deps(server)(deps): bump the all-server-deps group across 1 directory with 3 updates

[dependabot]

Bumps the all-server-deps group with 3 updates in the /server directory: mongoose, vite and vitest.

Updates mongoose from 9.7.0 to 9.7.3

Release notes

Sourced from mongoose's releases.

9.7.3 / 2026-06-26

• types(model): correct Model.validate() return type to Promise #16340 #16338
• types: use @​standard-schema/spec for StandardSchema types rather than inlining #16341 #16339

9.7.2 / 2026-06-22

• fix(documentarray): reindex subdocs after array reordering and removal so subsequent nested changes save using the correct path #16282 AbdelrahmanHafez
• fix(document): avoid accessing special properties in Document.prototype.get()
• fix(schema): only return own properties in schematype lookups and disallow setting schema paths under special properties
• docs: update homepage sponsor layout

9.7.1 / 2026-06-17

• perf(document+model): improve save performance by avoiding unnecessary promise allocations and reducing path/default/dirty-state overhead #16331
• fix(schema): include ObjectId regex pattern in toJSONSchema() output #16335 #16334 AbdelrahmanHafez
• fix(populate): split populate into separate queries per document if the resulting $in filter has more than 50k elements to reduce risk of BSON size errors #16333 #5890
• docs: add assistant sidebar with MongoDB Knowledge integration #16311 #16283
• docs: update docs copy buttons, edit links, homepage alignment, and llms.txt generation #16326 #16327 #16329

Changelog

Sourced from mongoose's changelog.

9.7.3 / 2026-06-26

• types(model): correct Model.validate() return type to Promise #16340 #16338
• types: use @​standard-schema/spec for StandardSchema types rather than inlining #16341 #16339

9.7.2 / 2026-06-22

• fix(documentarray): reindex subdocs after array reordering and removal so subsequent nested changes save using the correct path #16282 AbdelrahmanHafez
• fix(document): avoid accessing special properties in Document.prototype.get()
• fix(schema): only return own properties in schematype lookups and disallow setting schema paths under special properties
• docs: update homepage sponsor layout

9.7.1 / 2026-06-17

• perf(document+model): improve save performance by avoiding unnecessary promise allocations and reducing path/default/dirty-state overhead #16331
• fix(schema): include ObjectId regex pattern in toJSONSchema() output #16335 #16334 AbdelrahmanHafez
• fix(populate): split populate into separate queries per document if the resulting $in filter has more than 50k elements to reduce risk of BSON size errors #16333 #5890
• docs: add assistant sidebar with MongoDB Knowledge integration #16311 #16283
• docs: update docs copy buttons, edit links, homepage alignment, and llms.txt generation #16326 #16327 #16329

Commits

• df72bff chore: release 9.7.3
• 97f0f36 Merge pull request #16341 from Automattic/vkarpov15/gh-16339
• aa58b76 types: use @​standard-schema/spec for StandardSchema types rather than inlining
• 0734de7 fix(types): correct Model.validate() return type to Promise<TRawDocType> (#16...
• 87ade9b chore: release 9.7.2
• 4e12786 Merge branch 'vkarpov15/fix-security-20260609-master'
• b3dd12a docs: flex wrap for major sponsors
• d48fee3 fix(documentarray): reindex subdocs after reordering (#16282)
• 3e0e079 fix(types): correct Model.validate() return type to Promise<TRawDocType>
• 03bedea docs: add mongodb as sponsor on homepage
• Additional commits viewable in compare view

Updates vite from 8.0.16 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

• extend server.fs.deny list with common files (#22707) (61ba8fd)
• update rolldown to 1.1.2 (#22695) (4f008a6)
• use ~ for Rolldown (#22693) (9928722)

Bug Fixes

• bundled-dev: errors should be kept when incremental build fails (#22617) (9a0dd48)
• cache falsy values in perEnvironmentState (#22715) (0e91e79)
• glob: respect caseSensitive option in hmr matcher (#22711) (65f525e)
• html: omit nonce on import map when cspNonce is unset (#22713) (8340bb5)
• optimizer: skip null-valued exports in expandGlobIds glob resolution (#22611) (8b9f5cd)
• resolved build options should be kept as a getter (#22691) (3527191)
• server: handle malformed URI in memory files middleware (#22714) (df9e0a5)
• use literal envPrefix queries for Vite Task (#22706) (da72733)
• warn on deprecated envFile (#22555) (ed7b283)

Code Refactoring

• client: inline dev-id value in CSS selector (#22736) (57f59bc)
• remove unused removeRawQuery util (#22724) (403cc60)
• use rolldownOptions property for chunkImportMap (#22692) (8e8816c)

8.1.0-beta.0 (2026-06-15)

Features

• import.meta.glob support caseSensitive option (#21707) (2ad6737)
• add warning to discourage Vite with yarn pnp (#21906) (3fbb55a)
• build: chunk importmap (#21580) (e180312)
• css: support lightningcss plugin dependency (#21748) (0b7aaed)
• deps: bump @​vitejs/devtools peer dependency version (#22542) (d2c2bc0)
• html: add html.additionalAssetSources option (#21412) (a41404b)
• integrate with Vite Task for zero-config build caching (#22453) (f8d75f7)
• rename server.hmr options to server.ws options (#21357) (9ce3036)
• server: support multiple hosts in __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS (#21501) (735f9a1)
• track dependencies when loading config with native (#22602) (a7e2da8)
• types: add more precise typing for known query types to match known as types (#21863) (cc39e55)
• update rolldown to 1.1.1 (#22593) (8a13d63)
• wasm: direct .wasm imports (WASM ESM Integration) (#21779) (c23d85b)

Bug Fixes

• apply correct fs restrictions for pnpm gvs (#22415) (092320b)
• css: support external CSS with lightningcss (#18389) (d64a1a5)
• deps: update all non-major dependencies (#22637) (44bb9d9)
• deps: update all non-major dependencies (#22681) (f4f0633)
• html: insert import map before modulepreload that is not self-close tag (#21409) (e399c89)
• optimizer: preserve sourcemaps for transformed optimized deps with follow-up transforms (#22428) (1298951)

... (truncated)

Commits

• 5909efd fix: allow multiple bindCLIShortcuts calls with shortcut merging (#21103)
• 39a0a15 chore(deps): update rolldown-related dependencies (#21095)
• 6a34ac3 fix(deps): update all non-major dependencies (#21096)
• 02ceaec chore(deps): update dependency @​rollup/plugin-commonjs to v29 (#21099)
• 572aaca release: v7.2.2
• 728c8ee fix: revert "refactor: use fs.cpSync (#21019)" (#21081)
• a532e68 release: v7.2.1
• 82d2d6c fix(worker): some worker asset was missing (#21074)
• f83264f refactor(build): rename indexOfMatchInSlice to findPreloadMarker (#21054)
• 8293de0 release: v7.2.0
• Additional commits viewable in compare view

Updates vitest from 4.1.8 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

• Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in vitest-dev/vitest#10546 (a5180)
• browser:
  • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10555 (7fb29)
  • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10497 and vitest-dev/vitest#10556 (fbc62)
• mocker:
  • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in vitest-dev/vitest#10548 (2c955)
• pool:
  • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in vitest-dev/vitest#10543 and vitest-dev/vitest#10564 (934b0)

View changes on GitHub

Commits

• a7a61e7 chore: release v4.1.9 (#10598)
• 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
• 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
• a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, server. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.