chore(deps): bump the npm-version-updates group across 1 directory with 19 updates

[dependabot]

Bumps the npm-version-updates group with 18 updates in the / directory:

Package	From	To
@auth/core	0.40.0	0.41.1
@auth/express	0.11.0	0.12.1
dotenv	16.6.1	17.2.3
express-handlebars	8.0.1	8.0.4
openid-client	6.6.2	6.8.1
@eslint/js	9.30.0	9.39.2
@tsconfig/node20	20.1.6	20.1.8
@types/cookie-parser	1.4.9	1.4.10
@types/express	5.0.3	5.0.6
@types/node	24.0.7	25.0.3
@typescript-eslint/eslint-plugin	8.35.0	8.52.0
eslint	9.30.0	9.39.2
globals	16.2.0	17.0.0
knip	5.66.2	5.80.0
prettier	3.6.2	3.7.4
ts-jest	29.4.5	29.4.6
tsx	4.20.3	4.21.0
typescript	5.8.3	5.9.3

Updates @auth/core from 0.40.0 to 0.41.1

Release notes

Sourced from @​auth/core's releases.

@​auth/core@​0.41.1

Bugfixes

• security issue from nodemailer (#13305)

Other

• update links for Credentials-based Authentication (#13258)

@​auth/core@​0.41.0

Features

• providers: support custom baseURL for Gitlab (#13260) (745751e9)

Other

• fix build
• adjust default fusionauth provider details (#10868)

Commits

• 089f0e3 chore(release): bump package version(s) [skip ci]
• 2824fa1 feat: add next 16 support (#13298)
• 8f3b2c7 fix: security issue from nodemailer (#13305)
• 240e343 docs: update the Prisma ORM page to use Prisma Postgres (#13299)
• 0bcd32d chore(drizzle): migrate sqliteTable to array API (#13280)
• 90188fa ci: enable merge queue (#13288)
• 8d02b3d docs: remove carbon developer ads widget from docs sidebar (#13286)
• c8cd9b1 chore: remove unused script (#13279)
• 3a7c669 docs: update links for Credentials-based Authentication (#13258)
• e9e2b50 chore(release): bump package version(s) [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bekacru, a new releaser for @​auth/core since your current version.

Updates @auth/express from 0.11.0 to 0.12.1

Release notes

Sourced from @​auth/express's releases.

@​auth/express@​0.12.1

Other

• @​auth/core: dependency update (8f3b2c7a)

@​auth/express@​0.12.0

Other

• @​auth/core: dependency update (745751e9)

Commits

• 089f0e3 chore(release): bump package version(s) [skip ci]
• 2824fa1 feat: add next 16 support (#13298)
• 8f3b2c7 fix: security issue from nodemailer (#13305)
• 240e343 docs: update the Prisma ORM page to use Prisma Postgres (#13299)
• 0bcd32d chore(drizzle): migrate sqliteTable to array API (#13280)
• 90188fa ci: enable merge queue (#13288)
• 8d02b3d docs: remove carbon developer ads widget from docs sidebar (#13286)
• c8cd9b1 chore: remove unused script (#13279)
• 3a7c669 docs: update links for Credentials-based Authentication (#13258)
• e9e2b50 chore(release): bump package version(s) [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bekacru, a new releaser for @​auth/express since your current version.

Updates dotenv from 16.6.1 to 17.2.3

Changelog

Sourced from dotenv's changelog.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

• 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

• Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

# .env
DOTENV_CONFIG_QUIET=true
HELLO="World"

// index.js
require('dotenv').config()
console.log(`Hello ${process.env.HELLO}`)

$ node index.js
Hello World
or
$ DOTENV_CONFIG_QUIET=true node index.js

17.1.0 (2025-07-07)

Added

• Add additional security and configuration tips to the runtime log (#884)
• Dim the tips text from the main injection information text

... (truncated)

