npm(deps): bump the npm-dependencies group with 5 updates

[dependabot]

Bumps the npm-dependencies group with 5 updates:

Package	From	To
mongoose	8.14.2	8.15.0
yaml	2.7.1	2.8.0
@eslint/js	9.26.0	9.27.0
semver	7.7.1	7.7.2
supertest	7.1.0	7.1.1

Updates mongoose from 8.14.2 to 8.15.0

Release notes

Sourced from mongoose's releases.

8.15.0 / 2025-05-16

• feat: CSFLE support #15390 baileympearson
• feat: add strictFilter option to findOneAndUpdate (#14913) #15402 #14913 muazahmed-dev
• feat(error): set cause to MongoDB error reason on ServerSelection errors #15420 #15416
• fix(model): make bulkSave() rely on document.validateSync() to validate docs and skip bulkWrite casting #15415 #15410
• types: stricter projection typing with 1-level deep nesting #15418 #15327 #13840 pshaddel
• docs: emphasize automatic type inference in TypeScript intro and statics/methods, remove duplicated statics.md #15421

8.14.3 / 2025-05-13

• types(schema): allow post('init') #15413 #15412 #15333
• types: fix signature of DocumentArray.id #15414 Sainan
• docs: fix typo - change 'prodecure' to 'procedure' #15419 0xEbrahim

Changelog

Sourced from mongoose's changelog.

8.15.0 / 2025-05-16

• feat: CSFLE support #15390 baileympearson
• feat: add strictFilter option to findOneAndUpdate (#14913) #15402 #14913 muazahmed-dev
• feat(error): set cause to MongoDB error reason on ServerSelection errors #15420 #15416
• fix(model): make bulkSave() rely on document.validateSync() to validate docs and skip bulkWrite casting #15415 #15410
• types: stricter projection typing with 1-level deep nesting #15418 #15327 #13840 pshaddel
• docs: emphasize automatic type inference in TypeScript intro and statics/methods, remove duplicated statics.md #15421

8.14.3 / 2025-05-13

• types(schema): allow post('init') #15413 #15412 #15333
• types: fix signature of DocumentArray.id #15414 Sainan
• docs: fix typo - change 'prodecure' to 'procedure' #15419 0xEbrahim

Commits

• 4c7bdaa chore: release 8.15.0
• 5cf74e0 Merge pull request #15426 from Automattic/8.15
• 33a22b5 Merge pull request #15418 from Automattic/vkarpov15/gh-15327
• 933c6b0 Merge pull request #15425 from redlizard/expr-boolean-literal
• 52d3655 replace with early return
• cf0a815 remove unnecessary code path
• 8699cd6 types: avoid including document methods like $assertPopulated ProjectionType
• 0e4da39 fix: Support $expr clauses with a boolean literal as an expression
• f6545db types: remove incorrect callback type signature for projection
• 7bb3864 Update types/index.d.ts
• Additional commits viewable in compare view

Updates yaml from 2.7.1 to 2.8.0

Release notes

Sourced from yaml's releases.

v2.8.0

• Add node cache for faster alias resolution (#612)
• Re-introduce compatibility with Node.js 14.6 (#614)
• Add --merge option to CLI tool (#611)
• Improve error for tag resolution error on null value (#616)
• Allow empty string as plain scalar representation, for failsafe schema (#616)
• docs: include cli example (#617)

Commits

• c000eb7 2.8.0
• 1e85fc8 style: Apply updated lint rules
• 02f7d5f chore: Refresh lockfile
• 389ca7c docs: include cli example (#617)
• 0f29ce6 feat: Add --merge option to CLI tool (#611)
• e00cab9 fix: Improve error for tag resolution error on null value (#616)
• 2a841cc fix: Allow empty string as plain scalar representation, for failsafe schema (...
• 55c5ef4 feat: Add node cache for faster alias resolution (#612)
• ab17552 Merge pull request #614 from eemeli/engines-compat
• b27c124 ci: Re-introduce tests for Node.js 14.6 and later
• Additional commits viewable in compare view

Updates @eslint/js from 9.26.0 to 9.27.0

Release notes

Sourced from @​eslint/js's releases.

