chore(deps): bump the npm-dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the npm-dependencies group with 13 updates in the / directory:

Package	From	To
@linode/api-v4	0.152.0	0.153.0
express	5.1.0	5.2.0
yaml	2.8.1	2.8.2
@types/lodash	4.17.20	4.17.21
@types/node	24.10.0	24.10.1
@typescript-eslint/eslint-plugin	8.46.3	8.48.0
@typescript-eslint/parser	8.46.3	8.48.0
cspell	9.3.0	9.3.2
lint-staged	16.2.6	16.2.7
nodemon	3.1.10	3.1.11
prettier	3.6.2	3.7.3
ts-jest	29.4.5	29.4.6
tsx	4.20.6	4.21.0

Updates @linode/api-v4 from 0.152.0 to 0.153.0

Commits

• 5d74bc6 Merge pull request #13101 from linode/staging
• b1db6fe Merge pull request #13085 from linode/release-v1.155.0
• 1a1e18f Cloud version 1.155.0, API v4 version 0.153.0, Utilities version 0.12.0, Quer...
• 42a6cd9 upcoming: [DI-27571] - Blockstorage onboarding for ACLP Alerts (#13048)
• 61c134d fix: [DI-27818] - Updated preferences logic to clear child filter preference ...
• 8ef367e upcoming: [DI-28003] - New contextual view - selectable dashboards filter in ...
• 9868d7c feat: [UIE-9441] implemented pagination for Plans table (#13055)
• aae562d test [UIE-9584]: fix flakey stackscript tests (#13072)
• a63d148 test [M3-10517]: Fix flaky "timerange-verification.spec.ts" test (#12967)
• 7ddaa00 test [UIE-9599]: Fix flakey create-database test (#13076)
• Additional commits viewable in compare view

Updates express from 5.1.0 to 5.2.0

Release notes

Sourced from express's releases.

v5.2.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @​dependabot[bot] in expressjs/express#6429
• Refactor: simplify acceptsLanguages implementation using spread operator by @​Ayoub-Mabrouk in expressjs/express#6137
• increased code coverage of utils.js file by @​ashish3011 in expressjs/express#6386
• chore: remove duplicate word by @​dufucun in expressjs/express#6456
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @​dependabot[bot] in expressjs/express#6498
• build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @​dependabot[bot] in expressjs/express#6497
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @​dependabot[bot] in expressjs/express#6496
• ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/express#6504
• ci: update codeql config by @​Phillip9587 in expressjs/express#6488
• chore: wider range for query test skip by @​jonchurch in expressjs/express#6512
• chore: fix typos in test by @​noritaka1166 in expressjs/express#6535
• ci: disable credential persistence for checkout actions by @​mertssmnoglu in expressjs/express#6522
• ci: allow manual triggering of workflow by @​shivarm in expressjs/express#6515
• test: add coverage for app.listen() variants by @​kgarg1 in expressjs/express#6476
• docs: move documentation and charters to the discussions and .github … by @​bjohansebas in expressjs/express#6427
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @​dependabot[bot] in expressjs/express#6549
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in expressjs/express#6548
• chore: enforce explicit Buffer import and add lint rule by @​shivarm in expressjs/express#6525
• chore: use node protocol for querystring by @​shivarm in expressjs/express#6520
• chore: fix typo by @​mountdisk in expressjs/express#6609
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @​dependabot[bot] in expressjs/express#6618
• add deprecation warnings for redirect arguments undefined by @​bjohansebas in expressjs/express#6405
• ci: run CI when the markdown changes by @​bjohansebas in expressjs/express#6632
• doc: fix CONTRIBUTING link by @​jonchurch in expressjs/express#6653
• doc: update contributing guidelines and code of conduct links by @​ShubhamOulkar in expressjs/express#6601
• build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @​dependabot[bot] in expressjs/express#6679
• build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @​dependabot[bot] in expressjs/express#6678
• lint: add --fix flag to automatic fix linting issue by @​shivarm in expressjs/express#6644
• chore: ignore yarn.lock file and update example by @​shivarm in expressjs/express#6588
• lib: use req.socket over deprecated req.connection by @​bjohansebas in expressjs/express#6705
• doc: update express app example by @​shivarm in expressjs/express#6718
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in expressjs/express#6675
• Remove history.md from being packaged on publish by @​sheplu in expressjs/express#6780
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in expressjs/express#6797
• build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @​dependabot[bot] in expressjs/express#6796
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in expressjs/express#6795
• build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @​dependabot[bot] in expressjs/express#6794
• build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @​dependabot[bot] in expressjs/express#6793
• ci: add node.js 25 to test matrix by @​Phillip9587 in expressjs/express#6843
• build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @​dependabot[bot] in expressjs/express#6871
• build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @​dependabot[bot] in expressjs/express#6870
• build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by @​dependabot[bot] in expressjs/express#6869
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in expressjs/express#6868

... (truncated)

Changelog

Sourced from express's changelog.

5.2.0 / 2025-12-01

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
• deps: body-parser@^2.2.1
• A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

Commits

• 4007ad1 Release: 5.2.0 (#6920)
• 2f64f68 sec: security patch for CVE-2024-51999
• ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
• 8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
• 30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
• 758d435 deps: body-parser@^2.2.1 (#6922)
• 77bcd52 docs: update emeritus triagers (#6890)
• f33caf1 Nominate to @​efekrskl for triage team (#6888)
• 54af593 refactor: use cached slice in app.listen (#6897)
• 2551a7d docs: switch badges from badgen.net to shields.io (#6900)
• Additional commits viewable in compare view

Updates yaml from 2.8.1 to 2.8.2

Release notes

Sourced from yaml's releases.

v2.8.2

• Serialize -0 as -0 (#638)
• Do not double newlines for empty map values (#642)

Commits

• 086fa6b 2.8.2
• 95f01e9 chore: Add funding to package.json
• 152e204 style: Apply updated Prettier rules & satisfy updated ESLint
• 3f3378c chore: Drop unused dependency cross-env
• f0b9af7 chore: Update to @​rollup/plugin-replace v6
• e3cafc7 chore: Update to eslint-config-prettier v10
• 553c1b5 chore: Refresh lockfile
• 70a8db3 fix: Do not double newlines for empty map values (#642)
• 92821f2 ci: Limit action permissions to minimum required
• 95285f8 fix: Serialize -0 as -0 (fixes #638)
• Additional commits viewable in compare view

Updates @types/lodash from 4.17.20 to 4.17.21

Commits

• See full diff in compare view

Updates @types/node from 24.10.0 to 24.10.1

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.46.3 to 8.48.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.48.0

8.48.0 (2025-11-24)

🚀 Features

• eslint-plugin: [no-redundant-type-constituents] use assignability checking for redundancy checks (#10744)
• rule-tester: remove workaround for jest circular structure error (#11772)
• typescript-estree: gate all errors behind allowInvalidAST (#11693)
• typescript-estree: replace fast-glob with tinyglobby (#11740)

🩹 Fixes

• eslint-plugin: [consistent-generic-constructors] ignore when constructor is typed array (#10477)
• scope-manager: change unhelpful aaa error message and change analyze to expects Program (#11747)
• typescript-estree: infers singleRun as true for project service (#11327)
• typescript-estree: disallow binding patterns in parameter properties (#11760)

❤️ Thank You

• Ben McCann @​benmccann
• Dima Barabash @​dbarabashh
• fisker Cheung @​fisker
• James Henry @​JamesHenry
• JamesHenry @​JamesHenry
• Josh Goldberg
• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• mdm317 @​gen-ip-1
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

v8.47.0

8.47.0 (2025-11-17)

🚀 Features

• eslint-plugin: [no-unused-private-class-members] new extension rule (#10913)

❤️ Thank You

• Brad Zacher @​bradzacher

You can read about our versioning strategy and releases on our website.

v8.46.4

8.46.4 (2025-11-10)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.48.0 (2025-11-24)

🚀 Features

• eslint-plugin: [no-redundant-type-constituents] use assignability checking for redundancy checks (#10744)

🩹 Fixes

• typescript-estree: disallow binding patterns in parameter properties (#11760)
• eslint-plugin: [consistent-generic-constructors] ignore when constructor is typed array (#10477)

❤️ Thank You

• Dima Barabash @​dbarabashh
• JamesHenry @​JamesHenry
• Josh Goldberg
• mdm317 @​gen-ip-1

You can read about our versioning strategy and releases on our website.

8.47.0 (2025-11-17)

🚀 Features

• eslint-plugin: [no-unused-private-class-members] new extension rule (#10913)

❤️ Thank You

• Brad Zacher @​bradzacher

You can read about our versioning strategy and releases on our website.

8.46.4 (2025-11-10)

🩹 Fixes

• parser: error when both projectService and project are set (#11333)
• eslint-plugin: handle override modifier in promise-function-async fixer (#11730)
• eslint-plugin: [no-deprecated] fix double-report on computed literal identifiers (#11006, #10958)

❤️ Thank You

• Evgeny Stepanovych @​undsoft
• Kentaro Suzuki @​sushichan044
• Maria Solano @​MariaSolOs

You can read about our versioning strategy and releases on our website.

