Bump the all-dependencies group with 6 updates

[dependabot]

Bumps the all-dependencies group with 6 updates:

Package	From	To
express	4.21.2	5.1.0
@types/express	4.17.21	5.0.2
octokit	3.2.2	5.0.2
zod	3.24.4	3.25.23
@types/node	20.17.46	22.15.21
ts-jest	29.3.2	29.3.4

Updates express from 4.21.2 to 5.1.0

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

• Update captains by @​UlisesGascon in expressjs/express#6027
• build: Node.js 23.0 by @​bjohansebas in expressjs/express#6075
• Add funding field (v5) by @​bjohansebas in expressjs/express#6064
• ✅ add discarded middleware test by @​ctcpip in expressjs/express#5819
• update homepage link http to https by @​bjohansebas in expressjs/express#5920
• Improve readme by @​bjohansebas in expressjs/express#5994
• Add bjohansebas as repo captain for expressjs.com by @​crandmck in expressjs/express#6058
• Remove Object.setPrototypeOf polyfill by @​Phillip9587 in expressjs/express#6081
• fix(buffer): use node:buffer instead of safe-buffer by @​bhavya3024 in expressjs/express#6071
• docs: Add DCO by @​UlisesGascon in expressjs/express#6048
• cleanup: remove promise support check from tests by @​Phillip9587 in expressjs/express#6148
• Use loop for acceptParams by @​blakeembrey in expressjs/express#6066
• Improve documentation step in release process by @​bjohansebas in expressjs/express#6150
• cleanup: remove unnecessary require for global Buffer by @​Phillip9587 in expressjs/express#6146
• cleanup: remove AsyncLocalStorage check by @​Phillip9587 in expressjs/express#6147
• update history.md for acceptParams change by @​jonchurch in expressjs/express#6177
• docs: add @​rxmarbles to the triage team by @​UlisesGascon in expressjs/express#6151
• refactor: improve readability by @​sazk07 in expressjs/express#6173
• docs: clarify the security process in the triage role by @​bjohansebas in expressjs/express#6217
• chore: replace methods dependency with standard library by @​jonkoops in expressjs/express#6196
• Remove utils-merge dependency - use spread syntax instead by @​Phillip9587 in expressjs/express#6091
• fix(securite): fix vulnerabilities by @​Abdel-Monaam-Aouini in expressjs/express#6211
• refactor: prefix built-in node module imports by @​slagiewka in expressjs/express#6236
• fix: remove download size badges by @​wesleytodd in expressjs/express#6266
• Remove unused depd dependency by @​jonkoops in expressjs/express#6197
• fix: usage of Invalid action input 'persist-credentials' for actions/setup-node@v4 in ci.yml by @​hamirmahal in expressjs/express#6256
• Add support for OSSF scorecard reporting by @​UlisesGascon in expressjs/express#5431
• docs: add @​Phillip9587 to the triage team by @​bjohansebas in expressjs/express#6276
• fix: added a missing semicolon in css styles in examples/auth by @​pr4j3sh in expressjs/express#6297
• docs: include team email in the security policy by @​UlisesGascon in expressjs/express#6278
• refactor: simplify normalizeTypes function by @​Ayoub-Mabrouk in expressjs/express#6097
• ci: updated github actions ci workflow by @​Phillip9587 in expressjs/express#6314
• ci: fix npm install --include typo by @​Phillip9587 in expressjs/express#6324
• ci: updated scorecard actions by @​Phillip9587 in expressjs/express#6322
• build(deps): use carat notation for dependency versions by @​dpopp07 in expressjs/express#6317
• chore(deps): update debug to ^4.4.0 by @​Phillip9587 in expressjs/express#6313
• docs: retroactively note 5.0.0-beta.1 api change in history file by @​dpopp07 in expressjs/express#6333
• feat(deps): body-parser@^2.1.0 by @​wesleytodd in expressjs/express#6332
• feat(deps): router@^2.1.0 by @​wesleytodd in expressjs/express#6331
• Update repo captains by @​UlisesGascon in expressjs/express#6234
• deps: upgrade nyc by @​agungjati in expressjs/express#6122
• fix (deps): update deps by @​wesleytodd in expressjs/express#6337
• response: add support for ETag option in res.sendFile by @​juanarbol in expressjs/express#6073
• Update multiple links to use https instead of http by @​Phillip9587 in expressjs/express#6338
• Extend res.links() to allow adding multiple links with the same rel #2729 by @​andvea in expressjs/express#4885
• docs: update emeritus triagers by @​UlisesGascon in expressjs/express#6345
• docs: update guidance for triager nominations by @​bjohansebas in expressjs/express#6349
• docs: clarify guidelines for becoming a committer by @​bjohansebas in expressjs/express#6364

... (truncated)

Changelog

Sourced from express's changelog.

