npm(deps): bump the npm-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the npm-dependencies group with 6 updates in the / directory:

Package	From	To
express-rate-limit	7.5.0	7.5.1
mongoose	8.15.1	8.16.0
@eslint/js	9.28.0	9.29.0
jest	29.7.0	30.0.2
lint-staged	16.1.0	16.1.2
prettier	3.5.3	3.6.0

Updates express-rate-limit from 7.5.0 to 7.5.1

Release notes

Sourced from express-rate-limit's releases.

v7.5.1

You can view the changelog here.

Commits

• f228717 7.5.1
• aede183 7.5.1 changelog
• 62bfcae fix: type of DraftHeadersVersion (#506)
• e2d7fa0 docs: add note about ietf rate limit headers draft 9
• 2b84976 fix: allow using express v4.11+, since v5 is out of beta
• 89ab85a build(deps): bump tar-fs, @​babel/code-frame (#501)
• 60530e1 chore: fix lint issues
• 98bf0a3 build(deps): bump tar-fs (#499)
• 78f42a6 build(deps-dev): bump axios from 1.7.5 to 1.9.0 (#498)
• 6a6e699 Add unit test for resetKey method in MemoryStore (#496)
• Additional commits viewable in compare view

Updates mongoose from 8.15.1 to 8.16.0

Release notes

Sourced from mongoose's releases.

8.16.0 / 2025-06-16

• feat(model): add Model.createSearchIndexes() #15470 #15465
• feat: upgrade MongoDB driver -> 6.17.0 #15468 gmstavros

8.15.2 / 2025-06-12

• fix(document+schema): improve handling for setting paths underneath maps, including maps of maps #15477 #15461
• fix: report default paths in VersionError message because they can can cause VersionError #15464
• fix(updateValidators): ensure update validators only call validators underneath single nested paths once #15446 #15436
• fix: fix validation for deeply nested maps of subdocuments #15469 #15447 AbdelrahmanHafez
• fix(DocumentArray): correctly set parent if instantiated with schema from another Mongoose instance #15471 #15466
• types(model): use ProjectionType for Model.hydrate() #15447 #15443

Changelog

Sourced from mongoose's changelog.

8.16.0 / 2025-06-16

• feat(model): add Model.createSearchIndexes() #15470 #15465
• feat: upgrade MongoDB driver -> 6.17.0 #15468 gmstavros

8.15.2 / 2025-06-12

• fix(document+schema): improve handling for setting paths underneath maps, including maps of maps #15477 #15461
• fix: report default paths in VersionError message because they can can cause VersionError #15464
• fix(updateValidators): ensure update validators only call validators underneath single nested paths once #15446 #15436
• fix: fix validation for deeply nested maps of subdocuments #15469 #15447 AbdelrahmanHafez
• fix(DocumentArray): correctly set parent if instantiated with schema from another Mongoose instance #15471 #15466
• types(model): use ProjectionType for Model.hydrate() #15447 #15443

Commits

• f3ab650 Merge branch 'master' of github.com:Automattic/mongoose
• 82f9937 chore: release 8.16.0
• 5be3eec Merge pull request #15475 from Automattic/8.16
• 064cfe6 chore: release 8.15.2
• 0d18d6e Merge pull request #15477 from Automattic/vkarpov15/gh-15461
• 3c03ea8 Update test/schema.path.test.js
• c761e46 Update test/schema.path.test.js
• 923bacb test: add missing test files re: #15461
• b7d9eaa fix(document+schema): improve handling for setting paths underneath maps, inc...
• 8849eb3 Merge pull request #15474 from Automattic/vkarpov15/gh-15439
• Additional commits viewable in compare view

Updates @eslint/js from 9.28.0 to 9.29.0

Release notes

Sourced from @​eslint/js's releases.

v9.29.0

Features

• f686fcb feat: add ecmaVersion: 2026, parsing using and await using (#19832) (Milos Djermanovic)
• 19cdd22 feat: prune suppressions for non-existent files (#19825) (TKDev7)
• b3d720f feat: add ES2025 globals (#19835) (fisker Cheung)
• 677a283 feat: add auto-accessor fields support to class-methods-use-this (#19789) (sethamus)
• dbba058 feat: allow global type declaration in no-var (#19714) (Remco Haszing)
• 342bd29 feat: ignore type annotations in no-restricted-globals (#19781) (sethamus)
• 786bcd1 feat: add allowProperties option to no-restricted-properties (#19772) (sethamus)
• 05b66d0 feat: add sourceCode.isGlobalReference(node) method (#19695) (Nitin Kumar)

Bug Fixes

• 85c082c fix: explicit matching behavior with negated patterns and arrays (#19845) (Milos Djermanovic)
• 9bda4a9 fix: fix LintOptions.filterCodeBlock types (#19837) (ntnyq)
• 7ab77a2 fix: correct breaking deprecation of FlatConfig type (#19826) (Logicer)
• 1ba3318 fix: add language and dialects to no-use-before-define (#19808) (Francesco Trotta)

