chore(deps): bump the npm-version-updates group across 1 directory with 13 updates

[dependabot]

Bumps the npm-version-updates group with 12 updates in the / directory:

Package	From	To
@auth/core	0.40.0	0.41.0
@hono/node-server	1.14.4	1.19.5
dotenv	16.6.1	17.2.3
hono	4.8.12	4.10.1
openid-client	6.6.2	6.8.1
@eslint/js	9.30.0	9.38.0
@types/node	24.0.7	24.9.1
@typescript-eslint/eslint-plugin	8.35.0	8.46.2
eslint	9.30.0	9.38.0
globals	16.2.0	16.4.0
tsx	4.20.3	4.20.6
typescript	5.8.3	5.9.3

Updates @auth/core from 0.40.0 to 0.41.0

Release notes

Sourced from @​auth/core's releases.

@​auth/core@​0.41.0

Features

• providers: support custom baseURL for Gitlab (#13260) (745751e9)

Other

• fix build
• adjust default fusionauth provider details (#10868)

Commits

• e9e2b50 chore(release): bump package version(s) [skip ci]
• 3cd5044 ci: fix unit test failure with firebase (#13278)
• 2732fa4 chore(firebase-adapter): update firebase-admin (#13277)
• 745751e feat(providers): support custom baseURL for Gitlab (#13260)
• 03cfd79 chore(neon-adapter): use peer dependency (#13276)
• 14c2cf7 ci: use node.js LTS version (#13275)
• 4b7c843 docs: fix broken link on middleware setup (#13253)
• 826165d docs: remove ads (#13254)
• 608453c docs: cleanup warning
• 0ec6b4f docs: fix migration guide
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bekacru, a new releaser for @​auth/core since your current version.

Updates @hono/node-server from 1.14.4 to 1.19.5

Release notes

Sourced from @​hono/node-server's releases.

v1.19.5

What's Changed

• fix: cancel a readable stream if a writable stream is closed before a readable stream is closed. by @​usualoma in honojs/node-server#280

Full Changelog: honojs/node-server@v1.19.4...v1.19.5

v1.19.4

What's Changed

• fix(serve-static): Add error handling in createStreamBody by @​thongdoan in honojs/node-server#278

New Contributors

• @​thongdoan made their first contribution in honojs/node-server#278

Full Changelog: honojs/node-server@v1.19.3...v1.19.4

v1.19.3

What's Changed

• fix: Refactor promise check for response handling by @​kay-is in honojs/node-server#277

New Contributors

• @​kay-is made their first contribution in honojs/node-server#277

Full Changelog: honojs/node-server@v1.19.2...v1.19.3

v1.19.2

What's Changed

• fix: better handle range parse to avoid NaN error by @​zwpaper in honojs/node-server#276

New Contributors

• @​zwpaper made their first contribution in honojs/node-server#276

Full Changelog: honojs/node-server@v1.19.1...v1.19.2

v1.19.1

What's Changed

• fix: Keep lightweight request even if accessing method, url or headers by @​usualoma in honojs/node-server#274
• chore: add packageManager field in package.json by @​yusukebe in honojs/node-server#275

Full Changelog: honojs/node-server@v1.19.0...v1.19.1

v1.19.0

What's Changed

• feat: add log when directory does not exists by @​Its-Just-Nans in honojs/node-server#273

New Contributors

• @​Its-Just-Nans made their first contribution in honojs/node-server#273

Full Changelog: honojs/node-server@v1.18.2...v1.19.0

... (truncated)

Commits

• 840c22b 1.19.5
• 4b5a8d1 fix: cancel a readable stream if a writable stream is closed before a readabl...
• a5e7d50 1.19.4
• 0ee7ce1 fix(serve-static): Add error handling in createStreamBody (#278)
• f3156d9 1.19.3
• 4f50527 fix: Refactor promise check for response handling (#277)
• cf75f9d 1.19.2
• fc9f9ab fix: better handle range parse to avoid NaN error (#276)
• 660e784 1.19.1
• b16e9fa chore: add packageManager field in package.json (#275)
• Additional commits viewable in compare view

Updates dotenv from 16.6.1 to 17.2.3

Changelog

Sourced from dotenv's changelog.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

