chore(deps): bump the patch-updates group across 1 directory with 10 updates

[dependabot]

Bumps the patch-updates group with 10 updates in the / directory:

Package	From	To
@hono/node-server	1.19.9	1.19.12
eslint-plugin-import-x	4.16.1	4.16.2
ts-jest	29.4.6	29.4.9
mongodb	7.1.0	7.1.1
sql.js	1.14.0	1.14.1
@types/sql.js	1.4.9	1.4.11
handlebars	4.7.8	4.7.9
fumadocs-mdx	14.2.9	14.2.11
fumadocs-twoslash	3.1.14	3.1.15
postcss	8.5.6	8.5.8

Updates @hono/node-server from 1.19.9 to 1.19.12

Release notes

Sourced from @​hono/node-server's releases.

v1.19.12

What's Changed

• chore: ignore claude setting by @​yusukebe in honojs/node-server#314
• fix: request draining for early 413 responses by @​usualoma in honojs/node-server#329

Full Changelog: honojs/node-server@v1.19.11...v1.19.12

v1.19.11

What's Changed

• fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @​usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

Commits

• 6cdb5a7 1.19.12
• 70250f7 fix: request draining for early 413 responses (#329)
• cfc08b3 chore: ignore claude setting (#314)
• ecd4d6b 1.19.11
• c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
• 2f8ca36 1.19.10
• 455015b Merge commit from fork
• cc05c48 chore: add benchmark for comparing with npm and local (dev) (#305)
• 58c4412 chore: Adding LICENSE file with MIT license referenced in README.md (#297)
• b1daa4c docs(readme): add @​usualoma as an author (#300)
• See full diff in compare view

Updates eslint-plugin-import-x from 4.16.1 to 4.16.2

Release notes

Sourced from eslint-plugin-import-x's releases.

v4.16.2

Patch Changes

• #457 1da4043 Thanks @​SukkaW! - Make the no-unused-modules rule no-op on ESLint 10 or later for now before we can implement an alternative. A warning message about this behavior is added, and can be suppressed with the new suppressMissingFileEnumeratorAPIWarning rule option (import-x/no-unused-modules: ['error', { suppressMissingFileEnumeratorAPIWarning: true }]).

• #450 a51be0f Thanks @​andrewgaun! - fix(deps): Bumping minimatch 10 version to avoid dependency with a critical vulnerability

  Updating the minimum minimatch 10 version to 10.1.2 which updates a dependency (@​isaacs/brace-expansion) with a critical vulnerability. See GHSA-7h2j-956f-4vf2

• #466 b669aca Thanks @​SukkaW! - Make eslint-plugin-import-x compatible with ESLint's defineConfig

• #434 a3aae61 Thanks @​stepankuzmin! - fix(deps): replace type-fest with @​package-json/types

  PackageJson types are imported in published declaration files (lib/rules/no-extraneous-dependencies.d.ts and lib/utils/read-pkg-up.d.ts), which causes TypeScript compilation errors for consumers who don't have skipLibCheck enabled. Replacing type-fest with the smaller @​package-json/types package ensures the types are available to all consumers while reducing bundle size.

• #458 60312ee Thanks @​SukkaW! - Bump peer deps version range to include ESLint 10 support

• #443 b416a8a Thanks @​baevm! - consistent-type-specifier-style: Add exception for TS resolution-mode import attributes

• #454 d3f8d67 Thanks @​SukkaW! - First step toward ESLint 10 support:

  • sourceType determination now prefers context.languageOptions when possible
  • Ensure context.parserOptions no longer results in crashes with ESLint 10
  • Merge getParser and getParserPath implementations into one getParserOrPath

• #406 d0a7816 Thanks @​marcalexiei! - fix(package): remove config and rules exports pointing to empty files

Changelog

Sourced from eslint-plugin-import-x's changelog.

4.16.2

Patch Changes

• #457 1da4043 Thanks @​SukkaW! - Make the no-unused-modules rule no-op on ESLint 10 or later for now before we can implement an alternative. A warning message about this behavior is added, and can be suppressed with the new suppressMissingFileEnumeratorAPIWarning rule option (import-x/no-unused-modules: ['error', { suppressMissingFileEnumeratorAPIWarning: true }]).

