chore(deps): bump the npm-version-updates group across 1 directory with 10 updates

[dependabot]

Bumps the npm-version-updates group with 9 updates in the / directory:

Package	From	To
@auth/core	0.40.0	0.41.1
dotenv	16.6.1	17.3.1
hono	4.12.0	4.12.1
@eslint/js	9.39.2	10.0.1
@types/node	24.10.13	25.3.0
@typescript-eslint/eslint-plugin	8.55.0	8.56.0
eslint	9.39.2	10.0.1
globals	16.5.0	17.3.0
knip	5.83.1	5.85.0

Updates @auth/core from 0.40.0 to 0.41.1

Release notes

Sourced from @​auth/core's releases.

@​auth/core@​0.41.1

Bugfixes

• security issue from nodemailer (#13305)

Other

• update links for Credentials-based Authentication (#13258)

@​auth/core@​0.41.0

Features

• providers: support custom baseURL for Gitlab (#13260) (745751e9)

Other

• fix build
• adjust default fusionauth provider details (#10868)

Commits

• 089f0e3 chore(release): bump package version(s) [skip ci]
• 2824fa1 feat: add next 16 support (#13298)
• 8f3b2c7 fix: security issue from nodemailer (#13305)
• 240e343 docs: update the Prisma ORM page to use Prisma Postgres (#13299)
• 0bcd32d chore(drizzle): migrate sqliteTable to array API (#13280)
• 90188fa ci: enable merge queue (#13288)
• 8d02b3d docs: remove carbon developer ads widget from docs sidebar (#13286)
• c8cd9b1 chore: remove unused script (#13279)
• 3a7c669 docs: update links for Credentials-based Authentication (#13258)
• e9e2b50 chore(release): bump package version(s) [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bekacru, a new releaser for @​auth/core since your current version.

Updates dotenv from 16.6.1 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

• 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

• Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

# .env
</tr></table> 

... (truncated)

Commits

• 7bc16a4 17.3.1
• 27303fd update README-es
• 6379eb2 update README
• b6d7339 fix spelling
• 5febe35 17.3.0
• f61f383 changelog 🪵
• dec94ad update README
• 4856950 update README
• 6351887 update README
• 23bd017 update README
• Additional commits viewable in compare view

Updates hono from 4.12.0 to 4.12.1

Release notes

Sourced from hono's releases.

v4.12.1

What's Changed

• fix(client): export ApplyGlobalResponse from hono/client by @​sushichan044 in honojs/hono#4743

Full Changelog: honojs/hono@v4.12.0...v4.12.1

Commits

• 2de30d7 4.12.1
• 91ef235 fix(client): export ApplyGlobalResponse from hono/client (#4743)
• See full diff in compare view

Updates @eslint/js from 9.39.2 to 10.0.1

Release notes

Sourced from @​eslint/js's releases.

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)
• aa3fb2b fix!: tighten func-names schema (#20119) (Pixel998)
• f6c0ed0 feat!: report eslint-env comments as errors (#20128) (Francesco Trotta)
• 4bf739f fix!: remove deprecated LintMessage#nodeType and TestCaseError#type (#20096) (Pixel998)
• 523c076 feat!: drop support for jiti < 2.2.0 (#20016) (michael faith)
• 454a292 feat!: update eslint:recommended configuration (#20210) (Pixel998)
• 4f880ee feat!: remove v10_* and inactive unstable_* flags (#20225) (sethamus)
• f18115c feat!: no-shadow-restricted-names report globalThis by default (#20027) (sethamus)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160) (Milos Djermanovic)

Features

• bff9091 feat: handle Array.fromAsync in array-callback-return (#20457) (Francesco Trotta)
• 290c594 feat: add self to no-implied-eval rule (#20468) (sethamus)
• 43677de feat: fix handling of function and class expression names in no-shadow (#20432) (Milos Djermanovic)

... (truncated)

Commits

• 84fb885 chore: package.json update for @​eslint/js release
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467)
• f3fbc2f chore: set @eslint/js version to 10.0.0 to skip releasing it (#20466)
• b4b3127 chore: package.json update for @​eslint/js release
• 0b14059 chore: package.json update for @​eslint/js release
• fa31a60 feat!: add name to configs (#20015)
• 1e2cad5 chore: package.json update for @​eslint/js release
• 454a292 feat!: update eslint:recommended configuration (#20210)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160)
• See full diff in compare view

Updates @types/node from 24.10.13 to 25.3.0

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.55.0 to 8.56.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 8b8b68f chore(release): publish 8.56.0
• 68a074f feat: support ESLint v10 (#12057)
• c0a359d fix: use parser options from context.languageOptions (#12043)
• See full diff in compare view

Updates @typescript-eslint/parser from 8.55.0 to 8.56.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

❤️ Thank You

• Brad Zacher @​bradzacher
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 8b8b68f chore(release): publish 8.56.0
• 68a074f feat: support ESLint v10 (#12057)
• See full diff in compare view

Updates eslint from 9.39.2 to 10.0.1

Release notes

Sourced from eslint's releases.