• 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

• Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

# .env
DOTENV_CONFIG_QUIET=true
HELLO="World"

// index.js
require('dotenv').config()
console.log(`Hello ${process.env.HELLO}`)

$ node index.js
Hello World
or
$ DOTENV_CONFIG_QUIET=true node index.js

17.1.0 (2025-07-07)

Added

• Add additional security and configuration tips to the runtime log (#884)
• Dim the tips text from the main injection information text

... (truncated)

Commits

• affe113 17.2.3
• db1ff1f changelog 🪵
• 7063f16 Merge pull request #913 from motdotla/new-tips
• 0bbe72c test against expected tips
• 017951b only run .js tests
• 39eda1f add space back
• fcc030e update tips
• b6c7a0d updated tips - as Dotenvx Radar has been renamed Dotenvx Ops
• b3c8b16 remove unnecessary call to npx
• d6e4c17 Merge pull request #912 from adjerbetian/fix/typescript-error-definition
• Additional commits viewable in compare view

Updates hono from 4.8.12 to 4.10.1

Release notes

Sourced from hono's releases.

v4.10.1

What's Changed

• fix(types): cannot .use non-return mw from createMiddleware by @​NamesMT in honojs/hono#4465

Full Changelog: honojs/hono@v4.10.0...v4.10.1

v4.10.0

Release Notes

Hono v4.10.0 is now available!

This release brings improved TypeScript support and new utilities.

The main highlight is the enhanced middleware type definitions that solve a long-standing issue with type safety for RPC clients.

Middleware Type Improvements

Imagine the following app:

import { Hono } from 'hono'
const app = new Hono()
const routes = app.get(
'/',
(c) => {
return c.json({ errorMessage: 'Error!' }, 500)
},
(c) => {
return c.json({ message: 'Success!' }, 200)
}
)

The client with RPC:

import { hc } from 'hono/client'
const client = hc<typeof routes>('/')
const res = await client.index.$get()
if (res.status === 500) {
}
if (res.status === 200) {
}
</tr></table>

... (truncated)

Commits

• db764c2 4.10.1
• 8774bf9 fix(types): cannot .use non-return mw from createMiddleware (#4465)
• 5eb7c15 4.10.0
• f0c0377 Merge pull request #4461 from honojs/next
• 9ae98c9 fix(proxy): Correct hop-by-hop header handling per RFC 9110 (#4459)
• 1280661 feat(request): add cloneRawRequest utility for request cloning (#4382)
• fb2a7ef feat(ssg): add default plugin that defines the recommended behavior (#4394)
• 0133317 feat(types): passing middleware types (#4393)
• 4b796cf 4.9.12
• 17e4455 refactor: use protected methods instead of computed properties to allow `tree...
• Additional commits viewable in compare view

Updates openid-client from 6.6.2 to 6.8.1

Release notes

Sourced from openid-client's releases.

v6.8.1

Refactor

• workaround dpop nonce caching caveats with customFetch (a9eb50f)

v6.8.0

Features

• respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

• remove mention of Edge Runtime from the readme (2e41ad5)

v6.7.1

Fixes

• passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

v6.7.0

Features

• support for the ML-DSA Algorithm Identifiers (9543da5)

v6.6.4

Fixes

• recognize N_A in the token exchange grant (770b177)

v6.6.3

Documentation

• fix TokenEndpointResponseHelpers.claims() note (b77c786)

Refactor

• passport: allow custom logic to drive initiating auth requests (0b57115), closes #811

Changelog

Sourced from openid-client's changelog.

6.8.1 (2025-09-27)

Refactor

• workaround dpop nonce caching caveats with customFetch (a9eb50f)

6.8.0 (2025-09-11)

Features

• respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

• remove mention of Edge Runtime from the readme (2e41ad5)

6.7.1 (2025-08-29)

Fixes

• passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

6.7.0 (2025-08-27)

Features

• support for the ML-DSA Algorithm Identifiers (9543da5)

6.6.4 (2025-08-12)

Fixes

• recognize N_A in the token exchange grant (770b177)

6.6.3 (2025-08-05)

Documentation

• fix TokenEndpointResponseHelpers.claims() note (b77c786)