• #450 a51be0f Thanks @​andrewgaun! - fix(deps): Bumping minimatch 10 version to avoid dependency with a critical vulnerability

  Updating the minimum minimatch 10 version to 10.1.2 which updates a dependency (@​isaacs/brace-expansion) with a critical vulnerability. See GHSA-7h2j-956f-4vf2

• #466 b669aca Thanks @​SukkaW! - Make eslint-plugin-import-x compatible with ESLint's defineConfig

• #434 a3aae61 Thanks @​stepankuzmin! - fix(deps): replace type-fest with @​package-json/types

  PackageJson types are imported in published declaration files (lib/rules/no-extraneous-dependencies.d.ts and lib/utils/read-pkg-up.d.ts), which causes TypeScript compilation errors for consumers who don't have skipLibCheck enabled. Replacing type-fest with the smaller @​package-json/types package ensures the types are available to all consumers while reducing bundle size.

• #458 60312ee Thanks @​SukkaW! - Bump peer deps version range to include ESLint 10 support

• #443 b416a8a Thanks @​baevm! - consistent-type-specifier-style: Add exception for TS resolution-mode import attributes

• #454 d3f8d67 Thanks @​SukkaW! - First step toward ESLint 10 support:

  • sourceType determination now prefers context.languageOptions when possible
  • Ensure context.parserOptions no longer results in crashes with ESLint 10
  • Merge getParser and getParserPath implementations into one getParserOrPath

• #406 d0a7816 Thanks @​marcalexiei! - fix(package): remove config and rules exports pointing to empty files

Commits

• 69ddbba chore: release eslint-plugin-import-x (#407)
• b669aca fix(#421): defineConfig compatible (#466)
• 60312ee chore: prepare for ESLint 10 more (#458)
• 1da4043 refactor: make no-unused-modules no-op on ESLint 10 or later (#457)
• d801fd7 docs: remove SublimeLinter-eslint mention in README (#432)
• 1909953 chore(deps): update dependency minimatch to v9.0.8 [security] (#460)
• b416a8a fix: consistent-type-specifier-style with prefer-inline and TS resolution...
• a51be0f chore(deps): bumping minimatch 10 to 10.1.2 to avoid dependencies with cr...
• d3f8d67 refactor: first step toward ESLint 10 support (#454)
• a3aae61 fix(deps): replace type-fest w/ @package-json/types (#434)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-import-x since your current version.

Updates ts-jest from 29.4.6 to 29.4.9

Release notes

Sourced from ts-jest's releases.

v29.4.9

Please refer to CHANGELOG.md for details.

v29.4.8

No release notes provided.

v29.4.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.7 (2026-04-01)

Features

• support TypeScript v6 (eda517d)

Commits

• bac2e77 chore(release): bump version to 29.4.9
• f8a9cc9 fix: use correct registry for npm OIDC trusted publishing
• e2eec26 fix: npm permissions
• 263f2ac chore: remove npm auth token
• 5df0e45 OIDC
• f82c144 Merge pull request #5250 from kulshekhar/copilot/bump-patch-version
• e6ec5ae Update CHANGELOG.md
• 62c3199 Update CHANGELOG.md
• 052e751 Bump patch version to 29.4.7
• f79e77b Merge pull request #5249 from ext/feature/ts6-peer
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for ts-jest since your current version.

Updates mongodb from 7.1.0 to 7.1.1

Release notes

Sourced from mongodb's releases.

v7.1.1

7.1.1 (2026-03-24)

The MongoDB Node.js team is pleased to announce version 7.1.1 of the mongodb package!

Release Notes

Tighten OIDC ALLOWED_HOSTS wildcard matching

The OIDC ALLOWED_HOSTS wildcard handling has been fixed to require full subdomain/path matches for *. and */ entries, preventing partial suffix matches from being incorrectly accepted.

Fixed TCP keep-alive and no-delay settings not being applied on TLS connections

Due to a Node.js bug, tls.connect() silently ignores keepAlive, keepAliveInitialDelay, and noDelay options passed through its constructor. This could cause idle connections - particularly through cloud load balancers like Azure (240s idle timeout) or AWS PrivateLink/NLB - to be dropped unexpectedly due to missing TCP keep-alive probes.

The driver now explicitly calls setKeepAlive() and setNoDelay() on the socket after creation, ensuring these settings are always applied regardless of whether TLS is used.

Bug Fixes

• NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
• NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

Changelog

Sourced from mongodb's changelog.

