build(deps): bump the minor-and-patch group across 1 directory with 19 updates

[dependabot]

Bumps the minor-and-patch group with 19 updates in the / directory:

Package	From	To
@semantic-release/github	12.0.3	12.0.8
@semantic-release/npm	13.1.3	13.1.5
@semantic-release/release-notes-generator	14.1.0	14.1.1
@types/node	25.2.0	25.9.3
conventional-changelog-conventionalcommits	9.1.0	9.3.1
esbuild	0.27.2	0.28.1
prettier	3.8.1	3.8.4
semantic-release	25.0.3	25.0.5
tsx	4.21.0	4.22.4
typescript-eslint	8.54.0	8.61.1
vitest	4.0.18	4.1.9
@noble/hashes	2.0.1	2.2.0
better-sqlite3	12.6.2	12.11.1
openpgp	6.3.0	6.3.1
pino	10.3.0	10.3.1
viem	2.45.1	2.52.2
zod	4.3.6	4.4.3
@modelcontextprotocol/sdk	1.27.1	1.29.0
hono	4.11.7	4.12.25

Updates @semantic-release/github from 12.0.3 to 12.0.8

Release notes

Sourced from @​semantic-release/github's releases.

v12.0.8

12.0.8 (2026-05-08)

Bug Fixes

• deps: update dependency http-proxy-agent to v9 (#1203) (edd1652)

v12.0.7

12.0.7 (2026-05-08)

Bug Fixes

• deps: update dependency https-proxy-agent to v9 (#1204) (1f17362)

v12.0.6

12.0.6 (2026-02-12)

Bug Fixes

• latest: add make_latest property to the GH release PATCH request during publish (#1169) (f516337)

v12.0.5

12.0.5 (2026-02-07)

Bug Fixes

• latest: add make_latest property to the GH release POST request during publish (#1157) (38051ba)

v12.0.4

12.0.4 (2026-02-06)

Bug Fixes

• remove failTitle arg in findSRIssues call (#1164) (f7bdd88)

Commits

• edd1652 fix(deps): update dependency http-proxy-agent to v9 (#1203)
• 1f17362 fix(deps): update dependency https-proxy-agent to v9 (#1204)
• 33fd115 chore(deps): update dependency cpy to v13.2.2 (#1221)
• 59fbe01 chore(deps): update dependency publint to v0.3.19 (#1220)
• ff5b17c chore(deps): lock file maintenance (#1219)
• 75faf16 chore(deps): update dependency ava to v8 (#1218)
• 56d65c0 chore(deps): lock file maintenance (#1217)
• 31a02d2 chore(deps): update npm to v11.13.0 (#1216)
• 3f06ad5 ci(action): update actions/setup-node action to v6.4.0 (#1214)
• 6ded611 chore(deps): lock file maintenance (#1213)
• Additional commits viewable in compare view

Updates @semantic-release/npm from 13.1.3 to 13.1.5

Release notes

Sourced from @​semantic-release/npm's releases.

v13.1.5

13.1.5 (2026-03-01)

Bug Fixes

• deps: update dependency normalize-url to v9 (#1095) (daec492)

v13.1.4

13.1.4 (2026-02-06)

Bug Fixes

• deps: update dependency @​actions/core to v3 (#1085) (17abfe1)

Commits

• daec492 fix(deps): update dependency normalize-url to v9 (#1095)
• af8362f chore(deps): update dependency strip-ansi to v7.2.0 (#1098)
• 7354e11 chore(deps): update node.js to v24 (#1027)
• 2c4d2c9 chore(deps): update npm to v11.11.0 (#1097)
• 95ba689 chore(deps): update dependency c8 to v11 (#1096)
• 5d32912 chore(deps): update npm to v11.10.1 (#1094)
• 54f908c chore(deps): lock file maintenance (#1093)
• 91e1f14 chore(deps): update npm to v11.10.0 (#1092)
• 0d7d37e chore(deps): lock file maintenance (#1089)
• c5411cc chore(deps): update npm to v11.9.0 (#1088)
• Additional commits viewable in compare view

Updates @semantic-release/release-notes-generator from 14.1.0 to 14.1.1

Release notes

Sourced from @​semantic-release/release-notes-generator's releases.

v14.1.1

14.1.1 (2026-05-08)

Bug Fixes

• deps: update dependency get-stream to v9 (#613) (9728887)

Commits

• 9728887 fix(deps): update dependency get-stream to v9 (#613)
• 618cd05 chore(deps): update dependency publint to v0.3.19 (#965)
• 2cbdb58 chore(deps): lock file maintenance (#964)
• df3fb9e chore(deps): lock file maintenance (#962)
• e60ca73 chore(deps): update npm to v11.13.0 (#961)
• 05ea556 ci(action): update actions/setup-node action to v6.4.0 (#960)
• 0b4e4a7 chore(deps): lock file maintenance (#959)
• 9854b65 chore(deps): update dependency prettier to v3.8.3 (#958)
• 64d547f chore(deps): update dependency sinon to v21.1.2 (#957)
• 46dec93 chore(deps): update dependency sinon to v21.1.1 (#956)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​semantic-release/release-notes-generator since your current version.

