chore(deps)(deps): bump the minor-and-patch group with 21 updates#75
chore(deps)(deps): bump the minor-and-patch group with 21 updates#75dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the minor-and-patch group with 21 updates: | Package | From | To | | --- | --- | --- | | [turbo](https://github.com/vercel/turborepo) | `2.9.18` | `2.10.0` | | [@hono/node-server](https://github.com/honojs/node-server) | `2.0.5` | `2.0.6` | | [@langchain/core](https://github.com/langchain-ai/langchainjs) | `1.2.0` | `1.2.1` | | [@langchain/openai](https://github.com/langchain-ai/langchainjs) | `1.5.1` | `1.5.3` | | [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.6.20` | `1.6.22` | | [hono](https://github.com/honojs/hono) | `4.12.26` | `4.12.27` | | [mongodb](https://github.com/mongodb/node-mongodb-native) | `7.3.0` | `7.4.0` | | [mongoose](https://github.com/Automattic/mongoose) | `9.7.1` | `9.7.3` | | [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight) | `0.40.0` | `0.41.1` | | [starlight-image-zoom](https://github.com/HiDeoo/starlight-image-zoom/tree/HEAD/packages/starlight-image-zoom) | `0.14.2` | `0.15.0` | | [@playwright/test](https://github.com/microsoft/playwright) | `1.61.0` | `1.61.1` | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.101.0` | `5.101.2` | | [@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react) | `12.11.0` | `12.11.1` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.21.0` | `1.22.0` | | [recharts](https://github.com/recharts/recharts) | `3.8.1` | `3.9.0` | | [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `6.0.2` | `6.0.3` | | [postcss](https://github.com/postcss/postcss) | `8.5.15` | `8.5.16` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.16` | `8.1.0` | | [bullmq](https://github.com/taskforcesh/bullmq) | `5.79.1` | `5.79.2` | | [@langchain/anthropic](https://github.com/langchain-ai/langchainjs) | `1.5.0` | `1.5.1` | | [langchain](https://github.com/langchain-ai/langchainjs) | `1.5.0` | `1.5.2` | Updates `turbo` from 2.9.18 to 2.10.0 - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.9.18...v2.10.0) Updates `@hono/node-server` from 2.0.5 to 2.0.6 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v2.0.5...v2.0.6) Updates `@langchain/core` from 1.2.0 to 1.2.1 - [Release notes](https://github.com/langchain-ai/langchainjs/releases) - [Commits](https://github.com/langchain-ai/langchainjs/compare/@langchain/core@1.2.0...@langchain/core@1.2.1) Updates `@langchain/openai` from 1.5.1 to 1.5.3 - [Release notes](https://github.com/langchain-ai/langchainjs/releases) - [Commits](https://github.com/langchain-ai/langchainjs/compare/@langchain/openai@1.5.1...@langchain/openai@1.5.3) Updates `better-auth` from 1.6.20 to 1.6.22 - [Release notes](https://github.com/better-auth/better-auth/releases) - [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md) - [Commits](https://github.com/better-auth/better-auth/commits/v1.6.22/packages/better-auth) Updates `hono` from 4.12.26 to 4.12.27 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.26...v4.12.27) Updates `mongodb` from 7.3.0 to 7.4.0 - [Release notes](https://github.com/mongodb/node-mongodb-native/releases) - [Changelog](https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md) - [Commits](mongodb/node-mongodb-native@v7.3.0...v7.4.0) Updates `mongoose` from 9.7.1 to 9.7.3 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](Automattic/mongoose@9.7.1...9.7.3) Updates `@astrojs/starlight` from 0.40.0 to 0.41.1 - [Release notes](https://github.com/withastro/starlight/releases) - [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md) - [Commits](https://github.com/withastro/starlight/commits/@astrojs/starlight@0.41.1/packages/starlight) Updates `starlight-image-zoom` from 0.14.2 to 0.15.0 - [Release notes](https://github.com/HiDeoo/starlight-image-zoom/releases) - [Changelog](https://github.com/HiDeoo/starlight-image-zoom/blob/main/packages/starlight-image-zoom/CHANGELOG.md) - [Commits](https://github.com/HiDeoo/starlight-image-zoom/commits/starlight-image-zoom@0.15.0/packages/starlight-image-zoom) Updates `@playwright/test` from 1.61.0 to 1.61.1 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.61.0...v1.61.1) Updates `@tanstack/react-query` from 5.101.0 to 5.101.2 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.2/packages/react-query) Updates `@xyflow/react` from 12.11.0 to 12.11.1 - [Release notes](https://github.com/xyflow/xyflow/releases) - [Changelog](https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md) - [Commits](https://github.com/xyflow/xyflow/commits/@xyflow/react@12.11.1/packages/react) Updates `lucide-react` from 1.21.0 to 1.22.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/1.22.0/packages/lucide-react) Updates `recharts` from 3.8.1 to 3.9.0 - [Release notes](https://github.com/recharts/recharts/releases) - [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md) - [Commits](recharts/recharts@v3.8.1...v3.9.0) Updates `@vitejs/plugin-react` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/vitejs/vite-plugin-react/releases) - [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react) Updates `postcss` from 8.5.15 to 8.5.16 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.15...8.5.16) Updates `vite` from 8.0.16 to 8.1.0 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite) Updates `bullmq` from 5.79.1 to 5.79.2 - [Release notes](https://github.com/taskforcesh/bullmq/releases) - [Commits](taskforcesh/bullmq@v5.79.1...v5.79.2) Updates `@langchain/anthropic` from 1.5.0 to 1.5.1 - [Release notes](https://github.com/langchain-ai/langchainjs/releases) - [Commits](https://github.com/langchain-ai/langchainjs/compare/@langchain/anthropic@1.5.0...