chore(deps): bump the dependencies group with 3 updates

[dependabot]

Bumps the dependencies group with 3 updates: zod, @types/node and knip.

Updates zod from 4.1.13 to 4.2.0

Release notes

Sourced from zod's releases.

v4.2.0

Features

Implement Standard JSON Schema

standard-schema/standard-schema#134

Implement z.fromJSONSchema()

const jsonSchema = {
  type: "object",
  properties: {
    name: { type: "string" },
    age: { type: "number" }
  },
  required: ["name"]
};
const schema = z.fromJSONSchema(jsonSchema);

Implement z.xor()

const schema = z.xor(
  z.object({ type: "user", name: z.string() }),
  z.object({ type: "admin", role: z.string() })
);
// Exactly one of the schemas must match

Implement z.looseRecord()

const schema = z.looseRecord(z.string(), z.number());
// Allows additional properties beyond those defined

Commits:

• af49c084f66339110d00e37ff71dc7b3b9f2b7ef Update docs for JSON Schema conversion of z.undefined() (#5504)
• 767f320318986e422f524b939f1a7174544fda2e Add .toJSONSchema() method (#5477)
• e17dcb63573397063e87d7c7fe10a5a78968181a Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)

Commits

• dcef973 v4.2.0
• e17dcb6 Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)
• d632df3 Update next
• 767f320 Add .toJSONSchema() method (#5477)
• 325a701 Add pullfrog.yml workflow
• 4972727 Update Next.js and React Flight RCE advisory (#5515)
• af49c08 Update docs for JSON Schema conversion of z.undefined() (#5504)
• fb66ee1 fix(mini): export ZodMiniJSONSchema types to prevent TS4023 (#5511)
• 6e968a3 Add convex-helpers to the ecosystem docs (#5470)
• d224363 test: add result verification to test cases (#5473)
• Additional commits viewable in compare view

Updates @types/node from 24.10.1 to 25.0.2

Commits

• See full diff in compare view

Updates knip from 5.72.0 to 5.73.4

Release notes

Sourced from knip's releases.

Release 5.73.4

• fix(bun resolver): detect "publish" and others as builtin commands instead of unlisted binaries (#1387) (542e2ad11603d9652809fdd8c841f24dff402626) - thanks @​viktormarinho!
• fix: detect namespace imports used as default values in destructuring (#1386) (31095065823e3c6b691da44178252d7d863410ae) - thanks @​jstaab!
• Update release-it (71fa7b14cb220dce939d7b87d08df33977863d84)
• Fix up some md(x) logistics (a879075b8898aaaea4b0a34e234ef865a59d0fe7)
• Add DTS extensions to the resolver (9126b1e23a992c3d542b1dff7ead06d85c24f17b)
• Improved zod error (0f0cef3654c55be2271c594ff84734ac2a878e33)
• Auto-format (353c9b55af62e70189d46150496e89621d0d366d)

Release 5.73.3

• Fix up package.json after previous release (1b2d9ab300dcf16f1d0e3480dd2ba9e38578789c)

Release 5.73.2

• Sync issue types in json schema (dd275e1182b0860a8cb6494b0d81f29b33c48fd2)

Release 5.73.1

• Improve handling of "bridged" require calls in ts modules (dc546c67cc0a48b4da8477d1befb8a43485db022)
• Optimize workspaces finder (056c619dc32734f9d5520729565c380160343b7f)
• Don't add prerelease comment to closed issues (12f41cc0616dc8bce2acf18e19f6b33bba3c0b7a)
• fix(plugins/astro): srcDir config detection creating wrong entry patterns (#1384) (fba49d7f3f8a9cd0f4c549bf00587e3c633ffc25) - thanks @​viktormarinho!

Release 5.73.0

• Bail out early if specifier starts with colon (resolve #1379) (68c959766e5e4a3a9bda3a519dd9982fe44ea47e)
• Add clear to list of ignored global binaries (91522bb59a8844c0259646f4d34e2b49b6fa65a7)
• Add next-intl plugin (resolve #1380) (430b8a391cdd841deb85b6efed60531ffe622bd8)
• Create new next-mdx plugin (extract from next plugin) (c4acf7a6d77be6fda8b88ace4f499b297aa4eb6b)
• Refactor preview/ecosystem workflow + add comment (861252a28c7890b28efea8437e7db8e114370fb3)
• Allow workflow to add comment (188920a317f21d508948753c0b7266ac8ad3da57)
• Remove eslint patch (d9fc8f7248816ddd399088145d5dab4f055c0ddb)
• Use pkg-pr-new --commentWithDev flag (c9af60858ed02c3ce8fe3c2137514096743ce052)
• Fix regression with require call in ts file (resolve #1383) (557c7456c41e8574cfe6bbb10ee52e15eeb1f65e)
• Remove unpublished flag (f08c7eed172fcd98c82490aed5baf59fca38c8c0)

Commits

• 07eef0f Release 5.73.4
• 353c9b5 Auto-format
• 0f0cef3 Improved zod error
• 9126b1e Add DTS extensions to the resolver
• 71fa7b1 Update release-it
• 3109506 fix: detect namespace imports used as default values in destructuring (#1386)
• 542e2ad fix(bun resolver): detect "publish" and others as builtin commands instead of...
• a6aef14 Release 5.73.3
• 1b2d9ab Fix up package.json after previous release
• d804c26 Release 5.73.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Summary by cubic

Update dependencies to keep tooling current and enable new Zod features. Upgrades zod to 4.2.0, @types/node to 25.0.2, and knip to 5.73.4.

• Dependencies
  • zod: 4.1.13 → 4.2.0 (adds toJSONSchema/fromJSONSchema, xor, looseRecord)
  • @types/node: 24.10.1 → 25.0.2 (types-only)
  • knip: 5.72.0 → 5.73.4 (bug fixes and resolver/plugin improvements)

^{Written for commit d8a3872. Summary will update automatically on new commits.}

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

📊 Build Report

Bundle Size: 1.19 KB
Node Versions Tested: 18, 20, 22
All Checks: ✅ Passed

Details

• Linting (BiomeJS, Knip, TypeScript): ✅
• Tests with coverage: ✅
• Build: ✅
• Integration test: ✅

Generated for commit d6e19aa

[cubic-dev-ai]

No issues found across 2 files

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.