Updates @types/node from 25.2.0 to 25.9.3

Commits

• See full diff in compare view

Updates conventional-changelog-conventionalcommits from 9.1.0 to 9.3.1

Release notes

Sourced from conventional-changelog-conventionalcommits's releases.

conventional-changelog-conventionalcommits: v9.3.1

Bug Fixes

• skip mention linkification inside inline code (#1444) (c598bf1)

conventional-changelog-conventionalcommits: v9.3.0

Features

• inline hbs templates in code as strings (#1434) (0d5a4a6)

conventional-changelog-conventionalcommits: v9.2.0

Features

• align newline formatting across presets (#1431) (b0721e1)

Changelog

Sourced from conventional-changelog-conventionalcommits's changelog.

9.3.1 (2026-03-29)

Bug Fixes

• skip mention linkification inside inline code (#1444) (c598bf1)

9.3.0 (2026-03-04)

Features

• inline hbs templates in code as strings (#1434) (0d5a4a6)

9.2.0 (2026-03-01)

Features

• align newline formatting across presets (#1431) (b0721e1)

Commits

• 08f44dc chore(release): monorepo release (#1442)
• c598bf1 fix(conventional-changelog-angular,conventional-changelog-conventionalcommits...
• 7d4a4f6 chore(release): monorepo release (#1435)
• 0d5a4a6 feat(conventional-changelog-angular,conventional-changelog-atom,conventional-...
• 44bc44d chore(release): monorepo release (#1423)
• 441af37 docs: fix libraries io links
• b0721e1 feat(conventional-changelog,conventional-changelog-angular,conventional-chang...
• See full diff in compare view

Updates esbuild from 0.27.2 to 0.28.1

Release notes

Sourced from esbuild's releases.

v0.28.1

• Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)

  This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed.

  Thanks to @​dellalibera for reporting this issue.

• Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)

  The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.

  Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content.

  Thanks to @​sondt99 for reporting this issue.

• Avoid inlining using and await using declarations (#4482)

  Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example:

  // Original code
  {
    using x = new Resource()
    x.activate()
  }
  // Old output (with --minify)
  new Resource().activate();
  // New output (with --minify)
  {using e=new Resource;e.activate()}

• Fix module evaluation when an error is thrown (#4461, #4467)

  If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if import() or require() is used to import a module multiple times. The thrown error is supposed to be thrown by every call to import() or require(), not just the first. With this release, esbuild will now throw the same error every time you call import() or require() on a module that throws during its evaluation.

• Fix some edge cases around the new operator (#4477)

  Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a new expression (specifically an optional chain and/or a tagged template literal). The generated code for the new target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the new target in parentheses. Here is an example of some affected code:

  // Original code
  new (foo()`bar`)()
  new (foo()?.bar)()
  // Old output
  new foo()bar();
  new (foo())?.bar();

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2025

This changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).

Commits

• bb9db84 publish 0.28.1 to npm
• 9ff053e security: add integrity checks to the Deno API
• 0a9bf21 enforce non-negative size in gzip parser
• e2a1a71 security: forbid \\ in local dev server requests
• 83a2cbf fix #4482: don't inline using declarations
• 308ad74 fix #4471: renaming of nested var declarations
• f013f5f fix some typos
• aafd6e4 chore: fix some minor issues in comments (#4462)
• 15300c3 follow up: cjs evaluation fixes
• 1bda0c3 fix #4461, fix #4467: esm evaluation fixes
• Additional commits viewable in compare view

Updates prettier from 3.8.1 to 3.8.4

Release notes

Sourced from prettier's releases.

3.8.4

• Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (prettier/prettier#17746 by @​byplayer)

🔗 Changelog

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.4

diff

Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#17746 by @​byplayer)

Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.

<!-- Input -->
- a


b


c

d



<!-- Prettier 3.8.3 -->

a

b


c

d



<!-- Prettier 3.8.4 -->


a

b



c

d

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
</tr></table>

... (truncated)

Commits

• 1c6ba55 Release 3.8.4
• 4a673dc Fix blank lines between list items and nested sub-lists being removed in Mark...
• 074aaed Replace main branch in changelog link with tags (#19054)
• c22a003 Bump Prettier dependency to 3.8.3
• 07bad1f Clean changelog_unreleased
• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• Additional commits viewable in compare view

Updates semantic-release from 25.0.3 to 25.0.5

Release notes

Sourced from semantic-release's releases.

v25.0.5

25.0.5 (2026-06-09)

Bug Fixes

• revert: next (#4200) (db8ffaa)

v25.0.4

25.0.4 (2026-06-09)

Bug Fixes

• code-quality: add missing comma in context object for consistency (493d6cd)