Refactor

... (truncated)

Commits

• 00990b9 chore(release): 6.8.1
• a9eb50f refactor: workaround dpop nonce caching caveats with customFetch
• 60d7639 chore: bump packages
• ba4040c chore: cleanup after release
• 9d70a05 chore(release): 6.8.0
• 6ce3411 feat: respect retry-after in CIBA and Device Authorization Grant polling
• d26f7a3 chore: bump oidc-provider
• c98e068 chore: bump typedoc and typescript
• 2e41ad5 docs: remove mention of Edge Runtime from the readme
• 3e11c6c chore: cleanup after release
• Additional commits viewable in compare view

Updates @eslint/js from 9.30.0 to 9.38.0

Release notes

Sourced from @​eslint/js's releases.

v9.38.0

Features

• ce40f74 feat: update complexity rule to only highlight function header (#20048) (Atul Nair)
• e37e590 feat: correct no-loss-of-precision false positives with e notation (#20187) (Francesco Trotta)

Bug Fixes

• 50c3dfd fix: improve type support for isolated dependencies in pnpm (#20201) (Francesco Trotta)
• a1f06a3 fix: correct SourceCode typings (#20114) (Pixel998)

Documentation

• 462675a docs: improve web accessibility by hiding non-semantic character (#20205) (루밀LuMir)
• c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#20203) (루밀LuMir)
• b39e71a docs: Update README (GitHub Actions Bot)
• cd39983 docs: move custom-formatters type descriptions to nodejs-api (#20190) (Percy Ma)

Chores

• d17c795 chore: upgrade @​eslint/js@​9.38.0 (#20221) (Milos Djermanovic)
• 25d0e33 chore: package.json update for @​eslint/js release (Jenkins)
• c82b5ef refactor: Use types from @​eslint/core (#20168) (Nicholas C. Zakas)
• ff31609 ci: add Node.js 25 to ci.yml (#20220) (루밀LuMir)
• 004577e ci: bump github/codeql-action from 3 to 4 (#20211) (dependabot[bot])
• eac71fb test: remove use of nodejsScope option of eslint-scope from tests (#20206) (Milos Djermanovic)
• 4168a18 chore: fix typo in legacy-eslint.js (#20202) (Sweta Tanwar)
• 205dbd2 chore: fix typos (#20200) (ntnyq)
• dbb200e chore: use team member's username when name is not available in data (#20194) (Milos Djermanovic)
• 8962089 chore: mark deprecated rules as available until v11.0.0 (#20184) (Pixel998)

v9.37.0

Features

• 39f7fb4 feat: preserve-caught-error should recognize all static "cause" keys (#20163) (Pixel998)
• f81eabc feat: support TS syntax in no-restricted-imports (#19562) (Nitin Kumar)

Bug Fixes

• a129cce fix: correct no-loss-of-precision false positives for leading zeros (#20164) (Francesco Trotta)
• 09e04fc fix: add missing AST token types (#20172) (Pixel998)
• 861c6da fix: correct ESLint typings (#20122) (Pixel998)

Documentation

• b950359 docs: fix typos across the docs (#20182) (루밀LuMir)
• 42498a2 docs: improve ToC accessibility by hiding non-semantic character (#20181) (Percy Ma)
• 29ea092 docs: Update README (GitHub Actions Bot)
• 5c97a04 docs: show availableUntil in deprecated rule banner (#20170) (Pixel998)
• 90a71bf docs: update README files to add badge and instructions (#20115) (루밀LuMir)
• 1603ae1 docs: update references from master to main (#20153) (루밀LuMir)

Chores

• afe8a13 chore: update @eslint/js dependency to version 9.37.0 (#20183) (Francesco Trotta)
• abee4ca chore: package.json update for @​eslint/js release (Jenkins)
• fc9381f chore: fix typos in comments (#20175) (overlookmotel)
• e1574a2 chore: unpin jiti (#20173) (renovate[bot])

... (truncated)

