build(deps): bump the minor-and-patch group across 1 directory with 18 updates

[dependabot]

Bumps the minor-and-patch group with 18 updates in the / directory:

Package	From	To
@semantic-release/github	12.0.3	12.0.8
@semantic-release/npm	13.1.3	13.1.5
@semantic-release/release-notes-generator	14.1.0	14.1.1
@types/node	25.2.0	25.9.2
conventional-changelog-conventionalcommits	9.1.0	9.3.1
esbuild	0.27.2	0.28.0
prettier	3.8.1	3.8.3
tsx	4.21.0	4.22.4
typescript-eslint	8.54.0	8.61.0
vitest	4.0.18	4.1.8
@noble/hashes	2.0.1	2.2.0
better-sqlite3	12.6.2	12.10.0
openpgp	6.3.0	6.3.1
pino	10.3.0	10.3.1
viem	2.45.1	2.52.2
zod	4.3.6	4.4.3
@modelcontextprotocol/sdk	1.27.1	1.29.0
hono	4.11.7	4.12.24

Updates @semantic-release/github from 12.0.3 to 12.0.8

Release notes

Sourced from @​semantic-release/github's releases.

v12.0.8

12.0.8 (2026-05-08)

Bug Fixes

• deps: update dependency http-proxy-agent to v9 (#1203) (edd1652)

v12.0.7

12.0.7 (2026-05-08)

Bug Fixes

• deps: update dependency https-proxy-agent to v9 (#1204) (1f17362)

v12.0.6

12.0.6 (2026-02-12)

Bug Fixes

• latest: add make_latest property to the GH release PATCH request during publish (#1169) (f516337)

v12.0.5

12.0.5 (2026-02-07)

Bug Fixes

• latest: add make_latest property to the GH release POST request during publish (#1157) (38051ba)

v12.0.4

12.0.4 (2026-02-06)

Bug Fixes

• remove failTitle arg in findSRIssues call (#1164) (f7bdd88)

Commits

• edd1652 fix(deps): update dependency http-proxy-agent to v9 (#1203)
• 1f17362 fix(deps): update dependency https-proxy-agent to v9 (#1204)
• 33fd115 chore(deps): update dependency cpy to v13.2.2 (#1221)
• 59fbe01 chore(deps): update dependency publint to v0.3.19 (#1220)
• ff5b17c chore(deps): lock file maintenance (#1219)
• 75faf16 chore(deps): update dependency ava to v8 (#1218)
• 56d65c0 chore(deps): lock file maintenance (#1217)
• 31a02d2 chore(deps): update npm to v11.13.0 (#1216)
• 3f06ad5 ci(action): update actions/setup-node action to v6.4.0 (#1214)
• 6ded611 chore(deps): lock file maintenance (#1213)
• Additional commits viewable in compare view

Updates @semantic-release/npm from 13.1.3 to 13.1.5

Release notes

Sourced from @​semantic-release/npm's releases.

v13.1.5

13.1.5 (2026-03-01)

Bug Fixes

• deps: update dependency normalize-url to v9 (#1095) (daec492)

v13.1.4

13.1.4 (2026-02-06)

Bug Fixes

• deps: update dependency @​actions/core to v3 (#1085) (17abfe1)

Commits

• daec492 fix(deps): update dependency normalize-url to v9 (#1095)
• af8362f chore(deps): update dependency strip-ansi to v7.2.0 (#1098)
• 7354e11 chore(deps): update node.js to v24 (#1027)
• 2c4d2c9 chore(deps): update npm to v11.11.0 (#1097)
• 95ba689 chore(deps): update dependency c8 to v11 (#1096)
• 5d32912 chore(deps): update npm to v11.10.1 (#1094)
• 54f908c chore(deps): lock file maintenance (#1093)
• 91e1f14 chore(deps): update npm to v11.10.0 (#1092)
• 0d7d37e chore(deps): lock file maintenance (#1089)
• c5411cc chore(deps): update npm to v11.9.0 (#1088)
• Additional commits viewable in compare view

Updates @semantic-release/release-notes-generator from 14.1.0 to 14.1.1

Release notes

Sourced from @​semantic-release/release-notes-generator's releases.

v14.1.1

14.1.1 (2026-05-08)

Bug Fixes

• deps: update dependency get-stream to v9 (#613) (9728887)

Commits

• 9728887 fix(deps): update dependency get-stream to v9 (#613)
• 618cd05 chore(deps): update dependency publint to v0.3.19 (#965)
• 2cbdb58 chore(deps): lock file maintenance (#964)
• df3fb9e chore(deps): lock file maintenance (#962)
• e60ca73 chore(deps): update npm to v11.13.0 (#961)
• 05ea556 ci(action): update actions/setup-node action to v6.4.0 (#960)
• 0b4e4a7 chore(deps): lock file maintenance (#959)
• 9854b65 chore(deps): update dependency prettier to v3.8.3 (#958)
• 64d547f chore(deps): update dependency sinon to v21.1.2 (#957)
• 46dec93 chore(deps): update dependency sinon to v21.1.1 (#956)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​semantic-release/release-notes-generator since your current version.