5.1.0 / 2025-03-31

• Add support for Uint8Array in res.send()
• Add support for ETag option in res.sendFile()
• Add support for multiple links with the same rel in res.links()
• Add funding field to package.json
• perf: use loop for acceptParams
• refactor: prefix built-in node module imports
• deps: remove setprototypeof
• deps: remove safe-buffer
• deps: remove utils-merge
• deps: remove methods
• deps: remove depd
• deps: debug@^4.4.0
• deps: body-parser@^2.2.0
• deps: router@^2.2.0
• deps: content-type@^1.0.5
• deps: finalhandler@^2.1.0
• deps: qs@^6.14.0
• deps: server-static@2.2.0
• deps: type-is@2.0.1

5.0.1 / 2024-10-08

• Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

• remove:
  • path-is-absolute dependency - use path.isAbsolute instead
• breaking:
  • res.status() accepts only integers, and input must be greater than 99 and less than 1000
    • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
    • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
  • deps: send@1.0.0
  • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
• change:
  • res.clearCookie will ignore user provided maxAge and expires options
• deps: cookie-signature@^1.2.1
• deps: debug@4.3.6
• deps: merge-descriptors@^2.0.0
• deps: serve-static@^2.1.0
• deps: qs@6.13.0
• deps: accepts@^2.0.0
• deps: mime-types@^3.0.0
  • application/javascript => text/javascript
• deps: type-is@^2.0.0
• deps: content-disposition@^1.0.0

... (truncated)

Commits

• cd7d439 5.1.0
• 4c4f3ea fix(deps): serve-static@^2.2.0 (#6418)
• cb4c56e fix(docs): remove @​mertcanaltin from Triagers (#6408)
• 7b44e1d ci: use full SHAs for github action versions
• eb6d125 deps: router@^2.2.0 (#6417)
• f1a2dc8 deps: type-is@^2.0.1 (#6420)
• 6b51e8e deps: body-parser@^2.2.0 (#6419)
• 1f311c5 build(deps-dev): bump cookie-session from 2.0.0 to 2.1.0 (#6399)
• 9e97144 feat(deps): finalhandler@2.1.0 (#6373)
• 29d0980 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#6397)
• Additional commits viewable in compare view

Updates @types/express from 4.17.21 to 5.0.2

Commits

• See full diff in compare view

Updates octokit from 3.2.2 to 5.0.2

Release notes

Sourced from octokit's releases.

v5.0.2

5.0.2 (2025-05-20)

Bug Fixes

• deps: update octokit monorepo (major) (#2853) (edfce61)

v5.0.1

5.0.1 (2025-05-20)

Bug Fixes

• deps: add explicit dependency on @octokit/webhooks (#2847) (2b5ed09), closes #2844

v5.0.0

5.0.0 (2025-05-20)

Continuous Integration

• stop testing against NodeJS v18 (#2846) (8ec7ed7)

BREAKING CHANGES

• Drop support for NodeJS v18

• ci: stop testing against NodeJS v18

v4.1.4

4.1.4 (2025-05-20)

Bug Fixes

• deps: add explicit dependency on @octokit/webhooks (#2847) (3589cd2), closes #2844

v4.1.3

4.1.3 (2025-04-10)

Bug Fixes

• deps: update octokit monorepo (major) (#2836) (4ccc6d3)

v4.1.2

4.1.2 (2025-02-15)

... (truncated)

Commits

• edfce61 fix(deps): update octokit monorepo (major) (#2853)
• 2b5ed09 fix(deps): add explicit dependency on @octokit/webhooks (#2847)
• 8ec7ed7 ci: stop testing against NodeJS v18 (#2846)
• c5d2f0f build(deps): lock file maintenance (#2849)
• fe29c78 build(deps): bump vite from 6.3.2 to 6.3.5 (#2843)
• 4d1c4bf build(deps): lock file maintenance (#2839)
• 5aa4572 build(deps): lock file maintenance (#2838)
• d793c57 build(deps): bump vite from 6.2.5 to 6.2.6 (#2837)
• 4ccc6d3 fix(deps): update octokit monorepo (major) (#2836)
• 80bc5c8 ci: use Node LTS instead of pinning to specific version (#2830)
• Additional commits viewable in compare view

Updates zod from 3.24.4 to 3.25.23

Release notes

Sourced from zod's releases.

v3.25.23

Commits:

• 2529f82726955ac204add9278f609c5ccc896233 fix: update correct JSON Schema identifiers (#4485)
• 596a429e55795ed1529cb154efcd8136c04f5036 3.25.23

v3.25.22

Commits:

• 61adf85cba3a035c005e8de173a3dc08076e4ab8 Update basics.mdx: Fix #4479 (#4480)
• f3a5fe6eeea5c86e43a23bcf1666b48dfddc6b9e Fix incorrect code block in zod safeParse documentation (#4467)
• 2a6fe867dec59fc7681289099b1c246f579b590f Update README.md (#4465)
• 8acf0e1f8ab2eaff1affe4e798468883abeae823 docs: fix safeParse sentence (#4450)
• 98c849de3b07ff335a1c8ce59f0beed9596c2211 3.25.22. Remove src and test from package. Add semver precommit check. Update release-canary

v3.25.21

Commits:

• a2c98924956f5601358577285e7b45675e26f26f Clean up play.ts
• 6d47791be6088907af7f8e0ae3bf154164650509 Fix v.custom input type, add z.core., error map docs

v3.25.20

Commits:

• 709dfe3d130ef696d3565f877326230a22b3e887 Add global File fallback

v3.25.18

Commits:

• 17ee03e85495c111354cd75e50b8d239b0d92c79 v3.25.18

v3.25.17

Commits:

• 4bf6b20cc365feb8d26f20cf91fc3076cc13d3ef Update locale docs with extension
• 7191b3cec647985f74ec96e65a2f8a9c230354de Impl tshy-style build
• c623370ff18475088f67148382d5e62c4dc80429 dist/types as commonjs
• 31e02696ac2b6d1d27eeabb92e8f909dd7ffea50 Fix locale wildcard
• 4eccc3bcd02478bbe4cde516ca347d1df435d260 3.25.17

v3.25.16

Commits:

• 3dec3fc6313863fa6a907f78c1d5fb9526fb7dbe Fix wildcard

v3.25.15

Commits:

• 9622b925c382a61a40931700511af1cd79f4bf65 3.25.15
• 7f4a70751daf3eb66ffed58ec2f6ae6b7214bc1a 3.25.15

... (truncated)

Commits

• 596a429 3.25.23
• 2529f82 fix: update correct JSON Schema identifiers (#4485)
• 98c849d 3.25.22. Remove src and test from package. Add semver precommit check. Update...
• 8acf0e1 docs: fix safeParse sentence (#4450)
• 2a6fe86 Update README.md (#4465)
• f3a5fe6 Fix incorrect code block in zod safeParse documentation (#4467)
• 61adf85 Update basics.mdx: Fix #4479 (#4480)
• 6d47791 Fix v.custom input type, add z.core., error map docs
• a2c9892 Clean up play.ts
• 709dfe3 Add global File fallback
• Additional commits viewable in compare view

Updates @types/express from 4.17.21 to 5.0.2

Commits

• See full diff in compare view

Updates @types/node from 20.17.46 to 22.15.21

Commits

• See full diff in compare view

Updates ts-jest from 29.3.2 to 29.3.4

Release notes

Sourced from ts-jest's releases.

v29.3.4

Please refer to CHANGELOG.md for details.

v29.3.3

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.3.4 (2025-05-16)

Bug Fixes

• fix: fix TsJestTransformerOptions type (3b11e29), closes #4247
• fix(cli): fix wrong path for preset creator fns (249eb2c)
• fix(config): disable rewriteRelativeImportExtensions always (9b1f472), closes #4855

29.3.3 (2025-05-14)

Bug Fixes

• fix(cli): init config with preset creator functions (cdd3039), closes #4840
• fix(config): disable isolatedDeclarations (5d6b35f), closes #4847

Commits

• ee81cc6 chore(release): 29.3.4
• 9b1f472 fix(config): disable rewriteRelativeImportExtensions always
• fce110f build: bump typescript to latest
• 3b11e29 fix: fix TsJestTransformerOptions type
• 5637805 build(deps): Update dependency memfs to ^4.17.2
• 249eb2c fix(cli): fix wrong path for preset creator fns
• 0dc22ca build(deps): Update dependency eslint-plugin-jsdoc to ^50.6.17
• 6705713 build(deps): Update dependency ts-jest to ^29.3.3
• 2709d7b build(deps): Update dependency eslint-plugin-jsdoc to ^50.6.16
• 16cade9 chore(release): 29.3.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions