fix: update auto merge on patch or minor

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@commitlint/cli (source)	20.4.1 → 20.4.2			devDependencies	patch
@commitlint/config-conventional (source)	20.4.1 → 20.4.2			devDependencies	patch
@commitlint/prompt-cli (source)	20.4.1 → 20.4.2			devDependencies	patch
@prisma/adapter-pg (source)	^7.4.0 → ^7.4.1			dependencies	patch
@prisma/client (source)	^7.4.0 → ^7.4.1			dependencies	patch
@prisma/client-runtime-utils (source)	^7.4.0 → ^7.4.1			dependencies	patch
dotenv	^17.3.0 → ^17.3.1			dependencies	patch
eslint (source)	9.39.2 → 9.39.3			devDependencies	patch
graphql	16.12.0 → 16.13.0			devDependencies	minor
hono (source)	^4.11.9 → ^4.12.2			dependencies	minor
knip (source)	5.83.1 → 5.85.0			devDependencies	minor
node (source)	24.13.1 → 24.14.0				minor
pnpm (source)	10.29.3 → 10.30.2			packageManager	minor
prisma (source)	7.4.0 → 7.4.1			devDependencies	patch
redis	8.6.0-alpine → 8.6.1-alpine				patch
rimraf	6.1.2 → 6.1.3			devDependencies	patch

---

Release Notes

conventional-changelog/commitlint (@​commitlint/cli)

v20.4.2

Compare Source

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v20.4.2

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

conventional-changelog/commitlint (@​commitlint/prompt-cli)

v20.4.2

Compare Source

Note: Version bump only for package @​commitlint/prompt-cli

prisma/prisma (@​prisma/adapter-pg)

v7.4.1

Compare Source

Today, we are issuing a 7.4.1 patch release focused on bug fixes and quality improvements.

🛠 Fixes

Prisma Client

• Fix cursor-based pagination regression with parameterised values (#​29184)
• Preserve Prisma.skip through query extension argument cloning (#​29198)
• Enable batching of multiple queries inside interactive transactions (#​25571)
• Add missing JSON value deserialization for JSONB parameter fields (#​29182)
• Apply result extensions correctly for nested and fluent relations (#​29218)
• Allow missing config datasource URL and validate only when needed (prisma/prisma-engines#5777)

Driver Adapters

• @​prisma/adapter-ppg: Handle null values in type parsers for nullable columns (#​29192)

Prisma Schema Language

• Support where argument on field-level @unique for partial indexes (prisma/prisma-engines#5774)
• Add object expression and object member support to schema reformatter (prisma/prisma-engines#5776)

🙏 Huge thanks to our community

Many of the fixes in this release were contributed by our amazing community members. We're grateful for your continued support and contributions that help make Prisma better for everyone!

motdotla/dotenv (dotenv)

v17.3.1

Compare Source

Changed

• Fix as2 example command in README and update spanish README

eslint/eslint (eslint)

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

graphql/graphql-js (graphql)

v16.13.0

Compare Source

honojs/hono (hono)

v4.12.2

Compare Source

Security fix

Fixed incorrect handling of X-Forwarded-For in the AWS Lambda adapter behind ALB that could allow IP-based access control bypass. The detail: GHSA-xh87-mx6m-69f3

Thanks @​EdamAme-x

What's Changed

• fix(context): revert PR #​4707 by @​yusukebe in #​4757

Full Changelog: honojs/hono@v4.12.1...v4.12.2

v4.12.1

Compare Source

What's Changed

• fix(client): export ApplyGlobalResponse from hono/client by @​sushichan044 in #​4743

Full Changelog: honojs/hono@v4.12.0...v4.12.1

v4.12.0

Compare Source

Release Notes

Hono v4.12.0 is now available!

This release includes new features for the Hono client, middleware improvements, adapter enhancements, and significant performance improvements to the router and context.

$path for Hono Client

The Hono client now has a $path() method that returns the path string instead of a full URL. This is useful when you need just the path portion for routing or key-based operations:

const client = hc<typeof app>('http://localhost:8787')

// Get the path string
const path = client.api.posts.$path()
// => '/api/posts'

// With path parameters
const postPath = client.api.posts[':id'].$path({
  param: { id: '123' },
})
// => '/api/posts/123'

// With query parameters
const searchPath = client.api.posts.$path({
  query: { filter: 'test' },
})
// => '/api/posts?filter=test'

Unlike $url() which returns a URL object, $path() returns a plain path string, making it convenient for use with routers or as cache keys.

Thanks @​ShaMan123!

ApplyGlobalResponse Type Helper for RPC Client

The new ApplyGlobalResponse type helper allows you to add global error response types to all routes in the RPC client. This is useful for typing common error responses from app.onError() or global middlewares:

const app = new Hono()
  .get('/api/users', (c) => c.json({ users: ['alice', 'bob'] }, 200))
  .onError((err, c) => c.json({ error: err.message }, 500))

type AppWithErrors = ApplyGlobalResponse<
  typeof app,
  {
    401: { json: { error: string; message: string } }
    500: { json: { error: string; message: string } }
  }
>

const client = hc<AppWithErrors>('http://api.example.com')
// Now client knows about both success and error responses
const res = await client.api.users.$get()
// InferResponseType includes { users: string[] } | { error: string; message: string }

Thanks @​mohankumarelec!

SSG Redirect Plugin

A new redirectPlugin for SSG generates static HTML redirect pages for HTTP redirect responses (301, 302, 303, 307, 308):

import { toSSG } from 'hono/ssg'
import { defaultPlugin, redirectPlugin } from 'hono/ssg'

const app = new Hono()
app.get('/old', (c) => c.redirect('/new'))
app.get('/new', (c) => c.html('New Page'))

// redirectPlugin must be placed before defaultPlugin
await toSSG(app, fs, {
  plugins: [redirectPlugin(), defaultPlugin()],
})

The generated redirect pages include a <meta http-equiv="refresh"> tag, a canonical link, and a robots noindex meta tag.

Thanks @​3w36zj6!

onAuthSuccess Callback for Basic Auth

The Basic Auth middleware now supports an onAuthSuccess callback that is invoked after successful authentication. This allows you to set context variables or perform logging without re-parsing the Authorization header:

app.use(
  '/auth/*',
  basicAuth({
    username: 'hono',
    password: 'ahotproject',
    onAuthSuccess: (c, username) => {
      c.set('user', { name: username, role: 'admin' })
      console.log(`User ${username} authenticated`)
    },
  })
)

The callback also works with async functions and the verifyUser mode.

Thanks @​AprilNEA!

getConnInfo for AWS Lambda, Cloudflare Pages, and Netlify

getConnInfo() is now available for three additional adapters:

// AWS Lambda (supports API Gateway v1, v2, and ALB)
import { handle, getConnInfo } from 'hono/aws-lambda'

// Cloudflare Pages
import { handle, getConnInfo } from 'hono/cloudflare-pages'

// Netlify
import { handle, getConnInfo } from 'hono/netlify'

app.get('/', (c) => {
  const info = getConnInfo(c)
  return c.text(`Your IP: ${info.remote.address}`)
})

Thanks @​rokasta12!

alwaysRedirect Option for Trailing Slash Middleware

The trailing slash middleware now supports an alwaysRedirect option. When enabled, the middleware redirects before executing handlers, which fixes the issue where trailing slash handling doesn't work with wildcard routes:

app.use(trimTrailingSlash({ alwaysRedirect: true }))

app.get('/my-path/*', async (c) => {
  return c.text('wildcard')
})

// /my-path/something/ will be redirected to /my-path/something
// before the wildcard handler is executed

Progressive Locale Code Truncation

The normalizeLanguage function in the language middleware now supports RFC 4647 Lookup-based progressive truncation. Locale codes like ja-JP will match ja when only the base language is in supportedLanguages:

app.use(
  '/*',
  languageDetector({
    supportedLanguages: ['en', 'ja'],
    fallbackLanguage: 'en',
    order: ['cookie', 'header'],
  })
)

// Accept-Language: ja-JP → matches 'ja'
// Accept-Language: ko-KR → falls back to 'en'

Thanks @​sorafujitani!

exports Field for ExecutionContext

The ExecutionContext type now includes an exports property for Cloudflare Workers. You can use module augmentation to type it with Wrangler's generated types:

import 'hono'

declare module 'hono' {
  interface ExecutionContext {
    readonly exports: Cloudflare.Exports
  }
}

Thanks @​toreis-up!

Performance Improvements

TrieRouter 1.5x ~ 2.0x Faster

The TrieRouter has been significantly optimized with reduced spread syntax usage, O(1) hasChildren checks, lazy regular expression generation, and removal of redundant processes:

Route	Node.js	Deno	Bun
short static GET /user	1.70x	1.40x	1.34x
dynamic GET /user/lookup/username/hey	1.38x	1.69x	1.51x
wildcard GET /static/index.html	1.51x	1.72x	1.43x
all together	1.58x	1.60x	1.82x

Thanks @​EdamAme-x!

Fast Path for c.json()

c.json() now has the same fast path optimization as c.text(). When no custom status, headers, or finalized state exists, the Response is created directly without allocating a Headers object:

// This common pattern is now faster
return c.json({ message: 'Hello' })

Benchmark results:

Metric	Before	After	Change
Reqs/sec	92,268	95,244	+3.2%
Latency	5.42ms	5.25ms	-3.1%
Throughput	17.24MB/s	19.07MB/s	+10.6%

Thanks @​mgcrea!

New features

• feat(client): Add ApplyGlobalResponse type helper for RPC Client #​4556
• feat(ssg): add redirect plugin #​4599
• feat(client): $path #​4636
• feat(basic-auth): add context key and callback options #​4645
• feat(adapter): add getConnInfo for AWS Lambda, Cloudflare Pages, and Netlify #​4649
• feat(trailing-slash): add alwaysRedirect option to support wildcard routes #​4658
• feat(language): add progressive locale code truncation to normalizeLanguage #​4717
• feat(types): Add exports field to ExecutionContext #​4719

Performance

• perf(context): add fast path to c.json() matching c.text() optimization #​4707
• perf(trie-router): improve performance (1.5x ~ 2.0x) #​4724
• perf(context): use createResponseInstance for new Response #​4733

All changes

• fix(jsx/dom): handle empty arrays in render children loop by @​mixelburg in #​4729
• perf(jsx/dom): flatten children once at the start to avoid repeated flattening by @​usualoma in #​4730
• fix(client): skip undefined values in form data serialization by @​aidenlx in #​4732
• feat(client): Add ApplyGlobalResponse type helper for RPC Client by @​mohankumarelec in #​4556
• feat(ssg): add redirect plugin by @​3w36zj6 in #​4599
• feat(client): $path by @​ShaMan123 in #​4636
• feat(basic-auth): add context key and callback options by @​AprilNEA in #​4645
• feat(adapter): add getConnInfo for AWS Lambda, Cloudflare Pages, and Netlify by @​rokasta12 in #​4649
• feat(trailing-slash): add alwaysRedirect option to support wildcard routes by @​yusukebe in #​4658
• perf(context): add fast path to c.json() matching c.text() optimization by @​mgcrea in #​4707
• feat(language): add progressive locale code truncation to normalizeLanguage by @​sorafujitani in #​4717
• feat(types): Add exports field to ExecutionContext by @​toreis-up in #​4719
• perf(trie-router): improve performance (1.5x ~ 2.0x) by @​EdamAme-x in #​4724
• perf(context): use createResponseInstance for new Response by @​yusukebe in #​4733
• Next by @​yusukebe in #​4735

New Contributors

• @​mixelburg made their first contribution in #​4729
• @​aidenlx made their first contribution in #​4732
• @​mohankumarelec made their first contribution in #​4556
• @​ShaMan123 made their first contribution in #​4636
• @​rokasta12 made their first contribution in #​4649
• @​mgcrea made their first contribution in #​4707

Full Changelog: honojs/hono@v4.11.10...v4.12.0

v4.11.10

Compare Source

What's Changed

• fix: fixed to be more properly timing safe (Merge commit from fork 91def7c)

Full Changelog: honojs/hono@v4.11.9...v4.11.10

webpro-nl/knip (knip)

v5.85.0: Release 5.85.0

Compare Source

• Fix require.context regex matching for path-aware patterns (#​1547) (c33d93a) - thanks @​jstaab!
• Make knip compatible with erasableSyntaxOnly (#​1541) (f63089b) - thanks @​wojtekmaj!
• feat: add Payload CMS plugin (#​1546) (58d99de) - thanks @​Robot-Inventor!
• Look everywhere for manifest/robots file in next plugin (9da6205)
• Merge some next glob patterns (8c5f35f)
• Add SAP & Google Gemini to projects using Knip (c8ab895)
• Bump remark-preset-webpro & dedupe (b9372cd)
• Document CLI usage for LS (97fe1cf)
• fix: tsdown entry compatibility issues #​1550 (#​1554) (95051eb) - thanks @​huijiewei!
• Fix incorrect coverage provider being reported (#​1552) (2d0b5cd) - thanks @​rexxars!
• Temp disable npmx in ecosystem run (a5cd986)
• Fix OOM in gitignore walk for large monorepos (f192a6b)
• Release knip@​5.85.0 (e28a3e7)

v5.84.1: Release 5.84.1

Compare Source

• Fix false positives for arrow-wrapped dynamic imports assigned to variables (#​1544) (75a42c3) - thanks @​jantimon!
• Improve pnpm arg handling (df8c353)
• Ignore module.register if 2nd arg is not import.meta.url (#​1535) (970fdb1)

v5.84.0: Release 5.84.0

Compare Source

• Post-release shenanigans (e7965cb)
• Move most compilers to plugins & register from there (61beafe)
• Minor refactor (e20a682)
• Fix lint issues (d2bbc13)
• Add missing catalog property to rules in JSON schema (#​1518) (5d49dea) - thanks @​Mohmdev!
• feat(plugins): add @​typescript/native-preview (tsgo) support (#​1513) (babfb10) - thanks @​jgoux!
• Fix up quoting for spaced args (resolve #​1515) (2b735cb)
• Switch to tsconfig-aware module resolver in input handler (634d0f6)
• Use bun test positionals as entry points (resolve #​1521) (da94725)
• Edit docs (327726f)
• Minor refactor while at it (dc87e8e)
• Add config hints for unused ignore and ignoreFiles items (a4989ee)
• Accept known bins only behind double-dash (resolve #​1524) (b9214e3)
• feat(plugins): add support for bun test preloaded files (#​1525) (14ee32a) - thanks @​jgoux!
• Add date to IGNORED_GLOBAL_BINARIES (#​1476) (f08f92b) - thanks @​duci9y!
• Fix edge case for binaries in scripts (82331ee)
• Report ignore/files config hints only if sure & relevant (4c3bd08)
• Add consistent repository fields (781a0fd)
• Add language-server bin (13d7845)
• Use --stdio if no transport provided (bedb21a)
• Refactor from "enabled" to "deferSession" (resolve #​1499) (15e3360)
• Use initializationOptions.config or default fallback config obj (resolve #​1503) (0abe568)
• Also publish ls + mcp with pkg-pr-new (7806526)
• Auto-format (51b7dc1)
• Remove chdir shenanigans (close #​1516) (0cbee8f)
• Bind console.* to distinguish internal↔ external logs (3eac278)
• Add early bail-outs for changed files we can ignore (36c2dd5)
• Avoid unnecessary module graph updates for unmodified files (f94c41f)
• Fix typo in pkg-pr-new-pkg-dir (7e7a8b0)
• Add .DS_Store to .gitignore (#​1530) (40fe5cc) - thanks @​wojtekmaj!
• Ignore RNC CLI and metro internals in react-native projects (#​1528) (0f892ae) - thanks @​wojtekmaj!
• Support nested _generated dirs in Convex plugin (#​1531) (bd75e9f) - thanks @​kvnwolf!
• Housekeep cli help output (c24e746)
• Fix up gitignore test (6bc640c)
• Introduce isFilterTransitiveDependencies flag (close #​1507, close #​1101) (8678df2)
• Housekeep webpack plugin (2cc1306)
• Move up plugin.setup & tear down plugin.teardown (4dbf23d)
• Skip config file loading if only external re-exports (ab775b1)
• Improve & optimize ignore pattern handling (c3d3912)
• Housekeep compiler registration (2aaf9fc)
• Edit docs re. config file location (79bfb35)
• Register visitors from plugins (9b059f8)
• importMetaGlobCall visitor for Vite plugin (1874b19)
• Extend registerVisitors with script visitor support (728c814)
• Move execa script visitor to execa plugin (71c739a)
• Move zx script visitor to zx plugin (5ac24c7)
• Add require.context visitor to webpack plugin (100f174)
• Add module.register() visitor for Node.js loader API (resolve #​1535) (742407c)
• Add .DS_Store in fixtures to .gitignore (#​1534) (90fa677) - thanks @​wojtekmaj!
• Mention that depcheck recommends knip (#​1536) (75d00ff) - thanks @​ArtskydJ!
• Remove @source matcher from tailwind plugin (resolve #​1537) (b7149b6)
• Fix -w → -W flag for Yarn (f305250)
• Update AGENTS.md (ec83887)
• Extract and extend react-native plugin (#​1538) (9fd04a8)
• Add pm2 plugin (#​1540) (3bb4203) - thanks @​wojtekmaj!
• Fix Yarn (Berry) plugins and binaries reported as unused (#​1523) (4f0a307) - thanks @​wojtekmaj!
• Update docs (ed23dd2)
• Minor refactor while at it (4115b97)
• Add @​knip/create-config to release script (1135b82)

nodejs/node (node)

v24.14.0

Compare Source

pnpm/pnpm (pnpm)

v10.30.2

Compare Source

v10.30.1: pnpm 10.30.1

Compare Source

Patch Changes

• Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #​10649.

Platinum Sponsors

Gold Sponsors

v10.30.0: pnpm 10.30

Compare Source

Minor Changes

• pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

• Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #​7122.
• Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #​10596.

Platinum Sponsors

Gold Sponsors

isaacs/rimraf (rimraf)

v6.1.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.