Bump the production-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the production-dependencies group with 11 updates in the / directory:

Package	From	To
@anthropic-ai/sdk	0.90.0	0.91.1
@auth/core	0.37.4	0.41.2
@hono/node-server	1.19.14	2.0.0
@hono/zod-openapi	0.18.4	1.3.0
@slack/bolt	4.7.0	4.7.1
bullmq	5.74.1	5.76.2
glob	11.1.0	13.0.6
hono	4.12.14	4.12.15
mysql2	3.22.1	3.22.2
pino	9.14.0	10.3.1
zod	3.25.76	4.3.6

Updates @anthropic-ai/sdk from 0.90.0 to 0.91.1

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.91.1

0.91.1 (2026-04-24)

Full Changelog: sdk-v0.91.0...sdk-v0.91.1

Bug Fixes

• memory: use restrictive file mode for memory files (#901) (6db3b7e)

Chores

• formatter: run prettier and eslint separately (974d22f)

sdk: v0.91.0

0.91.0 (2026-04-23)

Full Changelog: sdk-v0.90.0...sdk-v0.91.0

Features

• api: CMA Memory public beta (ddf732f)
• bedrock: use auth header for mantle client (#866) (aec801a)

Bug Fixes

• api: fix errors in api spec (ae10768)
• api: restore missing features (1a5b47b)

Chores

• internal: more robust bootstrap script (7716e19)
• tests: bump steady to v0.22.1 (219a971)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.91.1 (2026-04-24)

Full Changelog: sdk-v0.91.0...sdk-v0.91.1

Bug Fixes

• memory: use restrictive file mode for memory files (#901) (6db3b7e)

Chores

• formatter: run prettier and eslint separately (974d22f)

0.91.0 (2026-04-23)

Full Changelog: sdk-v0.90.0...sdk-v0.91.0

Features

• api: CMA Memory public beta (ddf732f)
• bedrock: use auth header for mantle client (#866) (aec801a)

Bug Fixes

• api: fix errors in api spec (ae10768)
• api: restore missing features (1a5b47b)

Chores

• internal: more robust bootstrap script (7716e19)
• tests: bump steady to v0.22.1 (219a971)

Commits

• 74ac150 chore: release main (#1014)
• 22cb810 chore: release main (#1008)
• See full diff in compare view

Updates @auth/core from 0.37.4 to 0.41.2

Release notes

Sourced from @​auth/core's releases.

@​auth/core@​0.41.2

Bugfixes

• providers: add issuer to GitHub provider for RFC 9207 compliance (#13410)

Other

• sync package versions with npm registry (#13414)

@​auth/core@​0.41.1

Bugfixes

• security issue from nodemailer (#13305)

Other

• update links for Credentials-based Authentication (#13258)

@​auth/core@​0.41.0

Features

• providers: support custom baseURL for Gitlab (#13260) (745751e9)

Other

• fix build
• adjust default fusionauth provider details (#10868)

Commits

• af9daa8 chore(release): bump package version(s) [skip ci]
• d4dab3d chore: sync package versions with npm registry (#13414)
• 8a23c5b chore: fix lockfile (#13411)
• 2018202 docs: fix TypeScript type mismatch in refresh token rotation example (#13396)
• 0eba7e4 adapter-kysely: Update kysely for CVE-2026-33468 (#13407)
• 67f2b16 fix(providers): add issuer to GitHub provider for RFC 9207 compliance (#13410)
• f457068 docs: update middleware.ts references to proxy.ts for Next.js 16 (#13373)
• c7c2cfa docs: update Better Auth migration guide (#13334)
• b4ef14a chore(release): bump version [skip ci]
• 2824fa1 feat: add next 16 support (#13298)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by better-gustavo, a new releaser for @​auth/core since your current version.

Updates @hono/node-server from 1.19.14 to 2.0.0

Release notes

Sourced from @​hono/node-server's releases.

v2.0.0

Now, we release the second major version of the Hono Node.js adapter 🎉 🎉 🎉

The Hono Node.js adapter is now up to 2.3x faster

v2 of the Hono Node.js adapter reaches up to 2.3x the throughput of v1 — that's the peak number, measured on the body-parsing scenario of bun-http-framework-benchmark. The other scenarios (Ping, Query) get a smaller but real boost too.