v9.27.0

Features

• d71e37f feat: Allow flags to be set in ESLINT_FLAGS env variable (#19717) (Nicholas C. Zakas)
• ba456e0 feat: Externalize MCP server (#19699) (Nicholas C. Zakas)
• 07c1a7e feat: add allowRegexCharacters to no-useless-escape (#19705) (sethamus)
• 7bc6c71 feat: add no-unassigned-vars rule (#19618) (Jacob Bandes-Storch)
• ee40364 feat: convert no-array-constructor suggestions to autofixes (#19621) (sethamus)
• 32957cd feat: support TS syntax in max-params (#19557) (Nitin Kumar)

Bug Fixes

• 5687ce7 fix: correct mismatched removed rules (#19734) (루밀LuMir)
• dc5ed33 fix: correct types and tighten type definitions in SourceCode class (#19731) (루밀LuMir)
• de1b5de fix: correct service property name in Linter.ESLintParseResult type (#19713) (Francesco Trotta)
• 60c3e2c fix: sort keys in eslint-suppressions.json to avoid git churn (#19711) (Ron Waldon-Howe)
• 9da90ca fix: add allowReserved to Linter.ParserOptions type (#19710) (Francesco Trotta)
• fbb8be9 fix: add info to ESLint.DeprecatedRuleUse type (#19701) (Francesco Trotta)

Documentation

• 25de550 docs: Update description of frozen rules to mention TypeScript (#19736) (Nicholas C. Zakas)
• bd5def6 docs: Clean up configuration files docs (#19735) (Nicholas C. Zakas)
• 4d0c60d docs: Add Neovim to editor integrations (#19729) (Maria José Solano)
• 71317eb docs: Update README (GitHub Actions Bot)
• 4c289e6 docs: Update README (GitHub Actions Bot)
• f0f0d46 docs: clarify that unused suppressions cause non-zero exit code (#19698) (Milos Djermanovic)
• 8ed3273 docs: fix internal usages of ConfigData type (#19688) (Francesco Trotta)
• eb316a8 docs: add fmt and check sections to Package.json Conventions (#19686) (루밀LuMir)
• a3a2559 docs: fix wording in Combine Configs (#19685) (Milos Djermanovic)
• c8d17e1 docs: Update README (GitHub Actions Bot)

Chores

• f8f1560 chore: upgrade @​eslint/js@​9.27.0 (#19739) (Milos Djermanovic)
• ecaef73 chore: package.json update for @​eslint/js release (Jenkins)
• 596fdc6 chore: update dependency @​arethetypeswrong/cli to ^0.18.0 (#19732) (renovate[bot])
• f791da0 chore: remove unbalanced curly brace from .editorconfig (#19730) (Maria José Solano)
• e86edee refactor: Consolidate Config helpers (#19675) (Nicholas C. Zakas)
• cf36352 chore: remove shared types (#19718) (Francesco Trotta)
• f60f276 refactor: Easier RuleContext creation (#19709) (Nicholas C. Zakas)
• 58a171e chore: update dependency @​eslint/plugin-kit to ^0.3.1 (#19712) (renovate[bot])
• 3a075a2 chore: update dependency @​eslint/core to ^0.14.0 (#19715) (renovate[bot])
• 44bac9d ci: run tests in Node.js 24 (#19702) (Francesco Trotta)
• 35304dd chore: add missing funding field to packages (#19684) (루밀LuMir)
• f305beb test: mock process.emitWarning to prevent output disruption (#19687) (Francesco Trotta)

Changelog

Sourced from @​eslint/js's changelog.