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)
• aa3fb2b fix!: tighten func-names schema (#20119) (Pixel998)
• f6c0ed0 feat!: report eslint-env comments as errors (#20128) (Francesco Trotta)
• 4bf739f fix!: remove deprecated LintMessage#nodeType and TestCaseError#type (#20096) (Pixel998)
• 523c076 feat!: drop support for jiti < 2.2.0 (#20016) (michael faith)
• 454a292 feat!: update eslint:recommended configuration (#20210) (Pixel998)
• 4f880ee feat!: remove v10_* and inactive unstable_* flags (#20225) (sethamus)
• f18115c feat!: no-shadow-restricted-names report globalThis by default (#20027) (sethamus)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160) (Milos Djermanovic)

Features

• bff9091 feat: handle Array.fromAsync in array-callback-return (#20457) (Francesco Trotta)
• 290c594 feat: add self to no-implied-eval rule (#20468) (sethamus)
• 43677de feat: fix handling of function and class expression names in no-shadow (#20432) (Milos Djermanovic)

... (truncated)

Commits

• 0bd5497 10.0.1
• ddb80ef Build: changelog update for 10.0.1
• c87d5bd fix: update eslint (#20531)
• e5c281f chore: updates for v9.39.3 release
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514)
• 5b3dbce docs: add AI acknowledgement section to templates (#20431)
• 04c2147 fix: update error message for unused suppressions (#20496)
• 8330d23 test: add tests for config-api (#20493)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494)
• Additional commits viewable in compare view

Updates globals from 16.5.0 to 17.3.0

Release notes

Sourced from globals's releases.

v17.3.0

• Update globals (2026-02-01) (#336) 295fba9

---

sindresorhus/globals@v17.2.0...v17.3.0

v17.2.0

• jasmine: Add throwUnless and throwUnlessAsync globals (#335) 97f23a7

---

sindresorhus/globals@v17.1.0...v17.2.0

v17.1.0

• Add webpack and rspack globals (#333) 65cae73

---

sindresorhus/globals@v17.0.0...v17.1.0

v17.0.0

Breaking

• Split audioWorklet environment from browser (#320) 7bc293e

Improvements

• Update globals (#329) ebe1063
• Get all browser globals from both chrome and firefox (#321) 59ceff8
• Add bunBuiltin environment (#324) 1bc6e3b
• Add denoBuiltin environment (#324) 1bc6e3b
• Add paintWorklet environment (#323) 4b78f56
• Add sharedWorker environment (#322) 4a02a85

---

sindresorhus/globals@v16.5.0...v17.0.0

Commits

• 5edc602 17.3.0
• 295fba9 Update globals (2026-02-01) (#336)
• 8176ac7 17.2.0
• 97f23a7 jasmine: Add throwUnless and throwUnlessAsync globals (#335)
• 7a2f354 17.1.0
• 65cae73 Add webpack and rspack globals (#333)
• 3efe5aa Remove script transform (#332)
• bb89b18 17.0.0
• ebe1063 Update globals (2026-01-01) (#329)
• e3d8da3 Revert "Automate script for paintWorklet environment (#325)" (#328)
• Additional commits viewable in compare view

Updates knip from 5.83.1 to 5.85.0

Release notes

Sourced from knip's releases.

Release 5.85.0

• Fix require.context regex matching for path-aware patterns (#1547) (c33d93ae24dc1304baa49f85b25beb24af803dd8) - thanks @​jstaab!
• Make knip compatible with erasableSyntaxOnly (#1541) (f63089bdadb2cea47d22fa27b22c16003e1a4b61) - thanks @​wojtekmaj!
• feat: add Payload CMS plugin (#1546) (58d99de46ee3a9e15cd77e3806b5de55931cebf2) - thanks @​Robot-Inventor!
• Look everywhere for manifest/robots file in next plugin (9da6205fdc45fdc992919d3e246415829025ea46)
• Merge some next glob patterns (8c5f35fa81ccccc4faceb6a1d8329d562927d450)
• Add SAP & Google Gemini to projects using Knip (c8ab8957ad1f15ee9ff67f13f5029f213e464ada)
• Bump remark-preset-webpro & dedupe (b9372cd7a0dc1a1ab54b7baa7b8a939a399ccc14)
• Document CLI usage for LS (97fe1cfe8a18af145eff9ca1f040e4c756acd270)
• fix: tsdown entry compatibility issues #1550 (#1554) (95051ebf3aa44a2db722837acf3ce73e03f72fc5) - thanks @​huijiewei!
• Fix incorrect coverage provider being reported (#1552) (2d0b5cda41f994116c6e211fc68c95b44c21b2cb) - thanks @​rexxars!
• Temp disable npmx in ecosystem run (a5cd9862943dcca1b217bcec2895553ba23dbe34)
• Fix OOM in gitignore walk for large monorepos (f192a6ba3fbe9fc303f48e3901db918f5bcd5164)
• Release knip@5.85.0 (e28a3e7ce7e8efaf40b99c9e6a1839647d0a5083)