Commits

• affe113 17.2.3
• db1ff1f changelog 🪵
• 7063f16 Merge pull request #913 from motdotla/new-tips
• 0bbe72c test against expected tips
• 017951b only run .js tests
• 39eda1f add space back
• fcc030e update tips
• b6c7a0d updated tips - as Dotenvx Radar has been renamed Dotenvx Ops
• b3c8b16 remove unnecessary call to npx
• d6e4c17 Merge pull request #912 from adjerbetian/fix/typescript-error-definition
• Additional commits viewable in compare view

Updates express-handlebars from 8.0.1 to 8.0.4

Release notes

Sourced from express-handlebars's releases.

v8.0.4

8.0.4 (2025-11-19)

Bug Fixes

• deps: update dependency glob to v12 (#1133) (020f6db)

v8.0.3

8.0.3 (2025-04-23)

Bug Fixes

• deps: update dependency glob to ^11.0.2 (#982) (def7c02)

v8.0.2

8.0.2 (2025-04-17)

Bug Fixes

• deps: update dependency glob to ^11.0.1 (#928) (b4b9cd3)

Changelog

Sourced from express-handlebars's changelog.

8.0.4 (2025-11-19)

Bug Fixes

• deps: update dependency glob to v12 (#1133) (020f6db)

8.0.3 (2025-04-23)

Bug Fixes

• deps: update dependency glob to ^11.0.2 (#982) (def7c02)

8.0.2 (2025-04-17)

Bug Fixes

• deps: update dependency glob to ^11.0.1 (#928) (b4b9cd3)

Commits

• 67d53e0 chore(release): 8.0.4 [skip ci]
• 020f6db fix(deps): update dependency glob to v12 (#1133)
• efd3aab chore(deps): bump glob from 11.0.3 to 11.1.0 (#1129)
• 75d809e chore(deps): update devdependency typescript-eslint to ^8.47.0 (#1131)
• 8284e01 chore(deps): update devdependency @​semantic-release/npm to ^13.1.2 (#1127)
• 49a13d2 chore(deps): update devdependency typescript-eslint to ^8.46.4 (#1126)
• d60d2a8 chore(deps): update devdependency @​semantic-release/github to ^12.0.2 (#1125)
• 3235e32 chore(deps): update devdependency semantic-release to ^25.0.2 (#1124)
• e5ea2b3 chore(deps): update eslint monorepo to ^9.39.1 (#1123)
• f511c74 chore(deps): update devdependency typescript-eslint to ^8.46.3 (#1122)
• Additional commits viewable in compare view

Updates openid-client from 6.6.2 to 6.8.1

Release notes

Sourced from openid-client's releases.

v6.8.1

Refactor

• workaround dpop nonce caching caveats with customFetch (a9eb50f)

v6.8.0

Features

• respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

• remove mention of Edge Runtime from the readme (2e41ad5)

v6.7.1

Fixes

• passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

v6.7.0

Features

• support for the ML-DSA Algorithm Identifiers (9543da5)

v6.6.4

Fixes

• recognize N_A in the token exchange grant (770b177)

v6.6.3

Documentation

• fix TokenEndpointResponseHelpers.claims() note (b77c786)

Refactor

• passport: allow custom logic to drive initiating auth requests (0b57115), closes #811

Changelog

Sourced from openid-client's changelog.

6.8.1 (2025-09-27)

Refactor

• workaround dpop nonce caching caveats with customFetch (a9eb50f)

6.8.0 (2025-09-11)

Features

• respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

• remove mention of Edge Runtime from the readme (2e41ad5)

6.7.1 (2025-08-29)

Fixes

• passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

6.7.0 (2025-08-27)

Features

• support for the ML-DSA Algorithm Identifiers (9543da5)

6.6.4 (2025-08-12)

Fixes

• recognize N_A in the token exchange grant (770b177)

6.6.3 (2025-08-05)

Documentation

• fix TokenEndpointResponseHelpers.claims() note (b77c786)

Refactor

... (truncated)