Install or upgrade with:

npm i @hono/node-server@latest

v2

The Node.js adapter is going through a major version bump to v2. That said, the public API stays the same — the headline of this release is the large performance improvement described above.

What does the Node.js adapter do?

A quick refresher on what the Node.js adapter actually does — it exists so that Hono applications can run on Node.js. Hono is built on the Web Standards APIs, but you cannot serve those directly from Node.js. The adapter bridges the Web Standards APIs and the Node.js APIs, which is what lets a Hono app — and more generally a Web-Standards-style app — run on top of Node.js.

If you write the following code and run node ./index.js, a server starts up on localhost:3000. And it really is plain Node.js underneath.

import { Hono } from 'hono'
import { serve } from '@hono/node-server'
const app = new Hono()
app.get('/', (c) => c.text('Hello World!'))
serve(app)

The early performance story

The very first implementation of the Node.js adapter looked roughly like this in pseudocode:

export const getRequestListener = (fetchCallback: FetchCallback) => {
  return async (incoming: IncomingMessage, outgoing: ServerResponse) => {
    const method = incoming.method || 'GET'
    const url = `http://${incoming.headers.host}${incoming.url}`
// ...
const init = {
method: method,
headers: headerRecord,
}

</tr></table>

... (truncated)

Commits

• 58c9355 2.0.0
• 2d6f161 Merge pull request #316 from honojs/v2
• 94cde95 2.0.0-rc.2
• ef43cdd perf: replace Uint8Array lookup tables with regex in buildUrl (#345)
• 1529e41 fix: improve Response.json() and Response.redirect() spec compliance and effi...
• 25f1674 fix: ensure close handler is attached for Blob/ReadableStream cacheable respo...
• 22dea22 refactor: improve handling of null body in response (#341)
• 7d83e09 v2: perf(response,listener): Response fast-paths and responseViaCache improve...
• 5c7d188 Merge branch 'main' into v2
• 7503265 v2: perf(request): optimize newHeadersFromIncoming and signal fast-path (#332)
• Additional commits viewable in compare view

Updates @hono/zod-openapi from 0.18.4 to 1.3.0

Release notes

Sourced from @​hono/zod-openapi's releases.

@​hono/zod-openapi@​1.3.0

Minor Changes

• #1752 fe0f8e4b44ca8e78d2ed60ed8591f415cd85eaa9 Thanks @​destroSunRay! - This PR adds two new utilities to improve route definition and registration in @hono/zod-openapi:

  • defineOpenAPIRoute: Provides explicit type safety for route definitions
  • openapiRoutes: Enables batch registration of multiple routes with full type safety
  • Registering many routes individually was repetitive and verbose
  • Type inference for complex route configurations was challenging
  • Organizing routes across multiple files was difficult
  • No built-in support for conditional route registration
  • RPC type safety was hard to maintain across scattered route registrations
  • defineOpenAPIRoute: Wraps route definitions with explicit types for better IDE support and type checking
  • openapiRoutes: Accepts an array of route definitions and registers them all at once
  • Supports addRoute flag for conditional registration
  • Maintains full type safety and RPC support through recursive type merging
  • Enables clean modular organization of routes
  • ✅ Reduced boilerplate code
  • ✅ Better type inference and IDE autocomplete
  • ✅ Easier code organization and maintainability
  • ✅ Declarative conditional routes
  • ✅ Full backward compatibility

  See the updated README for usage examples.

  • All existing tests pass (102/102)
  • Added tests for new functionality
  • Verified type inference works correctly
  • Updated package README with usage examples

@​hono/zod-openapi@​1.2.4

Patch Changes

• #1831 40ede9c55abe672798deca6970ef60b945382d34 Thanks @​yusukebe! - fix: publish to JSR

@​hono/zod-openapi@​1.2.3

Patch Changes

• #1810 db8fd160d0685cda0d874a5908326c004f72522a Thanks @​dirkluijk! - fix: bump @​asteasolutions/zod-to-openapi to allow nested discriminated unions

@​hono/zod-openapi@​1.2.2

Patch Changes

• #1748 82701be9e1bfd2b0830555119cf89315501386e2 Thanks @​yusukebe! - fix: bump zod-to-openapi to fix the memory leak

@​hono/zod-openapi@​1.2.1

Patch Changes

• #1726 3d5e22509e9cee8379fccbe135fadc3248205f8e Thanks @​mouhannad-sh! - fix Incomplete context internal error with x-www-form-urlencoded submissions when the payload is invalid

... (truncated)

Changelog

Sourced from @​hono/zod-openapi's changelog.