@langchain/anthropic@1.5.1) Updates `langchain` from 1.5.0 to 1.5.2 - [Release notes](https://github.com/langchain-ai/langchainjs/releases) - [Commits](https://github.com/langchain-ai/langchainjs/compare/langchain@1.5.0...langchain@1.5.2) --- updated-dependencies: - dependency-name: turbo dependency-version: 2.10.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@hono/node-server" dependency-version: 2.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@langchain/core" dependency-version: 1.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@langchain/openai" dependency-version: 1.5.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: better-auth dependency-version: 1.6.22 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: hono dependency-version: 4.12.27 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: mongodb dependency-version: 7.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: mongoose dependency-version: 9.7.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@astrojs/starlight" dependency-version: 0.41.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: starlight-image-zoom dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@playwright/test" dependency-version: 1.61.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@tanstack/react-query" dependency-version: 5.101.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@xyflow/react" dependency-version: 12.11.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: lucide-react dependency-version: 1.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: recharts dependency-version: 3.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: postcss dependency-version: 8.5.16 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: vite dependency-version: 8.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: bullmq dependency-version: 5.79.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@langchain/anthropic" dependency-version: 1.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: langchain dependency-version: 1.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Want higher recall? High effort reviews run extra passes and find more bugs. A team admin can switch effort levels in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit c78b1c3. Configure here.
| }, | ||
| "dependencies": { | ||
| "@astrojs/starlight": "^0.40.0", | ||
| "@astrojs/starlight": "^0.41.1", |
There was a problem hiding this comment.
Starlight 0.41 with Astro 6
Medium Severity
This commit bumps @astrojs/starlight to ^0.41.1 and starlight-image-zoom to ^0.15.0 but leaves astro at ^6.4.8. Starlight 0.41 drops Astro 6 and declares a peer on Astro ^7.0.2, so the docs app’s dependency set is internally inconsistent and @archmax/docs build or dev may fail after install.
Reviewed by Cursor Bugbot for commit c78b1c3. Configure here.
There was a problem hiding this comment.
No security findings in the changed files.
Reviewed PR #75 against the requested threat surfaces:
- MCP endpoint auth: no MCP route or handler code changed.
- Query execution sandboxing: no
execute_query/DuckDB code changed. - Admin auth (Better Auth): only
better-authversion bumps; no session, CSRF, or cookie configuration changed. - API input validation: no Hono route handler code changed.
- Environment secrets: no env files or source constants with secrets changed.
- Dependency exposure: the PR only bumps existing dependencies.
pnpm audit --prodreports 15 advisories on the PR head, but the same advisories and severity counts are present on the base commit, so this PR does not introduce a new known-vulnerability finding.
Sent by Cursor Automation: archmax Security Review
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |




Bumps the minor-and-patch group with 21 updates:
2.9.182.10.02.0.52.0.61.2.01.2.11.5.11.5.31.6.201.6.224.12.264.12.277.3.07.4.09.7.19.7.30.40.00.41.10.14.20.15.01.61.01.61.15.101.05.101.212.11.012.11.11.21.01.22.03.8.13.9.06.0.26.0.38.5.158.5.168.0.168.1.05.79.15.79.21.5.01.5.11.5.01.5.2Updates
turbofrom 2.9.18 to 2.10.0Release notes
Sourced from turbo's releases.
... (truncated)
Commits
12fb0d9publish 2.10.0 to registrya12323brelease(turborepo): 2.9.19-canary.10 (#13130)65175fefix: Hash selected dependency outputs instead of tasks (#13129)5ba8917fix: Improve watch graceful shutdown (#13128)75ee2ccchore: Update to Rust 1.96.0 (#12974)6dccf5afix: Restart deferred hash consumers in watch (#13127)4ebb50ffeat: Add deferred hashing for task inputs (#13125)517e1a5docs: Fix stderr debugging guidance (#13122)0220b35fix: Respect task inputs when stopping interruptible persistent tasks in watc...6988692fix: Add ComSpec and PATHEXT to default Windows env passthrough (#13114)Updates
@hono/node-serverfrom 2.0.5 to 2.0.6Release notes
Sourced from @hono/node-server's releases.
Commits
ff75c612.0.6814720ffix: preserve status and statusText when cloning a Response with live headers...a76209aci: use npm Staged publishing (#364)44c365aci: publish to npm from CI with OIDC trusted publishing and bumpnp(#361)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@hono/node-serversince your current version.Updates
@langchain/corefrom 1.2.0 to 1.2.1Release notes
Sourced from @langchain/core's releases.
