over deprecated req.connection by @bjohansebas in expressjs/express#6705

doc: update express app example by @shivarm in expressjs/express#6718

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/express#6675

Remove history.md from being packaged on publish by @sheplu in expressjs/express#6780

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in expressjs/express#6797

build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in expressjs/express#6796

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in expressjs/express#6795

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in expressjs/express#6794

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in expressjs/express#6793

ci: add node.js 25 to test matrix by @Phillip9587 in expressjs/express#6843

build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in expressjs/express#6871

build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @dependabot[bot] in expressjs/express#6870

build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by @dependabot[bot] in expressjs/express#6869

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/express#6868

... (truncated)

Changelog

Sourced from express's changelog.

5.2.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: body-parser@^2.2.1

A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

Commits

4007ad1 Release: 5.2.0 (#6920)
2f64f68 sec: security patch for CVE-2024-51999
ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
758d435 deps: body-parser@^2.2.1 (#6922)
77bcd52 docs: update emeritus triagers (#6890)
f33caf1 Nominate to @efekrskl for triage team (#6888)
54af593 refactor: use cached slice in app.listen (#6897)
2551a7d docs: switch badges from badgen.net to shields.io (#6900)
Additional commits viewable in compare view

Updates @types/express from 5.0.3 to 5.0.5

Commits

See full diff in compare view

Updates glob from 11.0.3 to 13.0.0

Changelog

Sourced from glob's changelog.

changeglob

13

Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)

Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.

Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

Drop support for node before v20

10.4

Add includeChildMatches: false option

Export the Ignore class

10.3

Add --default -p flag to provide a default pattern

exclude symbolic links to directories when follow and nodir are both set

10.2

Add glob cli

10.1

Return '.' instead of the empty string '' when the current working directory is returned as a match.

Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

3bfb960 13.0.0
db31a63 Split the CLI out from the main project
5493458 ci: remove node 20
3f7526c test: fix bin tests on windows (slashes)
2b03cca 12.0.0
d56203d prettier config
bb521e5 Remove --shell option where unsafe to use
2551fb5 11.1.0
47473c0 bin: Do not expose filenames to shell expansion
bc33fe1 skip tilde test on systems that lack tilde expansion
Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates octokit from 5.0.3 to 5.0.5

Release notes

Sourced from octokit's releases.

v5.0.5

5.0.5 (2025-10-31)

Bug Fixes

deps: update octokit monorepo (major) (#2903) (45c56ff)

v5.0.4

5.0.4 (2025-10-17)

Bug Fixes

deps: update dependency @octokit/types to v15 (#2880) (b84c9d4)

Commits

45c56ff fix(deps): update octokit monorepo (major) (#2903)
823c506 chore(deps): update vitest monorepo to v4 (major) (#2900)
768ac1b build(deps): lock file maintenance (#2899)
dcca43c chore(deps): update dependency @types/node to v24 (#2901)
d1ddfe8 ci(action): update peter-evans/create-or-update-comment action to v5 (#2889)
791d318 chore(deps): update dependency prettier to v3.6.2 (#2863)
362cce8 build(deps): lock file maintenance (#2861)
b84c9d4 fix(deps): update dependency @octokit/types to v15 (#2880)
011e821 ci(action): update github/codeql-action action to v4 (#2891)
93055b6 ci(action): update actions/setup-node action to v6 (#2895)
Additional commits viewable in compare view

Updates simple-git from 3.28.0 to 3.30.0

Release notes

Sourced from simple-git's releases.

simple-git@3.30.0

Minor Changes

bc77774: Correctly identify current branch name when using git.status in a cloned empty repo.

Previously git.status would report the current branch name as No. Thank you to @MaddyGuthridge for identifying this issue.

Changelog

Sourced from simple-git's changelog.

3.30.0

Minor Changes

bc77774: Correctly identify current branch name when using git.status in a cloned empty repo.

Previously git.status would report the current branch name as No. Thank you to @MaddyGuthridge for identifying this issue.

3.29.0

Minor Changes

240ec64: Support for absolute paths on Windows when using git.checkIngore, previously Windows would report paths with duplicate separators \\\\ between directories.

Following this change all paths returned from git.checkIgnore will be normalized through node:path, this should have no impact on non-windows users where the git binary doesn't wrap absolute paths with quotes.