Commits

• 6fb1551 chore(release): publish 8.48.0
• d26e9de chore(eslint-plugin): correct TODO comment on the wrong line (#11773)
• 5f04910 fix(typescript-estree): disallow binding patterns in parameter properties (#1...
• a4dc42a chore: migrate to nx 22 (#11780)
• 2ffb168 feat(eslint-plugin): [no-redundant-type-constituents] use assignability check...
• 5ea21f1 fix(eslint-plugin): [consistent-generic-constructors] ignore when constructor...
• 28cf803 chore(release): publish 8.47.0
• 6c6db24 feat(eslint-plugin): [no-unused-private-class-members] new extension rule (#1...
• 843f144 chore(release): publish 8.46.4
• 997e0c0 fix(parser): error when both projectService and project are set (#11333)
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.46.3 to 8.48.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.48.0

8.48.0 (2025-11-24)

🚀 Features

• eslint-plugin: [no-redundant-type-constituents] use assignability checking for redundancy checks (#10744)
• rule-tester: remove workaround for jest circular structure error (#11772)
• typescript-estree: gate all errors behind allowInvalidAST (#11693)
• typescript-estree: replace fast-glob with tinyglobby (#11740)

🩹 Fixes

• eslint-plugin: [consistent-generic-constructors] ignore when constructor is typed array (#10477)
• scope-manager: change unhelpful aaa error message and change analyze to expects Program (#11747)
• typescript-estree: infers singleRun as true for project service (#11327)
• typescript-estree: disallow binding patterns in parameter properties (#11760)

❤️ Thank You

• Ben McCann @​benmccann
• Dima Barabash @​dbarabashh
• fisker Cheung @​fisker
• James Henry @​JamesHenry
• JamesHenry @​JamesHenry
• Josh Goldberg
• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• mdm317 @​gen-ip-1
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

v8.47.0

8.47.0 (2025-11-17)

🚀 Features

• eslint-plugin: [no-unused-private-class-members] new extension rule (#10913)

❤️ Thank You

• Brad Zacher @​bradzacher

You can read about our versioning strategy and releases on our website.

v8.46.4

8.46.4 (2025-11-10)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.48.0 (2025-11-24)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.47.0 (2025-11-17)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.46.4 (2025-11-10)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• 6fb1551 chore(release): publish 8.48.0
• a4dc42a chore: migrate to nx 22 (#11780)
• 28cf803 chore(release): publish 8.47.0
• 843f144 chore(release): publish 8.46.4
• See full diff in compare view

Updates cspell from 9.3.0 to 9.3.2

Release notes

Sourced from cspell's releases.

v9.3.2

Fixes

fix: Add Zig programming language dictionary (#7998)

---

fix: Search for TypeScript config files. (#7997)

TypeScript files were allowed, but would not be automatically found.

---

Dictionary Updates

fix: Workflow Bot -- Update Dictionaries (main) (#8004)

Update Dictionaries (main)

Summary

 .../snapshots/ktaranov/sqlserver-kit/report.yaml   |  4 +--
 .../snapshots/ktaranov/sqlserver-kit/snapshot.txt  |  5 ++-
 packages/cspell-bundled-dicts/package.json         |  6 ++--
 pnpm-lock.yaml                                     | 36 +++++++++++-----------
 4 files changed, 24 insertions(+), 27 deletions(-)

---

... (truncated)

Changelog

Sourced from cspell's changelog.

v9.3.2 (2025-11-15)

Fixes

fix: Add Zig programming language dictionary (#7998)

---

fix: Search for TypeScript config files. (#7997)

TypeScript files were allowed, but would not be automatically found.

---

Dictionary Updates

fix: Workflow Bot -- Update Dictionaries (main) (#8004)

Update Dictionaries (main)

Summary

 .../snapshots/ktaranov/sqlserver-kit/report.yaml   |  4 +--
 .../snapshots/ktaranov/sqlserver-kit/snapshot.txt  |  5 ++-
 packages/cspell-bundled-dicts/package.json         |  6 ++--
 pnpm-lock.yaml                                     | 36 +++++++++++-----------
 4 files changed, 24 insertions(+), 27 deletions(-)

---

v9.3.1 (2025-11-12)

Fixes

... (truncated)

Commits

• 595bde7 v9.3.2
• 7bda47e chore: Prepare Release v9.3.2 (auto-deploy) (#7990)
• 3a6711c fix: Add Zig programming language dictionary (#7998)
• 3f8bf5c v9.3.1
• 05b91fa chore: Prepare Release v9.3.1 (auto-deploy) (#7968)
• 1fe74ea fix: Support Deno (#7966)
• See full diff in compare view

Updates lint-staged from 16.2.6 to 16.2.7

Release notes

Sourced from lint-staged's releases.

v16.2.7

Patch Changes

• #1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.