Commits
1ee0df0chore: version packages (#11097)f017708fix(core): better 429 error handling (#10674)05936abfix(openai): omit empty reasoning item id in Responses API input (#11045)798cb70fix(openai): route standard url file blocks to native input_file in Responses...80c790bfix(openai): stream built-in tool progress events (#11090)d2e6afcfix(groq): require@langchain/core>= 1.1.30 in peer dependency (#11072)c66870efeat(weaviate): add X-Weaviate-Client-Integration telemetry header (#11088)baa57bafix(anthropic): omit default disabled thinking from requests (#11073)04edb8ddocs(ibm): fix "Recieved" typo in tool_choice error message (#11066)2b7f368chore(deps): bump uuid from 14.0.0 to 14.0.1 (#11094)Updates
@langchain/openaifrom 1.5.1 to 1.5.3Release notes
Sourced from @langchain/openai's releases.
Commits
f1d64ffchore: version packages (#11101)72ffc4bfix(aws): add Bedrock stream idle timeout (#11098)3205b35fix(langchain, openai): decouple strict tools from strict structured output r...1ee0df0chore: version packages (#11097)f017708fix(core): better 429 error handling (#10674)05936abfix(openai): omit empty reasoning item id in Responses API input (#11045)798cb70fix(openai): route standard url file blocks to native input_file in Responses...80c790bfix(openai): stream built-in tool progress events (#11090)d2e6afcfix(groq): require@langchain/core>= 1.1.30 in peer dependency (#11072)c66870efeat(weaviate): add X-Weaviate-Client-Integration telemetry header (#11088)Updates
better-authfrom 1.6.20 to 1.6.22Release notes
Sourced from better-auth's releases.
... (truncated)
Changelog
Sourced from better-auth's changelog.
... (truncated)
Commits
a90d061chore: release v1.6.22 (#10245)3a035e9fix(two-factor): add account-level verification lockout (#10240)c06a56dfix: revoke unproven credentials on magic-link/email-OTP sign-in (#10239)414169dchore: release v1.6.21 (#10184)f52e1abfix(device-authorization): makeschemaoption optional under Zod v4 (#9939)882cf9efix(admin): use authoritative session reads for authorization (#10187)b5bec19fix(oauth): apply user input rules to provider profiles (#10196)471f81crefactor: centralize request IP resolver in core (#10216)816d7f9fix(one-tap): apply configured Google hosted domain (hd) on the callback (#10...1bc370afix(siwe): reject sign-in when the provided email already belongs to another ...Updates
honofrom 4.12.26 to 4.12.27Release notes
Sourced from hono's releases.
Commits
97c6fe14.12.27aa92177Merge commit from forkcd3f6f7Merge commit from forkd4853a8fix(jsx): make merged context-isolation tests pass tsc type check (#5037)6735feafix(jsx): cast awaitedFallback through unknown to fix Deno type check (#5036)fab3b13Merge commit from fork9f0dadfci: use npm Staged publishing (#5035)Updates
mongodbfrom 7.3.0 to 7.4.0Release notes
Sourced from mongodb's releases.
Changelog
Sourced from mongodb's changelog.
Commits
1c4333echore(main): release 7.4.0 (#4974)43ce3ebfeat(NODE-7634): remove experimental tag from async dispose methods (#4976)3abfd26fix(NODE-7549): send afterClusterTime on writes in causally-consistent sessio...88ec159chore(NODE-7418): skip csot tests on latest (#4969)1f5ac37chore(NODE-7473): upgrade to chai 5 (#4958)b17288cchore: skip csfle tests and fix related broken tests (#4965)5b401aatest(NODE-7493): enable source maps and add nyc-free debug scripts (#4947)3ba2dd2docs: clarify release notes verification steps (#4960)0a434d3docs: add 7.3 docs (#4959)Updates
mongoosefrom 9.7.1 to 9.7.3Release notes
Sourced from mongoose's releases.
Changelog
Sourced from mongoose's changelog.
Commits
df72bffchore: release 9.7.397f0f36Merge pull request #16341 from Automattic/vkarpov15/gh-16339aa58b76types: use@standard-schema/specfor StandardSchema types rather than inlining0734de7fix(types): correct Model.validate() return type to Promise<TRawDocType> (#16...87ade9bchore: release 9.7.24e12786Merge branch 'vkarpov15/fix-security-20260609-master'b3dd12adocs: flex wrap for major sponsorsd48fee3fix(documentarray): reindex subdocs after reordering (#16282)3e0e079fix(types): correct Model.validate() return type to Promise<TRawDocType>03bedeadocs: add mongodb as sponsor on homepageUpdates
@astrojs/starlightfrom 0.40.0 to 0.41.1Release notes
Sourced from @astrojs/starlight's releases.
Changelog
Sourced from @astrojs/starlight's changelog.
Commits
c1a3d6d[ci] release (#3989)72e63dcAdd link icons and dedupe Markdown/component icons (#3967)ac55cfaUpdateastro-expressive-code(#3988)