Bump the all group across 3 directories with 8 updates

[dependabot]

Bumps the all group with 1 update in the /playwright directory: @types/node.
Bumps the all group with 5 updates in the /samples/demo directory:

Package	From	To
@types/node	24.9.1	24.10.0
@types/pg	8.15.5	8.15.6
mongodb	6.20.0	7.0.0
@types/express	5.0.4	5.0.5
rimraf	6.0.1	6.1.0

Bumps the all group with 4 updates in the /samples/demo/client directory: @types/node, react-router, react-router-dom and vite.

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates @types/pg from 8.15.5 to 8.15.6

Commits

• See full diff in compare view

Updates mongodb from 6.20.0 to 7.0.0

Release notes

Sourced from mongodb's releases.

v7.0.0

7.0.0 (2025-11-06)

The MongoDB Node.js team is pleased to announce version 7.0.0 of the mongodb package!

Release Notes

The following is a detailed collection of the changes in the major v7 release of the mongodb package for Node.js. The main focus of this release was usability improvements and a streamlined API. Read on for details!

[!IMPORTANT] This is a list of changes relative to v6.21.0 of the driver. ALL changes listed below are BREAKING unless indicated otherwise. Users migrating from an older version of the driver are advised to upgrade to at least v6.21.0 before adopting v7.

🛠️ Runtime and dependency updates

Minimum Node.js version is now v20.19.0

The minimum supported Node.js version is now v20.19.0 and our TypeScript target has been updated to ES2023. We strive to keep our minimum supported Node.js version in sync with the runtime's release cadence to keep up with the latest security updates and modern language features.

Notably, the driver now offers native support for explicit resource management. Symbol.asyncDispose implementations are available on the MongoClient, ClientSession, ChangeStream and on cursors.

[!Note] Explicit resource management is considered experimental in the driver and will be until the TC39 explicit resource management proposal is completed.

bson and mongodb-connection-string-url versions 7.0.0

This driver version has been updated to use bson@7.0.0 and mongodb-connection-string-url@7.0.0, which match the driver's Node.js runtime version support. BSON functionality re-exported from the driver is furthermore subject to the changes outlined in the BSON V7 release notes.

Optional peer dependency releases and version bumps

• @mongodb-js/zstd optional peer dependency minimum version raised to 7.0.0, dropped support for 1.x and 2.x (note that @mongodb-js/zstd does not have 3.x-6.x version releases)
• kerberos optional peer dependency minimum version raised to 7.0.0, dropped support for 2.x (note that kerberos does not have 3.x-6.x version releases)
• mongodb-client-encryption optional peer dependency minimum version raised to 7.0.0, dropped support for 6.x

Additionally, the driver is now compatible with the following packages:

Dependency	Previous Range	New Allowed Range
@​aws-sdk/credential-providers	^3.188.0	^3.806.0
gcp-metadata	^5.2.0	^7.0.1
socks	^2.7.1	^2.8.6

🔐 AWS authentication

To improve long-term maintainability and ensure compatibility with AWS updates, we’ve standardized AWS auth to use the official SDK in all cases and made a number of supporting changes outlined below.

@aws-sdk/credential-providers is now required for MONGODB-AWS authentication

Previous versions of the driver contained two implementations for AWS authentication and could run the risk of the custom driver implementation not supporting all AWS authentication features as well as not being correct when AWS makes changes. Using the official AWS SDK in all cases alleviates these issues.

... (truncated)

Changelog

Sourced from mongodb's changelog.