Commits

• 00990b9 chore(release): 6.8.1
• a9eb50f refactor: workaround dpop nonce caching caveats with customFetch
• 60d7639 chore: bump packages
• ba4040c chore: cleanup after release
• 9d70a05 chore(release): 6.8.0
• 6ce3411 feat: respect retry-after in CIBA and Device Authorization Grant polling
• d26f7a3 chore: bump oidc-provider
• c98e068 chore: bump typedoc and typescript
• 2e41ad5 docs: remove mention of Edge Runtime from the readme
• 3e11c6c chore: cleanup after release
• Additional commits viewable in compare view

Updates @eslint/js from 9.30.0 to 9.39.2

Release notes

Sourced from @​eslint/js's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/[email protected] (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

v9.39.1

Bug Fixes

• 650753e fix: Only pass node to JS lang visitor methods (#20283) (Nicholas C. Zakas)

Documentation

• 51b51f4 docs: add a section on when to use extends vs cascading (#20268) (Tanuj Kanti)
• b44d426 docs: Update README (GitHub Actions Bot)

Chores

• 92db329 chore: update @eslint/js version to 9.39.1 (#20284) (Francesco Trotta)
• c7ebefc chore: package.json update for @​eslint/js release (Jenkins)
• 61778f6 chore: update eslint-config-eslint dependency @​eslint/js to ^9.39.0 (#20275) (renovate[bot])
• d9ca2fc ci: Add rangeStrategy to eslint group in renovate config (#20266) (唯然)
• 009e507 test: fix version tests for ESLint v10 (#20274) (Milos Djermanovic)

v9.39.0

Features

• cc57d87 feat: update error loc to key in no-dupe-class-members (#20259) (Tanuj Kanti)
• 126552f feat: update error location in for-direction and no-dupe-args (#20258) (Tanuj Kanti)
• 167d097 feat: update complexity rule to highlight only static block header (#20245) (jaymarvelz)

Bug Fixes

• 15f5c7c fix: forward traversal step.args to visitors (#20253) (jaymarvelz)
• 5a1a534 fix: allow JSDoc comments in object-shorthand rule (#20167) (Nitin Kumar)
• e86b813 fix: Use more types from @​eslint/core (#20257) (Nicholas C. Zakas)
• 927272d fix: correct Scope typings (#20198) (jaymarvelz)
• 37f76d9 fix: use AST.Program type for Program node (#20244) (Francesco Trotta)
• ae07f0b fix: unify timing report for concurrent linting (#20188) (jaymarvelz)
• b165d47 fix: correct Rule typings (#20199) (jaymarvelz)
• fb97cda fix: improve error message for missing fix function in suggestions (#20218) (jaymarvelz)

Documentation

• d3e81e3 docs: Always recommend to include a files property (#20158) (Percy Ma)
• 0f0385f docs: use consistent naming recommendation (#20250) (Alex M. Spieslechner)
• a3b1456 docs: Update README (GitHub Actions Bot)
• cf5f2dd docs: fix correct tag of no-useless-constructor (#20255) (Tanuj Kanti)
• 10b995c docs: add TS options and examples for nofunc in no-use-before-define (#20249) (Tanuj Kanti)
• 2584187 docs: remove repetitive word in comment (#20242) (reddaisyy)

... (truncated)

Commits

• c43ce24 chore: package.json update for @​eslint/js release
• c7ebefc chore: package.json update for @​eslint/js release
• 2375a6d chore: package.json update for @​eslint/js release
• 9e7fad4 chore: add script to auto-generate eslint:recommended configuration (#20208)
• 25d0e33 chore: package.json update for @​eslint/js release
• abee4ca chore: package.json update for @​eslint/js release
• 90a71bf docs: update README files to add badge and instructions (#20115)
• 488cba6 chore: package.json update for @​eslint/js release
• 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116)
• af2a087 chore: package.json update for @​eslint/js release
• Additional commits viewable in compare view

Updates @tsconfig/node20 from 20.1.6 to 20.1.8

Commits

• See full diff in compare view

Updates @types/cookie-parser from 1.4.9 to 1.4.10

Commits

• See full diff in compare view

Updates @types/express from 5.0.3 to 5.0.6

Commits

• See full diff in compare view

Updates @types/node from 24.0.7 to 25.0.3

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.35.0 to 8.52.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.52.0

8.52.0 (2026-01-05)