1.3.0

Minor Changes

• #1752 fe0f8e4b44ca8e78d2ed60ed8591f415cd85eaa9 Thanks @​destroSunRay! - This PR adds two new utilities to improve route definition and registration in @hono/zod-openapi:

  • defineOpenAPIRoute: Provides explicit type safety for route definitions
  • openapiRoutes: Enables batch registration of multiple routes with full type safety
  • Registering many routes individually was repetitive and verbose
  • Type inference for complex route configurations was challenging
  • Organizing routes across multiple files was difficult
  • No built-in support for conditional route registration
  • RPC type safety was hard to maintain across scattered route registrations
  • defineOpenAPIRoute: Wraps route definitions with explicit types for better IDE support and type checking
  • openapiRoutes: Accepts an array of route definitions and registers them all at once
  • Supports addRoute flag for conditional registration
  • Maintains full type safety and RPC support through recursive type merging
  • Enables clean modular organization of routes
  • ✅ Reduced boilerplate code
  • ✅ Better type inference and IDE autocomplete
  • ✅ Easier code organization and maintainability
  • ✅ Declarative conditional routes
  • ✅ Full backward compatibility

  See the updated README for usage examples.

  • All existing tests pass (102/102)
  • Added tests for new functionality
  • Verified type inference works correctly
  • Updated package README with usage examples

1.2.4

Patch Changes

• #1831 40ede9c55abe672798deca6970ef60b945382d34 Thanks @​yusukebe! - fix: publish to JSR

1.2.3

Patch Changes

• #1810 db8fd160d0685cda0d874a5908326c004f72522a Thanks @​dirkluijk! - fix: bump @​asteasolutions/zod-to-openapi to allow nested discriminated unions

1.2.2

Patch Changes

• #1748 82701be9e1bfd2b0830555119cf89315501386e2 Thanks @​yusukebe! - fix: bump zod-to-openapi to fix the memory leak

1.2.1

Patch Changes

... (truncated)

Commits

• 5eeca71 Version Packages (#1849)
• fe0f8e4 feat(zod-openapi): add defineOpenAPIRoute and openapiRoutes for batch route r...
• a6f4ef5 Version Packages (#1832)
• 40ede9c fix(zod-openapi): publish to JSR (#1831)
• 38993fa Version Packages (#1811)
• db8fd16 fix(zod-openapi): bump @​asteasolutions/zod-to-openapi to allow nested discrim...
• e762ac0 feat(eslint): ignoring variables and parameters prefixed with _ (#1772)
• 27d8981 Version Packages (#1749)
• 82701be fix(zod-openapi): bump zod-to-openapi to fix the memory leak (#1748)
• 475cd12 chore: update typescript to 5.9.3 (#1741)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​hono/zod-openapi since your current version.

Updates @slack/bolt from 4.7.0 to 4.7.1

Changelog

Sourced from @​slack/bolt's changelog.

4.7.1

Patch Changes

• a18c359: fix: correct InvalidCustomPropertyError code and MemoryStore promise handling

Commits

• 7690366 chore: release (#2878)
• f8b616e docs: redirect readme reference links to developer documentation (#2879)
• 54f3577 ci: post release announcement to slack channel (#2877)
• c24faff build: use version controlled lockfile of package dependencies for developmen...
• 29167c5 chore(deps-dev): update serverless requirement from ^4.33.3 to ^4.34.0 in /ex...
• 28eb36d chore(deps): update @​slack/web-api requirement from ^7.15.0 to ^7.15.1 (#2871)
• b0d5cb8 chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 in /examples/getting-sta...
• a884fdc chore(deps): bump dotenv from 17.4.1 to 17.4.2 in /examples/custom-receiver (...
• 1211d96 chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 in /examples/custom-rece...
• df5a9ca chore(deps): bump fastify from 5.8.4 to 5.8.5 in /examples/custom-receiver (#...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​slack/bolt since your current version.