Release 5.84.1

• Fix false positives for arrow-wrapped dynamic imports assigned to variables (#1544) (75a42c3aa4b8f9db59fb450ef4f45540ab94ec26) - thanks @​jantimon!
• Improve pnpm arg handling (df8c353c7f30ee11d749b2cf3208f288def1ed84)
• Ignore module.register if 2nd arg is not import.meta.url (#1535) (970fdb1f747c0941759aa3e0394c30ff6cf63481)

Release 5.84.0

• Post-release shenanigans (e7965cba23b0c63f0165a12c96aed75257aa6919)
• Move most compilers to plugins & register from there (61beafe3e002408e91169397f7c384e14c613d92)
• Minor refactor (e20a6828be8dd1e49b819d5b5b896a26db2a91ac)
• Fix lint issues (d2bbc139e63235c415a243e76ad8685693b8edf2)
• Add missing catalog property to rules in JSON schema (#1518) (5d49dea2696db454e630014efd25172d6edde9fa) - thanks @​Mohmdev!
• feat(plugins): add @​typescript/native-preview (tsgo) support (#1513) (babfb10a0426059bc2d79d14a2ba9c33767b6571) - thanks @​jgoux!
• Fix up quoting for spaced args (resolve #1515) (2b735cb8d87a827bf9ea53ea2bcfcedf117e6d4d)
• Switch to tsconfig-aware module resolver in input handler (634d0f68f681df1bf1e8896846f4d4c29b03e689)
• Use bun test positionals as entry points (resolve #1521) (da9472555b28b04eddba703b1dfee69b2cb8b6f9)
• Edit docs (327726ff2c5f2b135581088dea62bd3ed4bc99d4)
• Minor refactor while at it (dc87e8ea7157745a449955e9a275877d19cf4d87)
• Add config hints for unused ignore and ignoreFiles items (a4989eef8c870aa038d9c9d9e09597590ca444e7)
• Accept known bins only behind double-dash (resolve #1524) (b9214e35659f1f87eabc6695d9b9643c0e6c8022)
• feat(plugins): add support for bun test preloaded files (#1525) (14ee32a8f818e1cbf48398ba57bf0f19812ed8be) - thanks @​jgoux!
• Add date to IGNORED_GLOBAL_BINARIES (#1476) (f08f92bd9eac95ec4eafd01ddb01279cb047544e) - thanks @​duci9y!
• Fix edge case for binaries in scripts (82331ee2d336349d24a23437527991b73c764039)
• Report ignore/files config hints only if sure & relevant (4c3bd085477139f50dce468c4231ba2753459c54)
• Add consistent repository fields (781a0fd44a2cece4fd9c1413e50caa88df528607)
• Add language-server bin (13d78454c4100f5d6a4f0cadcf1d77eadec523b2)
• Use --stdio if no transport provided (bedb21adff873c13095350842c85bb1bfeac643b)
• Refactor from "enabled" to "deferSession" (resolve #1499) (15e3360f11c81a866b8e6de76e894986bdfddedd)
• Use initializationOptions.config or default fallback config obj (resolve #1503) (0abe5684083428340254dc1b0136760aacb9acff)
• Also publish ls + mcp with pkg-pr-new (78065260f55fc491d59912e2db41d789e49a1bb7)
• Auto-format (51b7dc1de9e2ec5b738df5389906df84dc1f3dd7)
• Remove chdir shenanigans (close #1516) (0cbee8f38f4a91504b3adc4faee466b9624120fc)
• Bind console.* to distinguish internal↔ external logs (3eac278273856994483a9164539bf57a51ed440b)
• Add early bail-outs for changed files we can ignore (36c2dd5c4345d743c3de58ebd677b6f48a270213)
• Avoid unnecessary module graph updates for unmodified files (f94c41f24fb7f5c4682a620bafd03700cf14ba68)
• Fix typo in pkg-pr-new-pkg-dir (7e7a8b05a06f1f972a1d5e236dc53facbbb99729)

... (truncated)

Commits

• e28a3e7 Release knip@5.85.0
• f192a6b Fix OOM in gitignore walk for large monorepos
• 2d0b5cd Fix incorrect coverage provider being reported (#1552)
• 95051eb fix: tsdown entry compatibility issues #1550 (#1554)
• 8c5f35f Merge some next glob patterns
• 9da6205 Look everywhere for manifest/robots file in next plugin
• 58d99de feat: add Payload CMS plugin (#1546)
• f63089b Make knip compatible with erasableSyntaxOnly (#1541)
• c33d93a Fix require.context regex matching for path-aware patterns (#1547)
• 5c2cccf Release knip@5.84.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.