🚀 Features

• eslint-plugin-internal: [no-multiple-lines-of-errors] add rule (#11899)
• typescript-estree: add tseslint.com redirects for CLI outputs (#11895)

🩹 Fixes

• eslint-plugin: [no-useless-default-assignment] handle conditional initializer (#11908)
• eslint-plugin: [no-base-to-string] detect @@​toPrimitive and valueOf (#11901)

❤️ Thank You

• Josh Goldberg ✨
• Ulrich Stark

You can read about our versioning strategy and releases on our website.

v8.51.0

8.51.0 (2025-12-29)

🚀 Features

• eslint-plugin: expose rule name via RuleModule interface (#11719)
• eslint-plugin: [no-useless-default-assignment] fix some cases to optional syntax (#11871)
• eslint-plugin: add namespace to plugin meta (#11885)
• tsconfig-utils: more informative error on parsing failures (#11888)

🩹 Fixes

• eslint-plugin: fix crash and false positives in no-useless-default-assignment (#11845)
• eslint-plugin: remove fixable from no-dynamic-delete rule (#11876)
• eslint-plugin: bump ts-api-utils to 2.2.0 (#11881)
• eslint-plugin: [prefer-optional-chain] handle MemberExpression in final chain position (#11835)

❤️ Thank You

• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ulrich Stark
• Yannick Decat @​mho22
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.50.1

8.50.1 (2025-12-22)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.52.0 (2026-01-05)

🚀 Features

• eslint-plugin-internal: [no-multiple-lines-of-errors] add rule (#11899)

🩹 Fixes

• eslint-plugin: [no-base-to-string] detect @@​toPrimitive and valueOf (#11901)
• eslint-plugin: [no-useless-default-assignment] handle conditional initializer (#11908)

❤️ Thank You

• Josh Goldberg ✨
• Ulrich Stark

You can read about our versioning strategy and releases on our website.

8.51.0 (2025-12-29)

🚀 Features

• eslint-plugin: add namespace to plugin meta (#11885)
• eslint-plugin: [no-useless-default-assignment] fix some cases to optional syntax (#11871)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] handle MemberExpression in final chain position (#11835)
• eslint-plugin: bump ts-api-utils to 2.2.0 (#11881)
• eslint-plugin: remove fixable from no-dynamic-delete rule (#11876)
• eslint-plugin: fix crash and false positives in no-useless-default-assignment (#11845)

❤️ Thank You

• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ulrich Stark
• Yannick Decat @​mho22

You can read about our versioning strategy and releases on our website.

8.50.1 (2025-12-22)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] correct handling of undefined vs. void (#11826)
• eslint-plugin: [method-signature-style] ignore methods that return this (#11813)

❤️ Thank You

... (truncated)

Commits

• 9ddd571 chore(release): publish 8.52.0
• 6b467b0 docs: add blog post on revamping the ban-types rule (#11873)
• 309a38e fix(eslint-plugin): [no-base-to-string] detect @@​toPrimitive and valueOf (#11...
• cf79108 fix(eslint-plugin): [no-useless-default-assignment] handle conditional initia...
• a166cea feat(eslint-plugin-internal): [no-multiple-lines-of-errors] add rule (#11899)
• d1b44c0 chore(deps): update nx monorepo to v22.3.3 (#11848)
• 95c7c73 chore: update deps to latest minor/patch (#11921)
• 45a7d2b chore(typescript-estree): use iterateComments() from ts-api-utils v2.3 (#11...
• e4c57f5 chore(release): publish 8.51.0
• c7b698b feat(eslint-plugin): add namespace to plugin meta (#11885)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​typescript-eslint/eslint-plugin since your current version.

