Bump the all-npm-minor-updates group with 9 updates

[dependabot]

Bumps the all-npm-minor-updates group with 9 updates:

Package	From	To
turbo	2.8.13	2.8.14
@flags-sdk/vercel	1.0.1	1.0.2
@vercel/flags-core	1.0.1	1.1.0
hono	4.12.4	4.12.5
lucide-react	0.576.0	0.577.0
@types/node	25.3.3	25.3.5
azure-pipelines-task-lib	5.2.7	5.2.8
tsdown	0.20.3	0.21.0
@hono/node-server	1.19.10	1.19.11

Updates turbo from 2.8.13 to 2.8.14

Release notes

Sourced from turbo's releases.

Turborepo v2.8.14-canary.9

What's Changed

Changelog

• perf: Fire-and-forget telemetry and analytics HTTP flushes on shutdown by @​anthonyshew in vercel/turborepo#12162
• perf: Defer lockfile await until after internal dependency resolution by @​anthonyshew in vercel/turborepo#12164
• refactor: Extract turborepo-query-api trait crate for compile-time decoupling by @​anthonyshew in vercel/turborepo#12165
• feat: Include version, platform, and CPU count in Chrome trace profiles by @​anthonyshew in vercel/turborepo#12166
• docs: Remove bespoke AI prompts from documentation pages by @​anthonyshew in vercel/turborepo#12167
• test: Add comprehensive path traversal tests for cache archive by @​anthonyshew in vercel/turborepo#12169
• test: Add regression tests and OutputWatcher trait to prepare for daemon removal from turbo watch by @​anthonyshew in vercel/turborepo#12171

Full Changelog: vercel/turborepo@v2.8.14-canary.8...v2.8.14-canary.9

Turborepo v2.8.14-canary.5

What's Changed

Changelog

• fix: Preserve deeply nested workspace deps during npm lockfile pruning by @​anthonyshew in vercel/turborepo#12146

Full Changelog: vercel/turborepo@v2.8.14-canary.4...v2.8.14-canary.5

Turborepo v2.8.14-canary.4

What's Changed

Changelog

• feat: Add runAttributes config to OTel metrics for cardinality control by @​bkonkle in vercel/turborepo#12144

Full Changelog: vercel/turborepo@v2.8.14-canary.3...v2.8.14-canary.4

Turborepo v2.8.14-canary.3

What's Changed

Changelog

• fix: Treat Bun runtime modules as builtins in Boundaries by @​anthonyshew in vercel/turborepo#12141
• feat: Add futureFlags.longerSignatureKey to enforce minimum HMAC key length by @​anthonyshew in vercel/turborepo#12142

Full Changelog: vercel/turborepo@v2.8.14-canary.2...v2.8.14-canary.3

Turborepo v2.8.14-canary.2

... (truncated)

Commits

• c8fe2c1 publish 2.8.14 to registry
• 27e8e67 release(turborepo): 2.8.14-canary.9 (#12173)
• 0efbe30 test: Add regression tests and OutputWatcher trait to prepare for daemon re...
• 6fbd5bb test: Add comprehensive path traversal tests for cache archive (#12169)
• c456ad3 ci: Remove redundant rust_check job from lint workflow (#12168)
• ebe5e87 docs: Remove bespoke AI prompts from documentation pages (#12167)
• 716d886 feat: Include version, platform, and CPU count in Chrome trace profiles (#12166)
• 7acfdc4 refactor: Extract turborepo-query-api trait crate for compile-time decoupli...
• 14dd839 perf: Defer lockfile await until after internal dependency resolution (#12164)
• 6923c52 perf: Fire-and-forget telemetry and analytics HTTP flushes on shutdown (#12162)
• Additional commits viewable in compare view

Updates @flags-sdk/vercel from 1.0.1 to 1.0.2

Updates @vercel/flags-core from 1.0.1 to 1.1.0

Updates hono from 4.12.4 to 4.12.5

Release notes

Sourced from hono's releases.

v4.12.5

What's Changed

• fix(request): return string | undefined from param() when path type is any by @​andrewdamelio in honojs/hono#4723
• fix(jwt): validate token format in decode and decodeHeader functions by @​otoneko1102 in honojs/hono#4752
• fix(jsx): Fix "Invalid state: Controller is already closed" by @​gaearon in honojs/hono#4770
• chore(eslint): upgrade @hono/eslint-config by @​BarryThePenguin in honojs/hono#4781