Updates bullmq from 5.74.1 to 5.76.2

Release notes

Sourced from bullmq's releases.

v5.76.2

5.76.2 (2026-04-25)

Bug Fixes

• deps: replace uuid with crypto (#4099) (595016e)

v5.76.1

5.76.1 (2026-04-22)

Bug Fixes

• worker: use scheduler registry to discriminate repeatable keys (#4007) (ea7705d)

v5.76.0

5.76.0 (2026-04-22)

Features

• python: add type hints to worker.py methods (#4035) (1423b58)

v5.75.2

5.75.2 (2026-04-20)

Bug Fixes

• handle ioredis Cluster connect status in waitUntilReady (#2402) (#4055) (422e2d5)

v5.75.1

5.75.1 (2026-04-20)

Bug Fixes

• python: use slice reversal instead of reverse() which returns None (#4022) (1652435)

v5.75.0

5.75.0 (2026-04-20)

Features

• python: add type hints to Timer class (#4024) (8c78e30)

v5.74.2

5.74.2 (2026-04-20)

... (truncated)

Commits

• 595016e fix(deps): replace uuid with crypto (#4099)
• e66d3d3 test(flow): move timeout values to it() options (#4101)
• a88892d chore(release): 5.76.0 (#4092)
• b7cd3a9 chore(release): vpy2.23.0 (#4093)
• ea7705d fix(worker): use scheduler registry to discriminate repeatable keys (#4007)
• e872b1b docs(queue-events): add @​param JSDoc to 'error' event listener (#4031)
• 1423b58 feat(python): add type hints to worker.py methods (#4035)
• f073422 docs(parent): add JSDoc to Parent and ParentKeys interfaces (#4087)
• 43a5e59 test(worker): move timeout values to it() options (#4078)
• 0857170 docs(changelog): add missed changes (#4079)
• Additional commits viewable in compare view

Updates glob from 11.1.0 to 13.0.6

Changelog

Sourced from glob's changelog.

changeglob

13

• Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

• Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

• Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)
• Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.
• Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

• Drop support for node before v20

10.4

• Add includeChildMatches: false option
• Export the Ignore class

10.3

• Add --default -p flag to provide a default pattern
• exclude symbolic links to directories when follow and nodir are both set

10.2

• Add glob cli

10.1

• Return '.' instead of the empty string '' when the current working directory is returned as a match.
• Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

• e80cb38 13.0.6
• 9cdbbff revert tsgo, not ready for test coverage correctness yet
• 89c99ba use tsgo compiler
• b7275d5 update deps, expand engines to include node 18
• 942e360 update workflows, pull taprc out of package.json
• 4a0d53c update tap for mockImport bugfix
• ef94ad2 update tap
• 180c2d4 update docs
• 37993c8 remove stray console.error in test
• 03ae4c2 13.0.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates hono from 4.12.14 to 4.12.15

Release notes

Sourced from hono's releases.

v4.12.15

What's Changed

• fix(jwt): support single-line PEM keys by @​hiendv in honojs/hono#4889

New Contributors

• @​hiendv made their first contribution in honojs/hono#4889

Full Changelog: honojs/hono@v4.12.14...v4.12.15

Commits

• f774f8d 4.12.15
• 18fe604 fix(jwt): support single-line PEM keys (#4889)
• See full diff in compare view

Updates mysql2 from 3.22.1 to 3.22.2

Release notes

Sourced from mysql2's releases.

v3.22.2

3.22.2 (2026-04-21)

Bug Fixes

• promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

Changelog

Sourced from mysql2's changelog.

3.22.2 (2026-04-21)

Bug Fixes

• promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

Commits

• 77626a7 chore(master): release 3.22.2 (#4271)
• d615967 build(deps-dev): bump the dev-dependencies group with 2 updates (#4272)
• 9245c08 build(deps-dev): bump poku (#4273)
• c79a3f3 fix(promise): point rejection stacks at caller for promise API (#4267)
• fe5df8e cd: ensure settings are processed by release-please (#4270)
• a65c706 ci(github-actions): upgrade workflows to Node 24 action runtimes (#4268)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for mysql2 since your current version.