Commits

• db8ffaa fix(revert): next (#4200)
• 4e476de docs: update README to include information about the new core engine integration
• 493d6cd fix(code-quality): add missing comma in context object for consistency
• d05e160 refactor: replace direct logger and env-ci replacements with a mockCore funct...
• 4f464a7 test: add tests for core delegation and dry-run policy handling
• 3f5d1b7 refactor: integrate core; remove unused imports and restructuring the main ...
• 7d71f2e refactor: remove obsolete release type constants and notes separator
• 1ae1a19 refactor: remove obsolete test files for logger, git, sensitive data handling...
• bedddc4 refactor: remove obsolete Git-related utilities and logging functions
• 7172195 refactor(tests): remove obsolete tests for plugins and verification
• Additional commits viewable in compare view

Updates tsx from 4.21.0 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

• resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

• decode typed loader source (dce02fc)
• preserve entrypoint with TypeScript preload hooks (68f72f3)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

• preserve CJS JSON require in ESM hooks (35b700b)
• preserve named exports from CommonJS TypeScript (11de737)
• support module.exports require(esm) interop (cf8f199)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

• resolve tsconfig path aliases containing a colon (#780) (6979f28)

---

This release is also available on:

• npm package (@​latest dist-tag)

... (truncated)

Commits

• 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
• dce02fc fix: decode typed loader source
• 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
• 69455cf test: cover package exports for ambiguous ESM reexports
• 35b700b fix: preserve CJS JSON require in ESM hooks
• ef807db chore: update testing dependencies
• 3917090 test: document compatibility test taxonomy
• de8113f refactor: centralize Node capability facts
• c1f62db test: consolidate tsconfig path edge coverage
• 4e08174 test: consolidate loader hook coverage
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.

Updates typescript-eslint from 8.54.0 to 8.61.1

Release notes

Sourced from typescript-eslint's releases.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

• eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
• eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
• eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
• eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

❤️ Thank You

• Anas @​anasm266
• Deftera @​Deftera186
• Kirk Waiblinger @​kirkwaiblinger
• lumir
• Sarath Francis @​sarathfrancis90

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.0

8.61.0 (2026-06-08)

🚀 Features

• ast-spec: change type of UnaryExpression.prefix to always true (#12372)
• ast-spec: tighten types of ArrowFunction, YieldExpression, TSTypePredicate (#12373)

🩹 Fixes

• rule-schema-to-typescript-types: respect ECMAScript line terminators (#12374)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• lumir

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.61.1 (2026-06-15)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.0 (2026-06-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.1 (2026-06-01)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.0 (2026-05-25)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.4 (2026-05-18)

🩹 Fixes

• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.3 (2026-05-11)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

... (truncated)

Commits

• aaad718 chore(release): publish 8.61.1
• 16a5b24 chore(release): publish 8.61.0
• 4f84a69 chore(release): publish 8.60.1
• 1849b53 chore: typecheck using tsgo (#12139)
• f891c29 chore(release): publish 8.60.0
• ca6ca14 chore(release): publish 8.59.4
• 4b927c6 fix(typescript-eslint): export Compatible* types from typescript-eslint to re...
• 48e13c0 chore(release): publish 8.59.3
• 44f9625 chore(deps): update vitest monorepo to v4.1.5 (#12307)
• 2ec35f1 chore(release): publish 8.59.2
• Additional commits viewable in compare view

Updates vitest from 4.0.18 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in vitest-dev/vitest#10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in vitest-dev/vitest#10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

... (truncated)

Commits

• See full diff in compare view

Updates @noble/hashes from 2.0.1 to 2.2.0

Release notes

Sourced from @​noble/hashes's releases.

2.2.0

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • Fix: dkLen=0 handling in pbkdf2, blake2, turboshake, kt
  • Fix: parallelHash with blockLen=0
  • Fix: argon2 progress callback now reaches 100%
  • Improve: digestInto no longer returns a value (better performance)
  • Improve: argon2, blake2 support non-4-divisible dkLen
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• sha3: speed-up by up to 50%. Contributed by @​ChALkeR in paulmillr/noble-hashes#126
• Fix compilation issues on TypeScript v6
• Make package Big Endian friendly. All tests pass on s390x
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-hashes@2.0.1...2.2.0

Commits

• 81983c2 Release 2.2.0.
• 8883d32 Minor syntax fixes
• e5fedba Run prettier format on tests
• 72e2083 Changes related to March 2026 audit (new tests)
• fd9f580 Changes related to March 2026 audit (typed arrays)
• 9a216b5 Changes related to March 2026 audit
• 85e35d5 Clarify sha3.
• cc8ea40 Merge pull request #126 from ChALkeR/chalker/unroll/sha3/0/chi
• 46c3129 Bump typescript to 6.0.2
• ca90465 Bump devdeps.
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​noble/hashes since your current version.

Updates better-sqlite3 from 12.6.2 to 12.11.1

Release notes

Sourced from better-sqlite3's releases.

v12.11.1

What's Changed

• Fix Electron v42 build errors on Windows by <...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.