7.1.1 (2026-03-23)

Bug Fixes

• NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
• NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

Commits

• 5e4341e chore(v7.1.x): release 7.1.1 (#4895)
• b14ba21 fix(NODE-7482): explicitly call setKeepAlive and setNoDelay on socket (#4900)
• 237c9ab fix(NODE-7477): OIDC host allowlist fix (#4896)
• fa11559 ci(NODE-7489): pin npm to 11.11.1 for BSON compat tasks (#4901)
• 66e5cd6 chore(NODE-7480): fix ci issues on release branch (#4899)
• 639e17c chore(NODE-7476): added release-7.1 config
• See full diff in compare view

Updates sql.js from 1.14.0 to 1.14.1

Commits

• 8088a68 Fix browser bundle (#625)
• ee29605 Update devcontainer + migrate linting to ESLint 10 (#623)
• d58d741 sqlite 3.45.2 (#581)
• See full diff in compare view

Updates @types/sql.js from 1.4.9 to 1.4.11

Commits

• See full diff in compare view

Updates @types/sql.js from 1.4.9 to 1.4.11

Commits

• See full diff in compare view

Updates handlebars from 4.7.8 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5
  • GHSA-2w6w-674q-4c4q
  • GHSA-3mfm-83xf-c92r
  • GHSA-xhpv-hc6g-r9c6
  • GHSA-xjpj-3mr7-gcpf
  • GHSA-9cx6-37pm-9jff
  • GHSA-2qvq-rjwj-gvw9
  • GHSA-7rx3-28cr-v5wh
  • GHSA-442j-39wm-28r2

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5

Commits

Commits

• dce542c v4.7.9
• 8a41389 Update release notes
• 68d8df5 Fix security issues
• b2a0831 Fix browser tests
• 9f98c16 Fix release script
• 45443b4 Revert "Improve partial indenting performance"
• 8841a5f Fix CI errors with linting
• e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
• e914d60 Improve rendering performance
• 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
• Additional commits viewable in compare view

Updates fumadocs-mdx from 14.2.9 to 14.2.11

Release notes

Sourced from fumadocs-mdx's releases.

fumadocs-mdx@14.2.11

Patch Changes

• 3144149: Fix dynamic index generation so generated dynamic.ts imports node:path and passes lazy entries to create.doc() / create.docs() as arrays.
• Updated dependencies [f45d703]
• Updated dependencies [45aa454]
  • fumadocs-core@16.7.0

fumadocs-mdx@14.2.10

Patch Changes

• c2678c0: Improve llms.txt generation via remark-llms plugin
• Updated dependencies [c2678c0]
• Updated dependencies [417f07a]
• Updated dependencies [bb07706]
• Updated dependencies [f065406]
  • fumadocs-core@16.6.17

Commits

• faf02ff Chore: Bump deps
• b38168d Version Packages
• 0ddaa8a CLI: Preserve layout imports for slots
• 42bf43e OpenAPI: Implement newer JSON Schema spec $ref resolution behaviour
• 8c6fe9c Docs: rename sidebar tabs to layout tabs
• 4fd51b7 UI: migrate Base UI
• 67d6855 Docs: migrate
• 0c3eda7 UI: clean code
• 875d88a UI: forward hooks via slots
• 484da08 UI: introduce slots system
• Additional commits viewable in compare view

Updates fumadocs-twoslash from 3.1.14 to 3.1.15

Release notes

Sourced from fumadocs-twoslash's releases.

fumadocs-twoslash@3.1.15

Patch Changes

• da50bc3: Force default options for TypeScript 6

Commits

• e3b92af Merge pull request #3175 from fuma-nama/changeset-release/dev
• da50bc3 Twoslash: Force default options for TypeScript 6
• afec71e Version Packages (#3173)
• bae9584 Templates: improve scrollbar-gutter & react-remove-scroll
• b9dd611 OpenAPI: Improve pre-render layout shift
• f580ef6 Core & UI: Fix deserialized page tree item name styles
• f3dd4fb Merge pull request #3172 from fuma-nama/changeset-release/dev
• 1a84b96 CLI: fix default config cwd generation
• b6db514 Version Packages (#3168)
• f7e69a6 UI: Redesign sidebar footer
• Additional commits viewable in compare view

Updates postcss from 8.5.6 to 8.5.8

Release notes

Sourced from postcss's releases.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

• 65de537 Release 8.5.8 version
• b2c6d97 Run git hook register
• 0ae0a49 Update Processor#version
• 6ee9f14 Release 8.5.7 version
• 3fbc951 Fix uvu Node.js 25 support
• 52db53e Update dependencies
• 497daef Speed up source map annotation cleaning by moving from RegExp
• 41e739a Remove banner
• 1329142 chore: speed up space-only string check in lib/parser.js (#2064)
• 23beff9 Update dependencies
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
objectos	Ready	Preview, Comment	Apr 6, 2026 2:26am
objectos-demo	Error		Apr 6, 2026 2:26am