Updates @types/node from 25.2.0 to 25.9.2

Commits

• See full diff in compare view

Updates conventional-changelog-conventionalcommits from 9.1.0 to 9.3.1

Release notes

Sourced from conventional-changelog-conventionalcommits's releases.

conventional-changelog-conventionalcommits: v9.3.1

Bug Fixes

• skip mention linkification inside inline code (#1444) (c598bf1)

conventional-changelog-conventionalcommits: v9.3.0

Features

• inline hbs templates in code as strings (#1434) (0d5a4a6)

conventional-changelog-conventionalcommits: v9.2.0

Features

• align newline formatting across presets (#1431) (b0721e1)

Changelog

Sourced from conventional-changelog-conventionalcommits's changelog.

9.3.1 (2026-03-29)

Bug Fixes

• skip mention linkification inside inline code (#1444) (c598bf1)

9.3.0 (2026-03-04)

Features

• inline hbs templates in code as strings (#1434) (0d5a4a6)

9.2.0 (2026-03-01)

Features

• align newline formatting across presets (#1431) (b0721e1)

Commits

• 08f44dc chore(release): monorepo release (#1442)
• c598bf1 fix(conventional-changelog-angular,conventional-changelog-conventionalcommits...
• 7d4a4f6 chore(release): monorepo release (#1435)
• 0d5a4a6 feat(conventional-changelog-angular,conventional-changelog-atom,conventional-...
• 44bc44d chore(release): monorepo release (#1423)
• 441af37 docs: fix libraries io links
• b0721e1 feat(conventional-changelog,conventional-changelog-angular,conventional-chang...
• See full diff in compare view

Updates esbuild from 0.27.2 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

v0.27.7

• Fix lowering of define semantics for TypeScript parameter properties (#4421)

  The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

  // Original code
  class Foo {
    constructor(public x = 1) {}
    y = 2
  }
  // Old output (with --loader=ts --target=es2021)
  class Foo {
  constructor(x = 1) {
  this.x = x;
  __publicField(this, "y", 2);
  }
  x;
  }
  // New output (with --loader=ts --target=es2021)
  class Foo {

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2025

This changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).

Commits

• 6a794df publish 0.28.0 to npm
• 64ee0ea fix #4435: support with { type: text } imports
• ef65aee fix sort order in snapshots_packagejson.txt
• 1a26a8e try to fix test-old-ts, also shuffle CI tasks
• 556ce6c use '' instead of null to omit build hashes
• 8e675a8 ci: allow missing binary hashes for tests
• 7067763 Reapply "update go 1.25.7 => 1.26.1"
• 39473a9 fix #4343: integrity check for binary download
• 2025c9f publish 0.27.7 to npm
• c6b586e fix typo in Makefile for @esbuild/win32-x64
• Additional commits viewable in compare view

Updates prettier from 3.8.1 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

</tr></table> 

... (truncated)

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• Additional commits viewable in compare view

Updates tsx from 4.21.0 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

• resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

• decode typed loader source (dce02fc)
• preserve entrypoint with TypeScript preload hooks (68f72f3)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

• preserve CJS JSON require in ESM hooks (35b700b)
• preserve named exports from CommonJS TypeScript (11de737)
• support module.exports require(esm) interop (cf8f199)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

• resolve tsconfig path aliases containing a colon (#780) (6979f28)

---

This release is also available on:

• npm package (@​latest dist-tag)

... (truncated)

Commits

• 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
• dce02fc fix: decode typed loader source
• 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
• 69455cf test: cover package exports for ambiguous ESM reexports
• 35b700b fix: preserve CJS JSON require in ESM hooks
• ef807db chore: update testing dependencies
• 3917090 test: document compatibility test taxonomy
• de8113f refactor: centralize Node capability facts
• c1f62db test: consolidate tsconfig path edge coverage
• 4e08174 test: consolidate loader hook coverage
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.

