📦 Update onduty packages (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@google-cloud/functions-framework	3.4.2 -> 4.0.0
@octokit/rest	20.1.1 -> 22.0.0
@types/express (source)	4.17.21 -> 5.0.3
@types/jest (source)	29.5.14 -> 30.0.0
@types/node (source)	20.17.9 -> 22.18.0
dotenv	16.4.7 -> 17.2.1
jest (source)	29.7.0 -> 30.1.1

See all other Renovate PRs on the Dependency Dashboard

---

Release Notes

GoogleCloudPlatform/functions-framework-nodejs (@​google-cloud/functions-framework)

v4.0.0

Compare Source

⚠ BREAKING CHANGES

• upgrade all dependencies
• delete the undocumented "typed" function signature
• drop support for old nodejs versions

Bug Fixes

• delete the undocumented "typed" function signature (c0714e7)

Miscellaneous Chores

• drop support for old nodejs versions (c0714e7)
• upgrade all dependencies (c0714e7)

v3.5.1

Compare Source

Bug Fixes

• correct handling of IGNORED_ROUTES set to empty (4799207)

v3.5.0

Compare Source

Features

• adds a new ignored-routes config option (70f68e9)

Bug Fixes

• deps: downgrade @​types/express to v4 (d40a514)

v3.4.6

Compare Source

Bug Fixes

• remove logger.errorHandler. (#​676) (a5394d5)

v3.4.5

Compare Source

Bug Fixes

• fix trace context pattern, remove trace id and respect logging span id field. (#​667) (0fb00a5)

v3.4.4

Compare Source

Bug Fixes

• do not call render in the errorHandler (#​665) (9206893)

v3.4.3

Compare Source

Bug Fixes

• Fix typings for functions.cloudEvent to include callback. (#​631) (47cd4c6)

octokit/rest.js (@​octokit/rest)

v22.0.0

Compare Source

Bug Fixes

• deps: update octokit monorepo (major) (#​504) (77530ab)

BREAKING CHANGES

• deps: Drop support for NodeJS v18
• deps: Remove deprecated Projects endpoints
• deps: Remove deprecated Copilot usage metrics endpoints

v21.1.1

Compare Source

Bug Fixes

• deps: update Octokit dependencies to mitigate ReDos [security] (#​484) (ca256c3)

v21.1.0

Compare Source

Features

• new endpoints, bump Octokit deps to fix Deno (#​477) (908b1c8)

v21.0.2

Compare Source

Bug Fixes

• docs: update to react 18 and latest gatsby deps (#​462) (9a80f06), closes #​216 #​230 #​460

v21.0.1

Compare Source

Bug Fixes

• update deps (#​456) (93d5afb)

v21.0.0

Compare Source

Features

• v21 (#​413) (12b6c65)

BREAKING CHANGES

• package is now ESM

v20.1.2

Compare Source

Bug Fixes

• deps: bump Octokit dependencies to address ReDos vulnerabilities, bump devDependencies (#​487) (711f2ee), closes #​486

motdotla/dotenv (dotenv)

v17.2.1

Compare Source

Changed

• Fix clickable tip links by removing parentheses (#​897)

v17.2.0

Compare Source

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#​889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

v17.1.0

Compare Source

Added

• Add additional security and configuration tips to the runtime log (#​884)
• Dim the tips text from the main injection information text

const TIPS = [
  '🔐 encrypt with dotenvx: https://dotenvx.com',
  '🔐 prevent committing .env to code: https://dotenvx.com/precommit',
  '🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
  '🛠️  run anywhere with `dotenvx run -- yourcommand`',
  '⚙️  specify custom .env file path with { path: \'/custom/path/.env\' }',
  '⚙️  enable debug logging with { debug: true }',
  '⚙️  override existing env vars with { override: true }',
  '⚙️  suppress all logs with { quiet: true }',
  '⚙️  write to custom object with { processEnv: myObject }',
  '⚙️  load multiple .env files with { path: [\'.env.local\', \'.env\'] }'
]

v17.0.1

Compare Source

Changed

• Patched injected log to count only populated/set keys to process.env (#​879)

v17.0.0

Compare Source

Changed

• Default quiet to false - informational (file and keys count) runtime log message shows by default (#​875)

v16.6.1

Compare Source

Changed

• Default quiet to true – hiding the runtime log message (#​874)
• NOTICE: 17.0.0 will be released with quiet defaulting to false. Use config({ quiet: true }) to suppress.
• And check out the new dotenvx. As coding workflows evolve and agents increasingly handle secrets, encrypted .env files offer a much safer way to deploy both agents and code together with secure secrets. Simply switch require('dotenv').config() for require('@​dotenvx/dotenvx').config().

v16.6.0

Compare Source

Added

• Default log helpful message [[email protected]] injecting env (1) from .env (#​870)
• Use { quiet: true } to suppress
• Aligns dotenv more closely with dotenvx.

v16.5.0

Compare Source

Added

• 🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP]
Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM.
Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

• Remove _log method. Use _debug #​862

jestjs/jest (jest)

v30.1.1

Compare Source

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#​15800)

v30.1.0

Compare Source

v30.0.5

Compare Source

v30.0.4

Compare Source

Features

• [expect] The Inverse type is now exported (#​15714)
• [expect] feat: support async functions in toBe (#​15704)

Fixes

• [jest] jest --onlyFailures --listTests now correctly lists only failed tests (#​15700)
• [jest-snapshot] Handle line endings in snapshots (#​15708)

v30.0.3

Compare Source

Fixes

• [jest-config] Fix ESM TS config loading in a CJS project (#​15694)

Features

• [jest-diff] Show non-printable control characters to diffs (#​15696)

v30.0.2

Compare Source

v30.0.1

Compare Source

v30.0.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - "after 12am every weekday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: onduty/package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/jest
npm error   dev jest@"30.1.1" from the root project
npm error
npm error Could not resolve dependency:
npm error peer jest@"^29.0.0" from [email protected]
npm error node_modules/ts-jest
npm error   dev ts-jest@"29.2.5" from the root project
npm error
npm error Conflicting peer dependency: [email protected]
npm error node_modules/jest
npm error   peer jest@"^29.0.0" from [email protected]
npm error   node_modules/ts-jest
npm error     dev ts-jest@"29.2.5" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2025-08-28T19_01_31_716Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2025-08-28T19_01_31_716Z-debug-0.log