7.0.0 (2025-11-06)

⚠ BREAKING CHANGES

• NODE-7259: use alphas of all supporting packages (#4746)
• NODE-5510: dont filter change stream options (#4723)
• NODE-6296: remove cursor default batch size of 1000 (#4729)
• NODE-7150: update peer dependency matrix for 3rd party peer deps (#4720)
• NODE-7046: remove AWS uri/options support (#4689)
• NODE-4808: remove support for stream() transform on cursors and change streams (#4728)
• NODE-6377: remove noResponse option (#4724)
• NODE-6473: remove MONGODB-CR auth (#4717)
• NODE-5994: Remove metadata-related properties from public driver API (#4716)
• NODE-7016: remove beta namespace and move resource management into driver (#4719)
• NODE-4184: don't throw on aggregate with write concern and explain (#4718)
• NODE-7043, NODE-7217: adopt mongodb-client-encryption v7 (#4705)
• NODE-6065: throw MongoRuntimeError instead of MissingDependencyError in crypto connection (#4711)
• NODE-6584: improve typing for filepaths in AutoEncryptionOptions (#4341)
• NODE-6334: rename PoolRequstedRetry to PoolRequestedRetry (#4696)
• NODE-7174: drop support for Node16 and Node18 (#4668)
• NODE-7047: use custom credential provider first after URI (#4656)
• NODE-6988: require aws sdk for aws auth (#4659)

Features

• bump bson to 7.0.0-alpha.2 (#4756) (9b34953)
• NODE-4184: don't throw on aggregate with write concern and explain (#4718) (88e02a4)
• NODE-4243: drop collection checks ns not found (#4742) (a8d7c5f)
• NODE-4808: remove support for stream() transform on cursors and change streams (#4728) (1702987)
• NODE-5510: dont filter change stream options (#4723) (a2daf76)
• NODE-5545: remove deprecated objects (#4704) (cfbada6)
• NODE-5994: Remove metadata-related properties from public driver API (#4716) (b59c5ce)
• NODE-6065: throw MongoRuntimeError instead of MissingDependencyError in crypto connection (#4711) (ff229fa)
• NODE-6296: remove cursor default batch size of 1000 (#4729) (f8a855f)
• NODE-6334: rename PoolRequstedRetry to PoolRequestedRetry (#4696) (84db848)
• NODE-6377: remove noResponse option (#4724) (9e9059a)
• NODE-6473: remove MONGODB-CR auth (#4717) (9a1bc65)
• NODE-6584: improve typing for filepaths in AutoEncryptionOptions (#4341) (dab4c7c)
• NODE-6988: require aws sdk for aws auth (#4659) (b7c6750)
• NODE-7016: remove beta namespace and move resource management into driver (#4719) (fb2824f)
• NODE-7043, NODE-7217: adopt mongodb-client-encryption v7 (#4705) (3f7196e)
• NODE-7046: remove AWS uri/options support (#4689) (d14ac3f)
• NODE-7047: use custom credential provider first after URI (#4656) (2a47bbb)
• NODE-7150: update peer dependency matrix for 3rd party peer deps (#4720) (0451dae)
• NODE-7174: drop support for Node16 and Node18 (#4668) (a576b7d)
• NODE-7223: run checkout on connect regardless of credentials (#4715) (c5f74ab)
• NODE-7259: use alphas of all supporting packages (#4746) (e1ea14c)
• NODE-7260: update bson alpha to latest (#4748) (4e88559)

... (truncated)

Commits

• 2512137 chore(main): release 7.0.0 (#4667)
• e4881f5 docs(NODE-7172): create v7 migration guide (#4751)
• 53a4fb1 docs: 6.21 docs (#4782)
• 696664c feat!(NODE-7286): update peer dependencies (#4780)
• 517da84 docs: add info about testing with different versions and the rosetta setup fo...
• 252dab8 test(NODE-7219): remove unused tests (#4767)
• 76c98bb test(NODE-5206): fix flaky sdam prose test (#4752)
• cb522bf fix(NODE-7247): clarify #rewrapManyDataKey() parameter types (#4760)
• ec996e6 chore(NODE-6945): remove dependency on v8-heapsnapshot (#4763)
• 7d879fd test(NODE-7280): remove test/mongodb.ts and its usage (#4766)
• Additional commits viewable in compare view

Updates @types/express from 5.0.4 to 5.0.5

Commits

• See full diff in compare view

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates rimraf from 6.0.1 to 6.1.0

Changelog

Sourced from rimraf's changelog.