Updates @typescript-eslint/parser from 8.35.0 to 8.52.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.52.0

8.52.0 (2026-01-05)

🚀 Features

• eslint-plugin-internal: [no-multiple-lines-of-errors] add rule (#11899)
• typescript-estree: add tseslint.com redirects for CLI outputs (#11895)

🩹 Fixes

• eslint-plugin: [no-useless-default-assignment] handle conditional initializer (#11908)
• eslint-plugin: [no-base-to-string] detect @@​toPrimitive and valueOf (#11901)

❤️ Thank You

• Josh Goldberg ✨
• Ulrich Stark

You can read about our versioning strategy and releases on our website.

v8.51.0

8.51.0 (2025-12-29)

🚀 Features

• eslint-plugin: expose rule name via RuleModule interface (#11719)
• eslint-plugin: [no-useless-default-assignment] fix some cases to optional syntax (#11871)
• eslint-plugin: add namespace to plugin meta (#11885)
• tsconfig-utils: more informative error on parsing failures (#11888)

🩹 Fixes

• eslint-plugin: fix crash and false positives in no-useless-default-assignment (#11845)
• eslint-plugin: remove fixable from no-dynamic-delete rule (#11876)
• eslint-plugin: bump ts-api-utils to 2.2.0 (#11881)
• eslint-plugin: [prefer-optional-chain] handle MemberExpression in final chain position (#11835)

❤️ Thank You

• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ulrich Stark
• Yannick Decat @​mho22
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.50.1

8.50.1 (2025-12-22)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.52.0 (2026-01-05)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.51.0 (2025-12-29)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.50.1 (2025-12-22)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.50.0 (2025-12-15)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.49.0 (2025-12-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.48.1 (2025-12-02)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.48.0 (2025-11-24)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.47.0 (2025-11-17)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.46.4 (2025-11-10)

... (truncated)

Commits

• 9ddd571 chore(release): publish 8.52.0
• 95c7c73 chore: update deps to latest minor/patch (#11921)
• e4c57f5 chore(release): publish 8.51.0
• d520b88 chore(release): publish 8.50.1
• c62e858 chore(release): publish 8.50.0
• 864595a chore(release): publish 8.49.0
• 32b7e89 chore(deps): update dependency @​vitest/eslint-plugin to v1.5.1 (#11816)
• 8fe3445 chore(release): publish 8.48.1
• 6fb1551 chore(release): publish 8.48.0
• a4dc42a chore: migrate to nx 22 (#11780)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​typescript-eslint/parser since your current version.

Updates eslint from 9.30.0 to 9.39.2

Release notes

Sourced from eslint's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/[email protected] (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

v9.39.1

Bug Fixes

• 650753e fix: Only pass node to JS lang visitor methods (#20283) (Nicholas C. Zakas)

Documentation

• 51b51f4 docs: add a section on when to use extends vs cascading (#20268) (Tanuj Kanti)
• b44d426 docs: Update README (GitHub Actions Bot)

Chores

• 92db329 chore: update @eslint/js version to 9.39.1 (#20284) (Francesco Trotta)
• c7ebefc chore: package.json update for @​eslint/js release (Jenkins)
• 61778f6 chore: update eslint-config-eslint dependency @​eslint/js to ^9.39.0 (#20275) (renovate[bot])
• d9ca2fc ci: Add rangeStrategy to eslint group in renovate config (#20266) (唯然)
• 009e507 test: fix version tests for ESLint v10 (#20274) (Milos Djermanovic)

v9.39.0

Features

• cc57d87 feat: update error loc to key in no-dupe-class-members (#20259) (Tanuj Kanti)
• 126552f feat: update error location in for-direction and no-dupe-args (#20258) (Tanuj Kanti)
• 167d097 feat: update complexity rule to highlight only static block header (#20245) (jaymarvelz)

Bug Fixes

• 15f5c7c fix: forward traversal step.args to visitors (#20253) (jaymarvelz)
• 5a1a534 fix: allow JSDoc comments in object-shorthand rule (#20167) (Nitin Kumar)
• e86b813 fix: Use more types from @​eslint/core (#20257) (Nicholas C. Zakas)
• 927272d fix: correct Scope typings (#20198) (jaymarvelz)
• 37f76d9 fix: use AST.Program type for Program node (#20244) (Francesco Trotta)
• ae07f0b fix: unify timing report for concurrent linting (#20188) (jaymarvelz)
• b165d47 fix: correct Rule typings (#20199) (jaymarvelz)