Commits

• 25d0e33 chore: package.json update for @​eslint/js release
• abee4ca chore: package.json update for @​eslint/js release
• 90a71bf docs: update README files to add badge and instructions (#20115)
• 488cba6 chore: package.json update for @​eslint/js release
• 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116)
• af2a087 chore: package.json update for @​eslint/js release
• 84ffb96 chore: update @eslint-community/eslint-utils (#20069)
• b48fa20 chore: package.json update for @​eslint/js release
• ad28371 chore: package.json update for @​eslint/js release
• 50de1ce chore: package.json update for @​eslint/js release
• Additional commits viewable in compare view

Updates @types/node from 24.0.7 to 24.9.1

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.35.0 to 8.46.2

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.46.2

8.46.2 (2025-10-20)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] skip optional chaining when it could change the result (#11702)
• typescript-estree: forbid invalid modifiers in object methods (#11689)

❤️ Thank You

• fisker Cheung @​fisker
• mdm317

You can read about our versioning strategy and releases on our website.

v8.46.1

8.46.1 (2025-10-13)

🩹 Fixes

• ast-spec: cleanup TSLiteralType (#11624)
• eslint-plugin: [prefer-optional-chain] include mixed "nullish comparison style" chains in checks (#11533)
• eslint-plugin: [no-misused-promises] special-case .finally not to report when a promise returning function is provided as an argument (#11667)

❤️ Thank You

• Abraham Guo
• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.46.0

8.46.0 (2025-10-06)

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#11659)
• eslint-plugin-internal: [no-dynamic-tests] new internal Lint rule to ban dynamic syntax in generating tests (#11323)
• rule-schema-to-typescript-types: clean up and make public (#11633)
• typescript-eslint: export util types (#10848, #10849)
• typescript-estree: mention file specifics in project service allowDefaultProject error (#11635)
• typescript-estree: private identifiers can only appear on LHS of in expressions (#9232)

🩹 Fixes

• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#11487)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#11634)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#11603)
• eslint-plugin: removed error type previously deprecated (#11674)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.46.2 (2025-10-20)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] skip optional chaining when it could change the result (#11702)

❤️ Thank You

• mdm317

You can read about our versioning strategy and releases on our website.

8.46.1 (2025-10-13)

🩹 Fixes

• eslint-plugin: [no-misused-promises] special-case .finally not to report when a promise returning function is provided as an argument (#11667)
• eslint-plugin: [prefer-optional-chain] include mixed "nullish comparison style" chains in checks (#11533)

❤️ Thank You

• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

8.46.0 (2025-10-06)

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#11659)
• rule-schema-to-typescript-types: clean up and make public (#11633)

🩹 Fixes

• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#11660)
• typescript-estree: forbid abstract method and accessor to have implementation (#11657)
• eslint-plugin: removed error type previously deprecated (#11674)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#11603)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#11634)
• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#11628)
• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#11487)

❤️ Thank You

• fisker Cheung @​fisker
• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Richard Torres @​richardtorres314

... (truncated)

Commits

• 55ca033 chore(release): publish 8.46.2
• 698e7a8 fix(eslint-plugin): [prefer-optional-chain] skip optional chaining when it co...
• 3f5fbf6 chore(release): publish 8.46.1
• a64b3cc fix(eslint-plugin): [no-misused-promises] special-case .finally not to repo...
• 73003bf fix(eslint-plugin): [prefer-optional-chain] include mixed "nullish comparison...
• aec785e chore(release): publish 8.46.0
• a974191 fix(eslint-plugin): [prefer-readonly-parameter-types] ignore tagged primitive...
• 02e0278 fix(typescript-estree): forbid abstract method and accessor to have implement...
• f083798 feat(eslint-plugin): [no-unsafe-member-access] add allowOptionalChaining opti...
• a62f625 fix(eslint-plugin): removed error type previously deprecated (#11674)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​typescript-eslint/eslint-plugin since your current version.