6.1

• Move to native fs/promises usage instead of promisifying manually.

6.0

• Drop support for nodes before v20
• Add --version to CLI

5.0

• No default export, only named exports

4.4

• Provide Dirent or Stats object as second argument to filter

4.3

• Return boolean indicating whether the path was fully removed
• Add filter option
• bin: add --verbose, -v to print files as they are deleted
• bin: add --no-verbose, -V to not print files as they are deleted
• bin: add -i --interactive to be prompted on each deletion
• bin: add -I --no-interactive to not be prompted on each deletion
• 4.3.1 Fixed inappropriately following symbolic links to directories

v4.2

• Brought back glob support, using the new and improved glob v9

v4.1

• Improved hybrid module with no need to look at the .default dangly bit. .default preserved as a reference to rimraf for compatibility with anyone who came to rely on it in v4.0.
• Accept and ignore -rf and -fr arguments to the bin.

v4.0

• Remove glob dependency entirely. This library now only accepts actual file and folder names to delete.
• Accept array of paths or single path.
• Windows performance and reliability improved.
• All strategies separated into explicitly exported methods.
• Drop support for Node.js below version 14
• rewrite in TypeScript

... (truncated)

Commits

• 18dc77a 6.1.0
• 2bd2e62 changelog 6.1
• 19311cf refactor: switch to native fs.promises
• 0c437d4 Create separate dir for integration tests
• 65a3b8a Do not pass unnecessary rest args to fs functions
• 02b31b7 Use the same ignoreENOENT and fixEPERM utils everywhere
• c012f4f Mock process.platform with t.intercept
• c72278a Use tap.intercept to test bin
• 549d1e8 Configure tap coverage-map
• a76970b benchmark: add options to filter and compare benchmarks
• Additional commits viewable in compare view

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates react-router from 7.9.4 to 7.9.5

Release notes

Sourced from react-router's releases.

v7.9.5

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795

Changelog

Sourced from react-router's changelog.

7.9.5

Patch Changes

• Move RSCHydratedRouter and utils to /dom export. (#14457)

• useRoute: return type-safe handle (#14462)

  For example:

  // app/routes/admin.tsx
  const handle = { hello: "world" };

  // app/routes/some-other-route.tsx
  export default function Component() {
    const admin = useRoute("routes/admin");
    if (!admin) throw new Error("Not nested within 'routes/admin'");
    console.log(admin.handle);
    //                ^? { hello: string }
  }

• Ensure action handlers run for routes with middleware even if no loader is present (#14443)

• Add unstable_instrumentations API to allow users to add observablity to their apps by instrumenting route loaders, actions, middlewares, lazy, as well as server-side request handlers and client side navigations/fetches (#14412)

  • Framework Mode:
    • entry.server.tsx: export const unstable_instrumentations = [...]
    • entry.client.tsx: <HydratedRouter unstable_instrumentations={[...]} />
  • Data Mode
    • createBrowserRouter(routes, { unstable_instrumentations: [...] })

  This also adds a new unstable_pattern parameter to loaders/actions/middleware which contains the un-interpolated route pattern (i.e., /blog/:slug) which is useful for aggregating performance metrics by route

Commits

• a191812 chore: Update version for release (#14485)
• 74bef78 chore: Update version for release (pre) (#14469)
• c0577e4 Merge branch 'main' into release-next
• 0163df4 fix(react-router): run action handlers for routes with middleware even if no ...
• c84016b Minor updates for instrumentations (#14467)
• adadca5 Add unstable_instrumentations API (#14412)
• dea842d fix: move RSCHydratedRouter and utils to /dom export (#14457)
• 1d1b188 useRoute: return type-safe handle (#14462)
• 3e3a223 docs: fix references (#14441)
• 158847e fix: Fix invalid markdown link for createHashRouter (#14434)
• Additional commits viewable in compare view