Thanks to @Maxim-Mazurok for reporting this issue.

9872f84: Support the use of git.branch(['--show-current']) to limit the branch list to only the current branch.

Thanks to @peterbe for pointing out the use-case.

5736bd8: Change to biome for lint and format

Commits

9dd70fd Version Packages
bc77774 Update the regular expression for empty branches to respect empty local branc...
0b326b4 Version Packages
240ec64 Add test for absolute paths in checkIgnore (#1085)
d232dc5 File path formatting for checkIgnore running on Windows (#1084)
9872f84 Feat/1074 branch show current (#1083)
5736bd8 Chore/biome (#1064)
See full diff in compare view

Updates zod from 3.25.64 to 4.1.13

Release notes

Sourced from zod's releases.

v4.1.13

Commits:

5c2602ceb8be8941c64bbe5ac7d92cc174ae6f7e Update AI widget (#5318)

d3da530deb713c853e79405adddf770e156d50ac reflect the specified regex correctly in error (#5338)

39f8c45b8a29de2330b485862b83cb35849f4238 faster initialization (#5352)

e9e27905cc0f37cb079ea473af8359d5e17a57a1 Clean up comment

8e4739fadbd7de710eb67d34ba7e06a1029a68ab Update inferred z.promise() type

2849df8907b011ab056d67ae8e3d27577ac4ed3e fix(locales): improve Dutch (nl) localization (#5367)

b0d3c9f628b60d358b66acf8f0ef7937fc9e8950 Run tests on windows

6fd61b71b85e4fef4c168a46c3ebcc574f26255f feat unitest (#5358)

a4e4bc80e204577c698cf1369dd63c2b986d35f3 Lock to node 24

8de8bad0fa84194b81efd32474462d7a236a1ee4 Fix windows build

b2c186bbae3a74a12acd385c1ced3ed978235cf8 Use Node LTS

b73b1f61c798efdf497852872b4c19cd4111c1f3 Consolidate isTransforming logic

d85f3ea4da53a1b232017dd4e4a2874eca4d8d76 Fix #5353

1bac0f37b529eb9a0d833a01200f5a898e8e6220 Fix test.yml

86d4dad5bc27b4b35df533c9170a552ad8c6c3bc Fix partial record

5e6c0fd7471636feffe5763c9b7637879da459fe Fix attw on windows

27fc616b8edb93cc27a4d25b37479d6e418bbccf Extend test timeout

8d336c4d15e1917d78b67b890f7182f26633b56f Remove windows runner

5be72e0ef4dceb1387febb7981079ecdeb5e2817 chore(doc): update metadata.tsx (#5331)

cb0272a0ad9962df95832a78587f54afec685351 docs: add 'cd zod' step to development setup instructions (#5394)

24e3325dc63010e4f74e23caf91199652e8b12a9 docs: replace 'Refinement' with 'Transform' in transforms section (#5397)

644a08203ebb00e23484b3f9a986ae783ce26a9a chore: add resource for validating environment variables with Zod (#5403)

5e1cfcf578a47527044e85455e79c907fd913adc Change doc for email validation method in Zod schema (#5392)

88cf9441448608d9de24b47b8a4a4ba879fc2433 Fix: Iterate over keys in catchall object using "in" operator. (#5376)

aa437325c5957c0cf57667cd7b8568603ee7ecd3 Emphasise that enum validates against values, for object literal & enums (#5386)

3a4bd00aaa16276ffeb2708cc083a633bd4dd756 Improve Hebrew localization for Zod error messages (#5409)

c10f9d109874aeca6855383616c086b077d39f89 Fix typos (#5420)

86f0ef918bb24f4ab9f1ce2afc5cf2d1a4a99473 Documentation Improvements (#5417)

e120a4877f4d8d076abf2db5c5cceab91a046be9 Fix opt tuple

f9bbb50c48f9c07ca869d28d6a7086d7290b97a3 Improve tuple

0ba0f348f677688b69ed78473e022f5d225b41fc Optimize docs caching/ISR (#5433)

c3ec66c74b3fbc2616e880a90751c2cad7270bb3 Improve docs caching

c8cce4b607a7c0ca99cfb454571a3948ee9e85fb docs: fix typos and links (#5428)