Updates @typescript-eslint/parser from 8.35.0 to 8.46.2

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.46.2

8.46.2 (2025-10-20)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] skip optional chaining when it could change the result (#11702)
• typescript-estree: forbid invalid modifiers in object methods (#11689)

❤️ Thank You

• fisker Cheung @​fisker
• mdm317

You can read about our versioning strategy and releases on our website.

v8.46.1

8.46.1 (2025-10-13)

🩹 Fixes

• ast-spec: cleanup TSLiteralType (#11624)
• eslint-plugin: [prefer-optional-chain] include mixed "nullish comparison style" chains in checks (#11533)
• eslint-plugin: [no-misused-promises] special-case .finally not to report when a promise returning function is provided as an argument (#11667)

❤️ Thank You

• Abraham Guo
• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.46.0

8.46.0 (2025-10-06)

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#11659)
• eslint-plugin-internal: [no-dynamic-tests] new internal Lint rule to ban dynamic syntax in generating tests (#11323)
• rule-schema-to-typescript-types: clean up and make public (#11633)
• typescript-eslint: export util types (#10848, #10849)
• typescript-estree: mention file specifics in project service allowDefaultProject error (#11635)
• typescript-estree: private identifiers can only appear on LHS of in expressions (#9232)

🩹 Fixes

• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#11487)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#11634)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#11603)
• eslint-plugin: removed error type previously deprecated (#11674)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.46.2 (2025-10-20)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.46.1 (2025-10-13)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.46.0 (2025-10-06)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.45.0 (2025-09-29)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.44.1 (2025-09-22)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.44.0 (2025-09-15)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.43.0 (2025-09-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.42.0 (2025-09-02)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.41.0 (2025-08-25)

... (truncated)

Commits

• 55ca033 chore(release): publish 8.46.2
• 3f5fbf6 chore(release): publish 8.46.1
• aec785e chore(release): publish 8.46.0
• 255e9e2 chore(release): publish 8.45.0
• c198052 chore(release): publish 8.44.1
• 77056f7 chore(release): publish 8.44.0
• ef9173c chore(release): publish 8.43.0
• d135909 chore(release): publish 8.42.0
• 31a7336 chore(release): publish 8.41.0
• 60c3b26 chore(release): publish 8.40.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​typescript-eslint/parser since your current version.

Updates eslint from 9.30.0 to 9.38.0

Release notes

Sourced from eslint's releases.

v9.38.0

Features

• ce40f74 feat: update complexity rule to only highlight function header (#20048) (Atul Nair)
• e37e590 feat: correct no-loss-of-precision false positives with e notation (#20187) (Francesco Trotta)

Bug Fixes

• 50c3dfd fix: improve type support for isolated dependencies in pnpm (#20201) (Francesco Trotta)
• a1f06a3 fix: correct SourceCode typings (#20114) (Pixel998)

Documentation

• 462675a docs: improve web accessibility by hiding non-semantic character (#20205) (루밀LuMir)
• c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#20203) (루밀LuMir)
• b39e71a docs: Update README (GitHub Actions Bot)
• cd39983 docs: move custom-formatters type descriptions to nodejs-api (#20190) (Percy Ma)

Chores

• d17c795 chore: upgrade @​eslint/js@​9.38.0 (#20221) (Milos Djermanovic)
• 25d0e33 chore: package.json update for @​eslint/js release (Jenkins)
• c82b5ef refactor: Use types from @​eslint/core (#20168) (Nicholas C. Zakas)
• ff31609 ci: add Node.js 25 to ci.yml (#20220) (루밀LuMir)
• 004577e ci: bump github/codeql-action from 3 to 4 (#20211) (dependabot[bot])
• eac71fb test: remove use of nodejsScope option of eslint-scope from tests (#20206) (Milos Djermanovic)
• 4168a18 chore: fix typo in legacy-eslint.js (#20202) (Sweta Tanwar)
• 205dbd2 chore: fix typos (#20200) (ntnyq)
• dbb200e chore: use team member's username when name is not available in data (#20194) (Milos Djermanovic)
• 8962089 chore: mark deprecated rules as available until v11.0.0 (#20184) (Pixel998)

v9.37.0

Features

• 39f7fb4 feat: preserve-caught-error should recognize all static "cause" keys (#20163) (Pixel998)
• f81eabc feat: support TS syntax in no-restricted-imports (#19562) (Nitin Kumar)

Bug Fixes

• a129cce fix: correct no-loss-of-precision false positives for leading zeros (#20164) (Francesco Trotta)
• 09e04fc fix: add missing AST token types (#20172) (Pixel998)
• 861c6da fix: correct ESLint typings (

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.