Updates react-router-dom from 7.9.4 to 7.9.5

Release notes

Sourced from react-router-dom's releases.

react-router-dom-v5-compat@6.4.0-pre.15

Patch Changes

• Updated dependencies
  • react-router@6.4.0-pre.15
  • react-router-dom@6.4.0-pre.15

react-router-dom-v5-compat@6.4.0-pre.11

Patch Changes

• Updated dependencies
  • react-router@6.4.0-pre.11
  • react-router-dom@6.4.0-pre.11

Changelog

Sourced from react-router-dom's changelog.

7.9.5

Patch Changes

• Updated dependencies:
  • react-router@7.9.5

Commits

• a191812 chore: Update version for release (#14485)
• 74bef78 chore: Update version for release (pre) (#14469)
• See full diff in compare view

Updates vite from 7.1.12 to 7.2.2

Release notes

Sourced from vite's releases.

v7.2.2

Please refer to CHANGELOG.md for details.

plugin-legacy@7.2.1

Please refer to CHANGELOG.md for details.

v7.2.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.2.0

Please refer to CHANGELOG.md for details.

v7.2.0

Please refer to CHANGELOG.md for details.

v7.2.0-beta.1

Please refer to CHANGELOG.md for details.

v7.2.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.2.2 (2025-11-07)

Bug Fixes

• revert "refactor: use fs.cpSync (#21019)" (#21081) (728c8ee)

7.2.1 (2025-11-06)

Bug Fixes

• worker: some worker asset was missing (#21074) (82d2d6c)

Code Refactoring

• build: rename indexOfMatchInSlice to findPreloadMarker (#21054) (f83264f)

7.2.0 (2025-11-05)

Bug Fixes

• css: fallback to sass when sass-embedded platform binary is missing (#21002) (b1fd616)
• module-runner: make getBuiltins response JSON serializable (#21029) (ad5b3bf)
• types: add undefined to optional properties for exactOptionalProperties type compatibility (#21040) (2833c55)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#21047) (e3a6a83)

7.2.0-beta.1 (2025-10-29)

Bug Fixes

• increase stream reset rate limit for HTTP2 (#21024) (4f44f22)
• optimizer: externalize virtual modules for html like files (#21001) (e5af352)

Documentation

• clarify the values are escaped automatically (#21017) (246df13)

Code Refactoring

• use fs.cpSync (#21019) (a2df778)

7.2.0-beta.0 (2025-10-28)

Features

• add import.meta.resolve support for ESM config (bundle config loader) (#20962) (f86789a)
• add perEnvironmentWatchChangeDuringDev (#20996) (a5e98e6)
• add vite client connect events (#20978) (543d87c)
• build: emit license (#18546) (b42c3fb)
• dev: support HTTP2 even if proxy feature is used (#20869) (fc21af7)
• lib: enable minification but keep pure annotations for es output with terser (#20522) (df997d0)
• optimizer: add rush lockfile support (#20833) (718ca2d)
• utils: support multiple certificates in resolveServerUrls (#20707) (24513e5)

... (truncated)

Commits

• 572aaca release: v7.2.2
• 728c8ee fix: revert "refactor: use fs.cpSync (#21019)" (#21081)
• a532e68 release: v7.2.1
• 82d2d6c fix(worker): some worker asset was missing (#21074)
• f83264f refactor(build): rename indexOfMatchInSlice to findPreloadMarker (#21054)
• 8293de0 release: v7.2.0
• 2833c55 fix(types): add undefined to optional properties for exactOptionalProperties ...
• e3a6a83 chore(deps): update rolldown-related dependencies (#21047)
• b1fd616 fix(css): fallback to sass when sass-embedded platform binary is missing (#21...
• ad5b3bf fix(module-runner): make getBuiltins response JSON serializable (#21029)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.