84ec04708525d6e83e3408d5d3a21edde742bdc5 docs(ecosystem): Add react-f3 (#5429)

3396515cc6f04f5f346a1e00256ad09998dbaeb3 Docs: Fix typo in safeExtend description (#5445)

3d93a7d593c19dc1822bc96a7c9d47312c29995e feat: MAC address validation in v4 and mini (#5440)

f2f0d178e1c526bc00ad0385706efad318bd44b0 Fix dual package hazard for globalRegistry (#5452)

9fc493f86f17a5fc550df78e7e261137885f51ea fix: use oneOf for discriminated unions in JSON Schema (#5453)

603dbe8dba6253c702ca8cf10b5299910dba3c88 Clean up regex, drop backreferences

ab69b9ee813713a111b56a60c2df929eaf5ba426 Update mac addr tests

f7910528901c05293bad275fffcb54a82e28fcc9 chore: upgrade vitest to v4 (#5028)

f97e80da9197064937a58167619967bee4ebb638 fix(core): prevent infinite recursion for recursive tuples (#5089) (#5094)

002e01ad0fcc17b17683adafc80f2a86e8d355a9 fix(record): handle non-function constructor field in isPlainObject (#5098)

67165174eb8c7d5c6e76e760830f3109b4fdbd0e docs(contributing): add instructions on building @zod/docs (#5114)

8b0603dde684f1665bb2329111ed187f73ccf0ac Fix typo in ISO time documentation (#5277)

be85ecc48a83e7f65ac0458d25f832fb4e28c9e7 docs(codecs): correct stringToDate safeDecode methods (#5302)

50bba5462546401939920a6566a81c0d9c8ef7e1 Add zodgres to ecosystem documentation (#5308)

... (truncated)

Commits

4063e80 Update check-semver script
2cdd82b 4.1.13
a774750 v4.1.13
0e803a2 Revert "Do not allow unsound pick/omit"
5bfc8f2 Fix docs
3de39ee Implement slugify
162fe29 Add z.meta and z.describe
0f4ce73 Do not allow unsound pick/omit
f52344e Fix vitest 4
d44253d Add support for number literal and TypeScript's enum keys in z.record (#5334)
Additional commits viewable in compare view

Updates @biomejs/biome from 1.9.4 to 2.3.8

Release notes

Sourced from @biomejs/biome's releases.

Biome CLI v2.3.8

2.3.8

Patch Changes
#8188 4ca088c Thanks @ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.
#8171 79adaea Thanks @dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

For example, the following code triggers the rule because the component would render 0:
const Component = () => {
  const count = 0;
  return <div>{count && <span>Count: {count}</span>}</div>;
};
#8116 b537918 Thanks @Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.

Invalid:
<div {...props} something="else" {...props} />
#8256 f1e4696 Thanks @cormacrelf! - Fixed a bug where logs were discarded (the kind from --log-level=info etc.). This is a regression introduced after an internal refactor that wasn't adequately tested.

#8226 3f19b52 Thanks @dyc3! - Fixed #8222: The HTML parser, with Vue directives enabled, can now parse v-slot shorthand syntax, e.g. \<template #foo>.

#8007 182ecdc Thanks @brandonmcconnell! - Added support for dollar-sign-prefixed filenames in the useFilenamingConvention rule.

Biome now allows filenames starting with the dollar-sign (e.g. $postId.tsx) by default to support naming conventions used by frameworks such as TanStack Start for file-based-routing.
#8218 91484d1 Thanks @hirokiokada77! - Added the noMultiStr rule, which disallows creating multiline strings by escaping newlines.

Invalid:
const foo =
  "Line 1\n\
Line 2";
Valid:

... (truncated)

Changelog

Sourced from @biomejs/biome's changelog.