New Contributors

• @​andrewdamelio made their first contribution in honojs/hono#4723
• @​otoneko1102 made their first contribution in honojs/hono#4752
• @​gaearon made their first contribution in honojs/hono#4770

Full Changelog: honojs/hono@v4.12.4...v4.12.5

Commits

• 18cc595 4.12.5
• 5d59ac7 chore(eslint): upgrade @hono/eslint-config (#4781)
• b8cff18 fix(jsx): Fix "Invalid state: Controller is already closed" (#4770)
• 8c4d7f3 fix(jwt): validate token format in decode and decodeHeader functions (#4752)
• 0f49915 fix(request): return string | undefined from param() when path type is any ...
• See full diff in compare view

Updates lucide-react from 0.576.0 to 0.577.0

Release notes

Sourced from lucide-react's releases.

Version 0.577.0

What's Changed

• chore(deps): bump rollup from 4.53.3 to 4.59.0 by @​dependabot[bot] in lucide-icons/lucide#4106
• fix(repo): correctly ignore docs/releaseMetadata via .gitignore by @​bhavberi in lucide-icons/lucide#4100
• feat(icons): added ellipse icon by @​KISHORE-KUMAR-S in lucide-icons/lucide#3749

New Contributors

• @​bhavberi made their first contribution in lucide-icons/lucide#4100
• @​KISHORE-KUMAR-S made their first contribution in lucide-icons/lucide#3749

Full Changelog: lucide-icons/lucide@0.576.0...0.577.0

Commits

• f6c0d06 chore(deps): bump rollup from 4.53.3 to 4.59.0 (#4106)
• See full diff in compare view

Updates @types/node from 25.3.3 to 25.3.5

Commits

• See full diff in compare view

Updates azure-pipelines-task-lib from 5.2.7 to 5.2.8

Commits

• See full diff in compare view

Updates tsdown from 0.20.3 to 0.21.0

Release notes

Sourced from tsdown's releases.

v0.21.0 - Notable Changes

Breaking Changes

Dependency options renamed to deps namespace

The dependency-related options have been moved under a new deps namespace with clearer names:

• external -> deps.neverBundle
• noExternal -> deps.alwaysBundle
• inlineOnly -> deps.onlyAllowBundle
• skipNodeModulesBundle -> deps.skipNodeModulesBundle

Before:

export default defineConfig({
  external: ['vue'],
  noExternal: ['lodash'],
})

After:

export default defineConfig({
  deps: {
    neverBundle: ['vue'],
    alwaysBundle: ['lodash'],
  },
})

The old options still work but are deprecated and will emit warnings.

failOnWarn default changed from 'ci-only' to false

If you relied on the previous behavior where warnings would fail the build in CI environments, you now need to explicitly set failOnWarn: true or failOnWarn: 'ci-only' in your config.

Node.js < 22.18.0 deprecated

tsdown now emits a deprecation warning when running on Node.js versions below 22.18.0. Plan to upgrade your Node.js version accordingly.

New Features

Experimental Node.js SEA executable bundling (exe)

tsdown can now bundle your TypeScript project into a standalone executable using Node.js Single Executable Applications (SEA). A new @tsdown/exe package provides cross-platform executable building support. See the exe documentation for details.

export default defineConfig({
  exe: true, // or { useCodeCache: true, useSnapshot: true }
</tr></table> 

... (truncated)

Commits

• 5145496 chore: release v0.21.0
• c5db6dc refactor(exe): improve nodeVersion type
• ce7abe9 feat(exe): support latest and latest-lts for nodeVersion
• 944e92a feat: support bundling .node files by default
• 1183ad3 fix(css): remove empty js chunks (#799)
• 0aae946 chore: upgrade rolldown
• 9440739 chore: release v0.21.0-beta.5
• d8a1f5c fix: resolve css files in node_modules (#795)
• 0173c6e feat(exe)!: require Node >=25.7 and default format to esm (#798)
• 288a5f0 feat(css): default css.transformer to lightningcss (#797)
• Additional commits viewable in compare view

Updates @hono/node-server from 1.19.10 to 1.19.11

Release notes

Sourced from @​hono/node-server's releases.

v1.19.11

What's Changed

• fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @​usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

Commits

• ecd4d6b 1.19.11
• c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
paklo	Canceled	Comment	Mar 10, 2026 5:51pm