Changelog

Sourced from lint-staged's changelog.

16.2.7

Patch Changes

• #1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.

Commits

• 0c1b000 chore(changeset): release
• 595b202 build(deps): update dependencies
• ef74c8d fix: do display "failed to spawn" message when task fails normally
• 5cf2a1e style: do not autofix when running lint-staged
• ba40012 chore: drop npx from commit-msg hook
• d67de9a chore: fix pre-push hook usage with changeset
• 8017d1d build(deps): update dependencies
• 922d7f4 ci: remove dependabot integration, it's not useful
• 6aeeef1 docs: add PR template
• a5728b5 docs: add AGENTS.md
• Additional commits viewable in compare view

Updates nodemon from 3.1.10 to 3.1.11

Release notes

Sourced from nodemon's releases.

v3.1.11

3.1.11 (2025-11-11)

Bug Fixes

• script.start with missing file (8d927f1), closes #2258

Commits

• 8d927f1 fix: script.start with missing file
• 9c966c1 chore: website
• 1bf915d chore: website
• 89e92da chore: website
• 838ea0c chore: website
• 7a64464 chore: website
• 079c683 chore: website
• 71934a3 chore: website
• d6ec490 chore: website
• 745a994 Merge branch 'main' of github.com:remy/nodemon
• Additional commits viewable in compare view

Updates prettier from 3.6.2 to 3.7.3

Release notes

Sourced from prettier's releases.

3.7.3

What's Changed

• Fix prettier.getFileInfo() change that breaks VSCode extension by @​fisker in prettier/prettier#18375

🔗 Changelog

3.7.2

What's Changed

• Fix string print when switching quotes by @​fisker in prettier/prettier#18351
• Preserve quote for embedded HTML attribute values by @​kovsu in prettier/prettier#18352
• Fix comment in empty type literal by @​fisker in prettier/prettier#18364

🔗 Changelog

3.7.1

• Fix performance regression in doc printer (#18342 by @​fisker)

🔗 Changelog

3.7.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.7.3

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

3.7.2

diff

JavaScript: Fix string print when switching quotes (#18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")
// Prettier 3.7.1
console.log('A descriptor\'s .kind must be "method" or "field".');
// Prettier 3.7.2
console.log('A descriptor\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;
// Prettier 3.7.1
const html = /* HTML */ &lt;div class=${styles.banner}&gt;&lt;/div&gt;;
// Prettier 3.7.2
const html = /* HTML */ &lt;div class=&quot;${styles.banner}&quot;&gt;&lt;/div&gt;;

TypeScript: Fix comment in empty type literal (#18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};
// Prettier 3.7.1
</tr></table>

... (truncated)

Commits

• fdfa670 Release 3.7.3
• 2dce3ec Fix typo
• 27d6c64 Revert previous change to getFileInfo (#18375)
• f4a7afa Add types for config related functions (#18376)
• 9266e3e Add resolved test cases (#18358)
• 3bfc014 Bump Prettier dependency to 3.7.2
• 081b846 Clean changelog_unreleased
• 03384c9 Release 3.7.2
• 514e51a Release @​prettier/plugin-hermes & @​prettier/plugin-oxc v0.1.2
• 29a11ae Fix comment in empty type literal (#18364)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prettier since your current version.

Updates ts-jest from 29.4.5 to 29.4.6

Release notes

Sourced from ts-jest's releases.

v29.4.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.6 (2025-12-01)

Bug Fixes

• log hybrid module as warning instead of failing tests (#5144) (528d37c), closes #5130

Commits

• 202bde5 chore(release): 29.4.6 (#5146)
• 528d37c fix: log hybrid module as warning instead of failing tests (#5144)
• 141e5af build(deps): update github/codeql-action digest to 497990d
• d281cce build(deps): update google/osv-scanner-action action to v2.3.0
• 0d20322 build(deps): update dependency memfs to ^4.51.0
• 455dde2 build(deps): update dependency js-yaml to ^4.1.1
• d579480 build(deps): update dependency @​types/node to v20.19.25
• f6859d0 build(deps): update dependency @​types/yargs to ^17.0.35
• 4d7e432 build(deps): update github/codeql-action digest to d3ced5c
• 4ea70c9 build(deps): update actions/checkout digest to 34e1148
• Additional commits viewable in compare view

Updates tsx from 4.20.6 to 4.21.0

Release notes

Sourced from tsx's releases.

v4.21.0

4.21.0 (2025-11-30)

Features

• upgrade esbuild (#748) (048fb62)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• f6284cd ci: lock in semantic-release v24
• 048fb62 feat: upgrade esbuild (#748)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependabot. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.