2.3.8

Patch Changes
#8188 4ca088c Thanks @ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.
#8171 79adaea Thanks @dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

For example, the following code triggers the rule because the component would render 0:
const Component = () => {
  const count = 0;
  return <div>{count && <span>Count: {count}</span>}</div>;
};
#8116 b537918 Thanks @Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.
<...
Description has been truncated

Bumps the all-dependencies group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.12.3` | `1.23.0` | | [@octokit/rest](https://github.com/octokit/rest.js) | `22.0.0` | `22.0.1` | | [dotenv](https://github.com/motdotla/dotenv) | `16.5.0` | `17.2.3` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.0` | | [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `5.0.3` | `5.0.5` | | [glob](https://github.com/isaacs/node-glob) | `11.0.3` | `13.0.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [octokit](https://github.com/octokit/octokit.js) | `5.0.3` | `5.0.5` | | [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.30.0` | | [zod](https://github.com/colinhacks/zod) | `3.25.64` | `4.1.13` | | [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `1.9.4` | `2.3.8` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.0.3` | `24.10.1` | | [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.0.0` | `30.2.0` | | [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.0` | `29.4.5` | | [typescript](https://github.com/microsoft/TypeScript) | `5.8.3` | `5.9.3` | Updates `@modelcontextprotocol/sdk` from 1.12.3 to 1.23.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.12.3...1.23.0) Updates `@octokit/rest` from 22.0.0 to 22.0.1 - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v22.0.0...v22.0.1) Updates `dotenv` from 16.5.0 to 17.2.3 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v16.5.0...v17.2.3) Updates `express` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v5.1.0...v5.2.0) Updates `@types/express` from 5.0.3 to 5.0.5 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `glob` from 11.0.3 to 13.0.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v11.0.3...v13.0.0) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `octokit` from 5.0.3 to 5.0.5 - [Release notes](https://github.com/octokit/octokit.js/releases) - [Commits](octokit/octokit.js@v5.0.3...v5.0.5) Updates `simple-git` from 3.28.0 to 3.30.0 - [Release notes](https://github.com/steveukx/git-js/releases) - [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md) - [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.30.0/simple-git) Updates `zod` from 3.25.64 to 4.1.13 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v3.25.64...v4.1.13) Updates `@biomejs/biome` from 1.9.4 to 2.3.8 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.3.8/packages/@biomejs/biome) Updates `@types/express` from 5.0.3 to 5.0.5 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `@types/node` from 24.0.3 to 24.10.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `jest` from 30.0.0 to 30.2.0 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.2.0/packages/jest) Updates `ts-jest` from 29.4.0 to 29.4.5 - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md) - [Commits](kulshekhar/ts-jest@v29.4.0...v29.4.5) Updates `typescript` from 5.8.3 to 5.9.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.8.3...v5.9.3) --- updated-dependencies: - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: "@octokit/rest" dependency-version: 22.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: dotenv dependency-version: 17.2.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: express dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: "@types/express" dependency-version: 5.0.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: glob dependency-version: 13.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: octokit dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: simple-git dependency-version: 3.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: zod dependency-version: 4.1.13 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: "@biomejs/biome" dependency-version: 2.3.8 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: "@types/express" dependency-version: 5.0.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: "@types/node" dependency-version: 24.10.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: jest dependency-version: 30.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: ts-jest dependency-version: 29.4.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: typescript dependency-version: 5.9.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 1, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the all-dependencies group across 1 directory with 15 updates #43

Bump the all-dependencies group across 1 directory with 15 updates #43

Uh oh!

dependabot bot commented on behalf of github Dec 1, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the all-dependencies group across 1 directory with 15 updates #43

Are you sure you want to change the base?

Bump the all-dependencies group across 1 directory with 15 updates #43

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

1.23.0

What's Changed

New Contributors

1.23.0-beta.0

Special Note: zod v4

What's Changed

v22.0.1

22.0.1 (2025-10-31)

Bug Fixes

17.2.3 (2025-09-29)

Changed

17.2.2 (2025-09-02)

Added

17.2.1 (2025-07-24)

Changed

17.2.0 (2025-07-09)

Added

17.1.0 (2025-07-07)

Added

v5.2.0

Important: Security

What's Changed

5.2.0 / 2025-12-01

changeglob

13

12

11.1

11.0

10.4

10.3

10.2

10.1

[4.1.1] - 2025-11-12

Security

v5.0.5

5.0.5 (2025-10-31)

Bug Fixes

v5.0.4

5.0.4 (2025-10-17)

Bug Fixes

simple-git@3.30.0

Minor Changes

3.30.0

Minor Changes

3.29.0

Minor Changes

v4.1.13

Commits:

Biome CLI v2.3.8

2.3.8

Patch Changes

2.3.8

Patch Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Dec 1, 2025 •

edited

Loading