Updates pino from 9.14.0 to 10.3.1

Release notes

Sourced from pino's releases.

v10.3.1

What's Changed

• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in pinojs/pino#2385
• build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 by @​dependabot[bot] in pinojs/pino#2386
• docs: clarify transport level filtering behavior by @​mcollina in pinojs/pino#2390
• fix(transport): sanitize invalid NODE_OPTIONS preloads for workers by @​mcollina in pinojs/pino#2391

Full Changelog: pinojs/pino@v10.3.0...v10.3.1

v10.3.0

What's Changed

• feat: improve the return type of multistream().clone() by @​mrazauskas in pinojs/pino#2377
• feat: set worker thread name for transport identification by @​mcollina in pinojs/pino#2380

Full Changelog: pinojs/pino@v10.2.1...v10.3.0

v10.2.1

What's Changed

• fix: prevent ERR_WORKER_INVALID_EXEC_ARGV with monitoring tools by @​mcollina in pinojs/pino#2379

Full Changelog: pinojs/pino@v10.2.0...v10.2.1

v10.2.0

What's Changed

• chore: lint TypeScript files by @​mrazauskas in pinojs/pino#2363
• fix: prevent memory leak when using transport with --import preload by @​mcollina in pinojs/pino#2374

New Contributors

• @​mrazauskas made their first contribution in pinojs/pino#2363

Full Changelog: pinojs/pino@v10.1.1...v10.2.0

v10.1.1

What's Changed

• fix(types): Correct conditional type handling for generic log function arguments by @​samchungy in pinojs/pino#2329
• perf: use JSON.stringify in fast path for node v25+ by @​ronag in pinojs/pino#2330
• build(deps): bump actions/setup-node from 4 to 6 by @​dependabot[bot] in pinojs/pino#2336
• build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @​dependabot[bot] in pinojs/pino#2337
• build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 by @​dependabot[bot] in pinojs/pino#2338
• docs: update CONTRIBUTING.md to reference 'main' instead of 'master' by @​NoobFullStack in pinojs/pino#2334
• feat(browser): add reportCaller to surface user callsite by @​dev-KingMaster in pinojs/pino#2340
• docs: update transports.md by @​marklai1998 in pinojs/pino#2224
• docs: add Node.js 22+ native TypeScript type stripping support by @​mcollina in pinojs/pino#2347
• feat(types): use ThreadStream type from thread-stream by @​CHC383 in pinojs/pino#2320
• build(deps): bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in pinojs/pino#2354
• build(deps): update thread-stream to v4 by @​mcollina in pinojs/pino#2356
• fix: harden transport loading against prototype pollution by @​omdxp in pinojs/pino#2358

... (truncated)

Commits

• 6b34498 Bumped v10.3.1
• f1203e6 fix(transport): sanitize invalid NODE_OPTIONS preloads for workers (#2391)
• 6a8e598 docs: clarify transport level filtering behavior (#2390)
• 49a4807 Merge branch 'main' of github.com:pinojs/pino
• 960bbbb build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 (#2386)
• e2a5b4a build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#2385)
• 04859e2 chore: update gitignore for ai assistant files
• d6adf03 Bumped v10.3.0
• 06d55b1 feat: set worker thread name for transport identification (#2380)
• a728702 fix: fix multistream().clone() return type (#2377)
• Additional commits viewable in compare view

Updates zod from 3.25.76 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

• 9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors
• f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)
• 251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call
• edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)
• 85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)
• cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)
• dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)
• 762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling
• ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

v4.3.5

Commits:

• 21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)
• e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking
• 0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

• 1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests
• e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)
• 089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs
• decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint
• 9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema
• 66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType
• b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

• f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

• bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)
• f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)
• 0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

• 0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

... (truncated)

Commits

• ca3c862 v4.3.6
• 762e911 Generalize numeric key handling
• dfbbf1c Avoid re-exported star modules (#5656)
• cbf77bb Avoid non null assertion (#5638)
• 85db85e fix: typo in codec.test.ts file (#5628)
• edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
• 251d716 Clean up workflow_call
• f4b7bae Update pullfrog.yml (#5634)
• 9977fb0 Add brand.dev to sponsors
• 0cdc0b8 4.3.5
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[kopahead]

Closing to let Dependabot recreate with a clean lockfile after oss-polish merges.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml