chore(deps): bump the npm-version-updates group across 1 directory with 16 updates

[dependabot]

Bumps the npm-version-updates group with 16 updates in the / directory:

Package	From	To
@auth/core	0.40.0	0.41.2
@nestjs/common	11.1.24	11.1.27
@zitadel/nestjs-auth	1.6.1	1.6.2
dotenv	16.6.1	17.4.2
express-handlebars	8.0.1	9.0.1
@commitlint/config-conventional	20.5.3	21.0.2
@eslint/js	9.39.4	10.0.1
@nestjs/cli	11.0.21	11.0.23
@types/node	22.19.19	26.0.0
@types/supertest	6.0.3	7.2.0
eslint	9.39.4	10.5.0
globals	16.5.0	17.6.0
knip	5.88.1	6.17.1
prettier	3.8.3	3.8.4
typescript	5.9.3	6.0.3
typescript-eslint	8.60.0	8.61.1

Updates @auth/core from 0.40.0 to 0.41.2

Release notes

Sourced from @​auth/core's releases.

@​auth/core@​0.41.2

Bugfixes

• providers: add issuer to GitHub provider for RFC 9207 compliance (#13410)

Other

• sync package versions with npm registry (#13414)

@​auth/core@​0.41.1

Bugfixes

• security issue from nodemailer (#13305)

Other

• update links for Credentials-based Authentication (#13258)

@​auth/core@​0.41.0

Features

• providers: support custom baseURL for Gitlab (#13260) (745751e9)

Other

• fix build
• adjust default fusionauth provider details (#10868)

Commits

• af9daa8 chore(release): bump package version(s) [skip ci]
• d4dab3d chore: sync package versions with npm registry (#13414)
• 8a23c5b chore: fix lockfile (#13411)
• 2018202 docs: fix TypeScript type mismatch in refresh token rotation example (#13396)
• 0eba7e4 adapter-kysely: Update kysely for CVE-2026-33468 (#13407)
• 67f2b16 fix(providers): add issuer to GitHub provider for RFC 9207 compliance (#13410)
• f457068 docs: update middleware.ts references to proxy.ts for Next.js 16 (#13373)
• c7c2cfa docs: update Better Auth migration guide (#13334)
• b4ef14a chore(release): bump version [skip ci]
• 2824fa1 feat: add next 16 support (#13298)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by better-gustavo, a new releaser for @​auth/core since your current version.

Updates @nestjs/common from 11.1.24 to 11.1.27

Release notes

Sourced from @​nestjs/common's releases.

v11.1.27

What's Changed

• fix(core): sse async handlers teardown issue by @​kamilmysliwiec in nestjs/nest#17131
• fix(platform-fastify): forRoutes middleware ending slash by @​kamilmysliwiec in nestjs/nest#17138

Full Changelog: nestjs/nest@v11.1.26...v11.1.27

v11.1.26

What's Changed

• fix(core): post sse endpoint empty response #17098 by @​kamilmysliwiec in nestjs/nest#17099

Full Changelog: nestjs/nest@v11.1.25...v11.1.26

v11.1.25

What's Changed

• fix(microservices): reject pending Redis requests on close by @​yudin-s in nestjs/nest#17024
• fix(core): register SSE close listener before async setup by @​fallintoplace in nestjs/nest#17018
• fix(platform-fastify): remove pathname ending slash by @​kamilmysliwiec in nestjs/nest#17094

New Contributors

• @​fallintoplace made their first contribution in nestjs/nest#17018
• @​DucMinhNe made their first contribution in nestjs/nest#17085
• @​iambeaukim made their first contribution in nestjs/nest#17091

Full Changelog: nestjs/nest@v11.1.24...v11.1.25

Commits

• 660a124 chore(release): publish v11.1.27 release
• aa5c4f1 chore: update readme and package.json
• 9ff83d5 chore(release): publish v11.1.26 release
• 02f8041 chore(release): publish v11.1.25 release
• 1634915 test(common): Add unit tests for cli-colors utility
• 380bf5c Merge pull request #17058 from Se3do/test/extend-metadata
• af4542b test(common): Add unit tests for assignCustomParameterMetadata
• b67aea1 test(common): Add unit tests for extendArrayMetadata
• e1e4014 test(common): Tighten throw assertions in validateModuleKeys spec
• 6b97771 test(common): Add unit tests for validateModuleKeys
• Additional commits viewable in compare view

Updates @zitadel/nestjs-auth from 1.6.1 to 1.6.2

Release notes

Sourced from @​zitadel/nestjs-auth's releases.

v1.6.2

1.6.2 (2026-05-31)

Commits

• 1aa46f5 chore(release): 1.6.2 [skip ci]
• 8c40b81 chore(eslint): align preset and dep versions across the fleet (#74)
• 9ca25ed chore(qodana): bump linter to jetbrains/qodana-js:2026.1
• 0d4aa20 docs: drop personal attribution from license footer
• 8361186 chore(typedoc): normalize config to canonical template
• 36d3d8c chore(deps): bump tmp from 0.2.5 to 0.2.7 in the npm-security-updates group a...
• 54770a8 chore(deps): bump qs from 6.14.2 to 6.15.2 in the npm-security-updates group ...
• 1b7941e chore(deps): bump uuid from 8.3.2 to 14.0.0 in the npm-security-updates group...
• 86fdb30 chore(deps): bump protobufjs from 7.5.5 to 7.5.8 in the npm-security-updates ...
• 3270be9 chore(deps): bump @​protobufjs/utf8 from 1.1.0 to 1.1.1 in the npm-security-up...
• Additional commits viewable in compare view

Updates dotenv from 16.6.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

• Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

... (truncated)

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates express-handlebars from 8.0.1 to 9.0.1

Release notes

Sourced from express-handlebars's releases.

v9.0.1

9.0.1 (2026-04-04)

Bug Fixes

• fix rootDir in typescript (#1199) (c45984b)

v9.0.0

9.0.0 (2026-04-03)

Bug Fixes

• update deps (#1196) (6c0da20)

BREAKING CHANGES

• update typescript to v6 and update some types

v8.0.7

8.0.7 (2026-03-27)

Bug Fixes

• deps: update dependency handlebars to ^4.7.9 (#1188) (d1f26e1)

v8.0.6

8.0.6 (2026-02-10)

Bug Fixes

• deps: update dependency glob to ^13.0.2 (#1165) (0c8f3a1)

v8.0.5

8.0.5 (2026-02-04)

Bug Fixes

• deps: update dependency glob to ^13.0.1 (#1160) (3397c8d)

v8.0.4

8.0.4 (2025-11-19)

Bug Fixes

... (truncated)

Changelog

Sourced from express-handlebars's changelog.

9.0.1 (2026-04-04)

Bug Fixes

• fix rootDir in typescript (#1199) (c45984b)

9.0.0 (2026-04-03)

Bug Fixes

• update deps (#1196) (6c0da20)

BREAKING CHANGES

• update typescript to v6 and update some types

8.0.7 (2026-03-27)

Bug Fixes

• deps: update dependency handlebars to ^4.7.9 (#1188) (d1f26e1)

8.0.6 (2026-02-10)

Bug Fixes

• deps: update dependency glob to ^13.0.2 (#1165) (0c8f3a1)

8.0.5 (2026-02-04)

Bug Fixes

• deps: update dependency glob to ^13.0.1 (#1160) (3397c8d)

8.0.4 (2025-11-19)

Bug Fixes

• deps: update dependency glob to v12 (#1133) (020f6db)

8.0.3 (2025-04-23)

... (truncated)

Commits

• 630fc39 chore(release): 9.0.1 [skip ci]
• c45984b fix: fix rootDir in typescript (#1199)
• 5d33694 chore(deps): update devdependency eslint to ^10.2.0 (#1198)
• 62bf65f chore(deps): update devdependency @​types/node to ^25.5.2 (#1197)
• da89782 chore(release): 9.0.0 [skip ci]
• 6c0da20 fix: update deps (#1196)
• e4edd9f chore(deps-dev): bump lodash-es from 4.17.23 to 4.18.1 (#1194)
• 051023c chore(deps): update devdependency ts-jest to ^29.4.9 (#1193)
• d364dd1 chore(deps): bump minimatch (#1191)
• da161dc chore(deps): update devdependency ts-jest to ^29.4.7 (#1192)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for express-handlebars since your current version.

Updates @commitlint/config-conventional from 20.5.3 to 21.0.2

Release notes

Sourced from @​commitlint/config-conventional's releases.

v21.0.2

21.0.2 (2026-05-29)

Bug Fixes

• fix: emit actionable error when --edit cannot find COMMIT_EDITMSG (#589) by @​escapedcat in conventional-changelog/commitlint#4755
• fix: apply oxfmt formatting to get-edit-commit.ts by @​escapedcat in conventional-changelog/commitlint#4768
• fix(read): fail when --from and --to share no merge-base #4555 by @​CervEdin in conventional-changelog/commitlint#4754
• fix: disallow same commit hash for --from and --to by @​knocte in conventional-changelog/commitlint#4773

Chore/CI

• ci: have renovate rebase stale PRs before merging by @​escapedcat in conventional-changelog/commitlint#4782
• chore: have renovate hold PRs for 3 days after release by @​escapedcat in conventional-changelog/commitlint#4788
• chore: anchor vite 8 by @​escapedcat in conventional-changelog/commitlint#4790
• ci: run commitlint once per same-repo PR by @​escapedcat in conventional-changelog/commitlint#4795

New Contributors

• @​CervEdin made their first contribution in conventional-changelog/commitlint#4754

Full Changelog: conventional-changelog/commitlint@v21.0.1...v21.0.2

v21.0.1

21.0.1 (2026-05-12)

Bug Fixes

• fix(load): only resolve relative formatter paths by @​escapedcat in conventional-changelog/commitlint#4761
• fix(types): add presetConfig to ParserPreset interface by @​SAY-5 in conventional-changelog/commitlint#4749

CI

• ci: stop spawning schedule jobs on contributors' forks by @​knocte in conventional-changelog/commitlint#4753
• ci: add weekly non-blocking pnpm audit by @​escapedcat in conventional-changelog/commitlint#4766

New Contributors

• @​SAY-5 made their first contribution in conventional-changelog/commitlint#4749

Full Changelog: conventional-changelog/commitlint@v21.0.0...v21.0.1

v21.0.0

Heads-up: --legacy-output is a transitional escape hatch. It will be removed in a future major release. Plan to migrate your parsers / snapshots to the new format during the v21 lifecycle.

... (truncated)

Changelog

Sourced from @​commitlint/config-conventional's changelog.

21.0.2 (2026-05-29)

Note: Version bump only for package @​commitlint/config-conventional

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/config-conventional

21.0.0 (2026-05-08)

• chore!: minimum node version v22 (#4679) (ac2b3f4), closes #4679

BREAKING CHANGES

• drop node v18 and v20 support

• Bump engines to >=v22 in all 39 package.json files
• Update @​types/node to ^22.0.0
• Update CI matrix to [22, 24]
• Update Ubuntu baseline job to ubuntu:26.04
• Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
• Update pre-commit hook to use --ignore-engines
• Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

Commits

• 8069048 v21.0.2
• db8d7d6 v21.0.1
• 1329a25 chore: migrate to pnpm (#4762)
• 6099ae5 chore: replace eslint with oxlint (#4756)
• f081a8e v21.0.0
• 44c3174 chore: update dependency yargs to v18 #4432 (#4686)
• ac2b3f4 chore!: minimum node version v22 (#4679)
• See full diff in compare view

Updates @eslint/js from 9.39.4 to 10.0.1

Release notes

Sourced from @​eslint/js's releases.

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)
• aa3fb2b fix!: tighten func-names schema (#20119) (Pixel998)
• f6c0ed0 feat!: report eslint-env comments as errors (#20128) (Francesco Trotta)
• 4bf739f fix!: remove deprecated LintMessage#nodeType and TestCaseError#type (#20096) (Pixel998)
• 523c076 feat!: drop support for jiti < 2.2.0 (#20016) (michael faith)
• 454a292 feat!: update eslint:recommended configuration (#20210) (Pixel998)
• 4f880ee feat!: remove v10_* and inactive unstable_* flags (#20225) (sethamus)
• f18115c feat!: no-shadow-restricted-names report globalThis by default (#20027) (sethamus)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160) (Milos Djermanovic)

Features

• bff9091 feat: handle Array.fromAsync in array-callback-return (#20457) (Francesco Trotta)
• 290c594 feat: add self to no-implied-eval rule (#20468) (sethamus)
• 43677de feat: fix handling of function and class expression names in no-shadow (#20432) (Milos Djermanovic)

... (truncated)

Commits

• 84fb885 chore: package.json update for @​eslint/js release
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467)
• f3fbc2f chore: set @eslint/js version to 10.0.0 to skip releasing it (#20466)
• b4b3127 chore: package.json update for @​eslint/js release
• 0b14059 chore: package.json update for @​eslint/js release
• fa31a60 feat!: add name to configs (#20015)
• 1e2cad5 chore: package.json update for @​eslint/js release
• 454a292 feat!: update eslint:recommended configuration (#20210)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160)
• See full diff in compare view

Updates @nestjs/cli from 11.0.21 to 11.0.23

Release notes

Sourced from @​nestjs/cli's releases.

Release 11.0.23

• Revert "fix(compiler): validate delete out dir paths before rm" (0dd0e3ef)
• Revert "fix(compiler): validate asset output paths" (728f80cf)

Release 11.0.22

• fix(cli): resolve Windows path separator bug in plugin loader (9e502bda)
• fix(compiler): validate asset output paths (c4342b2c)
• fix: Update CRUD option to accept a value for generating entry points (4c0e2cab)
• feat: Add type and CRUD options in generate command (b19856a3)

Commits

• 731a09b chore(): release v11.0.23
• 756d41d Merge pull request #3462 from nestjs/revert-3455-fix/issue-3454
• 11a0599 Merge pull request #3461 from nestjs/revert-3457-fix/issue-3456
• 0dd0e3e Revert "fix(compiler): validate delete out dir paths before rm"
• 728f80c Revert "fix(compiler): validate asset output paths"
• 7ffb9f1 chore(): release v11.0.22
• f43b0e7 Merge pull request #3458 from dzeroone/fix/windows-path-separator-plugin-loader
• b0d473b Merge pull request #3457 from AdrianoCLeao/fix/issue-3456
• 9e502bd fix(cli): resolve Windows path separator bug in plugin loader
• c4342b2 fix(compiler): validate asset output paths
• Additional commits viewable in compare view

Updates @types/node from 22.19.19 to 26.0.0

Commits

• See full diff in compare view

Updates @types/supertest from 6.0.3 to 7.2.0

Commits

• See full diff in compare view

Updates eslint from 9.39.4 to 10.5.0

Release notes

Sourced from eslint's releases.

v10.5.0

Features

• 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
• b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
• 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
• 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
• f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
• bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
• c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

• 8ae1b5b docs: Update README (GitHub Actions Bot)
• ca7eb90 docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)
• f99b47a docs: Update README (GitHub Actions Bot)
• acf03d4 docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)

Chores

• b18bf58 chore: update ecosystem plugins (#20959) (ESLint Bot)
• c2d1444 refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)
• 243b8c5 chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)
• 217b2a9 test: add unit tests for ParserService (#20949) (Taejin Kim)
• 72003e7 test: add location information to error messages in max-statements (#20945) (lumir)
• 7797c26 refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)
• 67c46fa chore: update ecosystem plugins (#20938) (ESLint Bot)
• 95d8c7a chore: update dependency @​eslint/json to v2 (#20934) (renovate[bot])
• cf9e496 chore: update @​arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)
• fb6d396 test: run type tests with TypeScript 7 (#20868) (sethamus)

v10.4.1

Bug Fixes

• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
• d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
• c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
• 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

• 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
• 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
• 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
• 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
• c91b041 docs: Update README (GitHub Actions Bot)
• e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

• b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
• f78838b test: add CodePath type coverage (#20904) (Pixel998)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
• 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
• 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)

... (truncated)

Commits

• de3b672 10.5.0
• 362a518 Build: changelog update for 10.5.0
• 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973)
• b565783 feat: report no-with violations at the with keyword (#20971)
• 2ce032f feat: report max-lines-per-function violations at function head (#20966)
• 732cb3e feat: report max...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.