Updates typescript-eslint from 8.54.0 to 8.61.0

Release notes

Sourced from typescript-eslint's releases.

v8.61.0

8.61.0 (2026-06-08)

🚀 Features

• ast-spec: change type of UnaryExpression.prefix to always true (#12372)
• ast-spec: tighten types of ArrowFunction, YieldExpression, TSTypePredicate (#12373)

🩹 Fixes

• rule-schema-to-typescript-types: respect ECMAScript line terminators (#12374)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• lumir

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)
• eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)

❤️ Thank You

• lumir
• Nevette Bailey @​nevette-bailey

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

• rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

• playground TS version selector is not working (#12326, #12325)

❤️ Thank You

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.61.0 (2026-06-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.1 (2026-06-01)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.0 (2026-05-25)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.4 (2026-05-18)

🩹 Fixes

• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.3 (2026-05-11)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.2 (2026-05-04)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

... (truncated)

Commits

• 16a5b24 chore(release): publish 8.61.0
• 4f84a69 chore(release): publish 8.60.1
• 1849b53 chore: typecheck using tsgo (#12139)
• f891c29 chore(release): publish 8.60.0
• ca6ca14 chore(release): publish 8.59.4
• 4b927c6 fix(typescript-eslint): export Compatible* types from typescript-eslint to re...
• 48e13c0 chore(release): publish 8.59.3
• 44f9625 chore(deps): update vitest monorepo to v4.1.5 (#12307)
• 2ec35f1 chore(release): publish 8.59.2
• 5245793 chore(release): publish 8.59.1
• Additional commits viewable in compare view

Updates vitest from 4.0.18 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in vitest-dev/vitest#10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in vitest-dev/vitest#10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

... (truncated)

Commits

• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• a09d472 chore: release v4.1.7
• a8fd24c chore: release v4.1.6
• 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
• 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
• e399846 chore: release v4.1.5
• 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
• 9787ded fix: respect diff config options in soft assertions (#8696)
• 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
• Additional commits viewable in compare view

Updates @noble/hashes from 2.0.1 to 2.2.0

Release notes

Sourced from @​noble/hashes's releases.

2.2.0

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • Fix: dkLen=0 handling in pbkdf2, blake2, turboshake, kt
  • Fix: parallelHash with blockLen=0
  • Fix: argon2 progress callback now reaches 100%
  • Improve: digestInto no longer returns a value (better performance)
  • Improve: argon2, blake2 support non-4-divisible dkLen
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• sha3: speed-up by up to 50%. Contributed by @​ChALkeR in paulmillr/noble-hashes#126
• Fix compilation issues on TypeScript v6
• Make package Big Endian friendly. All tests pass on s390x
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-hashes@2.0.1...2.2.0

Commits

• 81983c2 Release 2.2.0.
• 8883d32 Minor syntax fixes
• e5fedba Run prettier format on tests
• 72e2083 Changes related to March 2026 audit (new tests)
• fd9f580 Changes related to March 2026 audit (typed arrays)
• 9a216b5 Changes related to March 2026 audit
• 85e35d5 Clarify sha3.
• cc8ea40 Merge pull request #126 from ChALkeR/chalker/unroll/sha3/0/chi
• 46c3129 Bump typescript to 6.0.2
• ca90465 Bump devdeps.
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​noble/hashes since your current version.

Updates better-sqlite3 from 12.6.2 to 12.10.0

Release notes

Sourced from better-sqlite3's releases.

v12.10.0

What's Changed

• Update SQLite to version 3.53.1 by @​JoshuaWise in WiseLibs/better-sqlite3#1467
• Add support for Node.js v26 prebuilds and remove EOL builds (Node.js v20, v23) by @​m4heshd in WiseLibs/better-sqlite3#1468
• Temporarily rollback support for Electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1470
• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

v12.9.1

⚠️CAUTION: NOT A VIABLE RELEASE

Electron v39+ prebuilds are not building successfully at the moment. Stick to v12.9.0 for now.

What's Changed

• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447
• Add support for electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1466

New Contributors

• @​Maxime-J made their first contribution in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.0...v12.9.1

v12.9.0

What's Changed

• Update SQLite to version 3.53.0 in WiseLibs/better-sqlite3#1464

Full Changelog: WiseLibs/better-sqlite3@v12.8.0...v12.9.0

v12.8.0

What's Changed

• Readme: requires Node.js v20 or later by @​Prinzhorn in WiseLibs/better-sqlite3#1443
• Update SQLite to version 3.51.3 in WiseLibs/better-sqlite3#1460
• fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 by Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.