v9.27.0 - May 16, 2025

• f8f1560 chore: upgrade @​eslint/js@​9.27.0 (#19739) (Milos Djermanovic)
• ecaef73 chore: package.json update for @​eslint/js release (Jenkins)
• 25de550 docs: Update description of frozen rules to mention TypeScript (#19736) (Nicholas C. Zakas)
• bd5def6 docs: Clean up configuration files docs (#19735) (Nicholas C. Zakas)
• d71e37f feat: Allow flags to be set in ESLINT_FLAGS env variable (#19717) (Nicholas C. Zakas)
• 5687ce7 fix: correct mismatched removed rules (#19734) (루밀LuMir)
• 596fdc6 chore: update dependency @​arethetypeswrong/cli to ^0.18.0 (#19732) (renovate[bot])
• ba456e0 feat: Externalize MCP server (#19699) (Nicholas C. Zakas)
• dc5ed33 fix: correct types and tighten type definitions in SourceCode class (#19731) (루밀LuMir)
• 4d0c60d docs: Add Neovim to editor integrations (#19729) (Maria José Solano)
• f791da0 chore: remove unbalanced curly brace from .editorconfig (#19730) (Maria José Solano)
• e86edee refactor: Consolidate Config helpers (#19675) (Nicholas C. Zakas)
• 07c1a7e feat: add allowRegexCharacters to no-useless-escape (#19705) (sethamus)
• cf36352 chore: remove shared types (#19718) (Francesco Trotta)
• f60f276 refactor: Easier RuleContext creation (#19709) (Nicholas C. Zakas)
• 71317eb docs: Update README (GitHub Actions Bot)
• de1b5de fix: correct service property name in Linter.ESLintParseResult type (#19713) (Francesco Trotta)
• 58a171e chore: update dependency @​eslint/plugin-kit to ^0.3.1 (#19712) (renovate[bot])
• 3a075a2 chore: update dependency @​eslint/core to ^0.14.0 (#19715) (renovate[bot])
• 60c3e2c fix: sort keys in eslint-suppressions.json to avoid git churn (#19711) (Ron Waldon-Howe)
• 4c289e6 docs: Update README (GitHub Actions Bot)
• 9da90ca fix: add allowReserved to Linter.ParserOptions type (#19710) (Francesco Trotta)
• 7bc6c71 feat: add no-unassigned-vars rule (#19618) (Jacob Bandes-Storch)
• ee40364 feat: convert no-array-constructor suggestions to autofixes (#19621) (sethamus)
• fbb8be9 fix: add info to ESLint.DeprecatedRuleUse type (#19701) (Francesco Trotta)
• f0f0d46 docs: clarify that unused suppressions cause non-zero exit code (#19698) (Milos Djermanovic)
• 44bac9d ci: run tests in Node.js 24 (#19702) (Francesco Trotta)
• 32957cd feat: support TS syntax in max-params (#19557) (Nitin Kumar)
• 35304dd chore: add missing funding field to packages (#19684) (루밀LuMir)
• 8ed3273 docs: fix internal usages of ConfigData type (#19688) (Francesco Trotta)
• f305beb test: mock process.emitWarning to prevent output disruption (#19687) (Francesco Trotta)
• eb316a8 docs: add fmt and check sections to Package.json Conventions (#19686) (루밀LuMir)
• a3a2559 docs: fix wording in Combine Configs (#19685) (Milos Djermanovic)
• c8d17e1 docs: Update README (GitHub Actions Bot)

Commits

• ecaef73 chore: package.json update for @​eslint/js release
• 7bc6c71 feat: add no-unassigned-vars rule (#19618)
• 35304dd chore: add missing funding field to packages (#19684)
• See full diff in compare view

Updates semver from 7.7.1 to 7.7.2

Release notes

Sourced from semver's releases.

v7.7.2

7.7.2 (2025-05-12)

Bug Fixes

• fcafb61 #780 add missing 'use strict' directives (#780) (@​Fdawgs)
• c99f336 #781 prerelease identifier starting with digits (#781) (@​mbtools)

Chores

• c760403 #784 template-oss-apply for workflow permissions (#784) (@​wraithgar)
• 2677f2a #778 bump @​npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@​dependabot[bot], @​npm-cli-bot)

Changelog

Sourced from semver's changelog.

7.7.2 (2025-05-12)

Bug Fixes

• fcafb61 #780 add missing 'use strict' directives (#780) (@​Fdawgs)
• c99f336 #781 prerelease identifier starting with digits (#781) (@​mbtools)

Chores

• c760403 #784 template-oss-apply for workflow permissions (#784) (@​wraithgar)
• 2677f2a #778 bump @​npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@​dependabot[bot], @​npm-cli-bot)

Commits

• 281055e chore: release 7.7.2 (#783)
• fcafb61 fix: add missing 'use strict' directives (#780)
• c760403 chore: template-oss-apply for workflow permissions (#784)
• c99f336 fix: prerelease identifier starting with digits (#781)
• 2677f2a chore: bump @​npmcli/template-oss from 4.23.6 to 4.24.3 (#778)
• 0b98655 chore: bump @​npmcli/template-oss from 4.23.4 to 4.23.6 (#760)
• See full diff in compare view

Updates supertest from 7.1.0 to 7.1.1

Release notes

Sourced from supertest's releases.

v7.1.1

• Merge pull request #858 from ByteOPCode/master f553845
• feat: update superagent version d37d197

forwardemail/supertest@v7.1.0...v7.1.1

Commits

• 200031e 7.1.1
• f553845 Merge pull request #858 from ByteOPCode/master
• d37d197 feat: update superagent version
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

[kjanat]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with master! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.