Documentation

• 00e3e6a docs: add support for custom name parameter to includeIgnoreFile (#19795) (루밀LuMir)
• 3aed075 docs: Update README (GitHub Actions Bot)
• a2f888d docs: enhance documentation with links and fix typos (#19761) (루밀LuMir)
• 53c3235 docs: update to clarify prompt usage (#19748) (Jennifer Davis)

Chores

• 5c114c9 chore: upgrade @​eslint/js@​9.29.0 (#19851) (Milos Djermanovic)
• acf2201 chore: package.json update for @​eslint/js release (Jenkins)
• a806994 refactor: Remove eslintrc from flat config functionality (#19833) (Nicholas C. Zakas)
• 152ed51 test: switch to flat config mode in code path analysis tests (#19824) (Milos Djermanovic)
• b647239 chore: Update first-party dependencies faster with Renovate (#19822) (Nicholas C. Zakas)
• 7abe42e refactor: SafeEmitter -> SourceCodeVisitor (#19708) (Nicholas C. Zakas)
• e392895 perf: improve time complexity of getLocFromIndex (#19782) (루밀LuMir)
• 0ed289c chore: remove accidentally committed file (#19807) (Francesco Trotta)

Changelog

Sourced from @​eslint/js's changelog.

v9.29.0 - June 13, 2025

• 5c114c9 chore: upgrade @​eslint/js@​9.29.0 (#19851) (Milos Djermanovic)
• acf2201 chore: package.json update for @​eslint/js release (Jenkins)
• f686fcb feat: add ecmaVersion: 2026, parsing using and await using (#19832) (Milos Djermanovic)
• 85c082c fix: explicit matching behavior with negated patterns and arrays (#19845) (Milos Djermanovic)
• 00e3e6a docs: add support for custom name parameter to includeIgnoreFile (#19795) (루밀LuMir)
• 9bda4a9 fix: fix LintOptions.filterCodeBlock types (#19837) (ntnyq)
• a806994 refactor: Remove eslintrc from flat config functionality (#19833) (Nicholas C. Zakas)
• 19cdd22 feat: prune suppressions for non-existent files (#19825) (TKDev7)
• b3d720f feat: add ES2025 globals (#19835) (fisker Cheung)
• 677a283 feat: add auto-accessor fields support to class-methods-use-this (#19789) (sethamus)
• 3aed075 docs: Update README (GitHub Actions Bot)
• 7ab77a2 fix: correct breaking deprecation of FlatConfig type (#19826) (Logicer)
• a2f888d docs: enhance documentation with links and fix typos (#19761) (루밀LuMir)
• dbba058 feat: allow global type declaration in no-var (#19714) (Remco Haszing)
• 152ed51 test: switch to flat config mode in code path analysis tests (#19824) (Milos Djermanovic)
• b647239 chore: Update first-party dependencies faster with Renovate (#19822) (Nicholas C. Zakas)
• 7abe42e refactor: SafeEmitter -> SourceCodeVisitor (#19708) (Nicholas C. Zakas)
• 342bd29 feat: ignore type annotations in no-restricted-globals (#19781) (sethamus)
• e392895 perf: improve time complexity of getLocFromIndex (#19782) (루밀LuMir)
• 1ba3318 fix: add language and dialects to no-use-before-define (#19808) (Francesco Trotta)
• 786bcd1 feat: add allowProperties option to no-restricted-properties (#19772) (sethamus)
• 05b66d0 feat: add sourceCode.isGlobalReference(node) method (#19695) (Nitin Kumar)
• 53c3235 docs: update to clarify prompt usage (#19748) (Jennifer Davis)
• 0ed289c chore: remove accidentally committed file (#19807) (Francesco Trotta)

Commits

• acf2201 chore: package.json update for @​eslint/js release
• See full diff in compare view

Updates jest from 29.7.0 to 30.0.2

Release notes

Sourced from jest's releases.

30.0.2

What's Changed

Fixes

• [jest-matcher-utils] Make 'deepCyclicCopyObject' safer by setting descriptors to a null-prototype object (#15689)
• [jest-util] Make garbage collection protection property writable (#15689)

Full Changelog: https://github.com/jestjs/jest/blob/main/CHANGELOG.md

Jest 30.0.1

What's Changed

Features

• [jest-resolver] Implement the defaultAsyncResolver (#15679)

Fixes

• [jest-resolver] Resolve builtin modules correctly (#15683)
• [jest-environment-node, jest-util] Avoid setting globals cleanup protection symbol when feature is off (#15684)

Chore & Maintenance

• [*] Remove and deprecate jest-repl package (#15673)
• [jest-resolver] Replace custom isBuiltinModule with node's isBuiltin (#15685)

New Contributors

• @​vovkasm made their first contribution in jestjs/jest#15687

Full Changelog: https://github.com/jestjs/jest/blob/main/CHANGELOG.md

Jest 30

Today we are happy to announce the release of Jest 30. This release features a substantial number of changes, fixes, and improvements. While it is one of the largest major releases of Jest ever, we admit that three years for a major release is too long. In the future, we are aiming to make more frequent major releases to keep Jest great for the next decade.

If you want to skip all the news and just get going, run npm install jest@^30.0.0 and follow the migration guide: Upgrading from Jest 29 to 30.

Read the full blog post

Features

• [*] Renamed globalsCleanupMode to globalsCleanup and --waitNextEventLoopTurnForUnhandledRejectionEvents to --waitForUnhandledRejections
• [expect] Add ArrayOf asymmetric matcher for validating array elements. (#15567)
• [babel-jest] Add option excludeJestPreset to allow opting out of babel-preset-jest (#15164)
• [expect] Revert #15038 to fix expect(fn).toHaveBeenCalledWith(expect.objectContaining(...)) when there are multiple calls (#15508)
• [jest-circus, jest-cli, jest-config] Add waitNextEventLoopTurnForUnhandledRejectionEvents flag to minimise performance impact of correct detection of unhandled promise rejections introduced in #14315 (#14681)
• [jest-circus] Add a waitBeforeRetry option to jest.retryTimes (#14738)
• [jest-circus] Add a retryImmediately option to jest.retryTimes (#14696)
• [jest-circus, jest-jasmine2] Allow setupFilesAfterEnv to export an async function (#10962)
• [jest-circus, jest-test-result] Add startedAt timestamp in TestCaseResultObject within onTestCaseResult (#15145)

... (truncated)

Changelog

Sourced from jest's changelog.

30.0.2

Fixes

• [jest-matcher-utils] Make 'deepCyclicCopyObject' safer by setting descriptors to a null-prototype object (#15689)
• [jest-util] Make garbage collection protection property writable (#15689)

30.0.1

Features

• [jest-resolver] Implement the defaultAsyncResolver (#15679)

Fixes

• [jest-resolver] Resolve builtin modules correctly (#15683)
• [jest-environment-node, jest-util] Avoid setting globals cleanup protection symbol when feature is off (#15684)

Chore & Maintenance

• [*] Remove and deprecate jest-repl package (#15673)
• [jest-resolver] Replace custom isBuiltinModule with node's isBuiltin (#15685)

30.0.0

Features

• [*] Renamed globalsCleanupMode to globalsCleanup and --waitNextEventLoopTurnForUnhandledRejectionEvents to --waitForUnhandledRejections
• [expect] Add ArrayOf asymmetric matcher for validating array elements. (#15567)
• [babel-jest] Add option excludeJestPreset to allow opting out of babel-preset-jest (#15164)
• [expect] Revert #15038 to fix expect(fn).toHaveBeenCalledWith(expect.objectContaining(...)) when there are multiple calls (#15508)
• [jest-circus, jest-cli, jest-config] Add waitNextEventLoopTurnForUnhandledRejectionEvents flag to minimise performance impact of correct detection of unhandled promise rejections introduced in #14315 (#14681)
• [jest-circus] Add a waitBeforeRetry option to jest.retryTimes (#14738)
• [jest-circus] Add a retryImmediately option to jest.retryTimes (#14696)
• [jest-circus, jest-jasmine2] Allow setupFilesAfterEnv to export an async function (#10962)
• [jest-circus, jest-test-result] Add startedAt timestamp in TestCaseResultObject within onTestCaseResult (#15145)
• [jest-cli] Export buildArgv (#15310)
• [jest-config] [BREAKING] Add mts and cts to default moduleFileExtensions config (#14369)
• [jest-config] [BREAKING] Update testMatch and testRegex default option for supporting mjs, cjs, mts, and cts (#14584)
• [jest-config] Loads config file from provided path in package.json (#14044)
• [jest-config] Allow loading jest.config.cts files (#14070)
• [jest-config] Show rootDir in error message when a preset fails to load (#15194)
• [jest-config] Support loading TS config files using esbuild-register via docblock loader (#15190)
• [jest-config] Allow passing TS config loader options via docblock comment (#15234)
• [jest-config] If Node is running with type stripping enabled, do not require a TS loader (#15480)
• [@jest/core] Group together open handles with the same stack trace (#13417, & #14789)
• [@jest/core] Add perfStats to surface test setup overhead (#14622)
• [@jest/core] [BREAKING] Changed --filter to accept an object with shape { filtered: Array<string> } to match documentation (#13319)
• [@jest/core] Support --outputFile option for --listTests (#14980)
• [@jest/core] Stringify Errors properly with --json flag (#15329)

... (truncated)

Commits

• 393acbf v30.0.2
• 5ce865b v30.0.1
• 469f665 v30.0.0
• ce14203 v30.0.0-rc.1
• 0ab14ba v30.0.0-beta.9
• ac334c0 v30.0.0-beta.8
• 7c799e5 v30.0.0-beta.7
• 4f96449 v30.0.0-beta.6
• 286dc4a v30.0.0-beta.5
• 76632c6 chore: drop node 23 (#15640)
• Additional commits viewable in compare view

Updates lint-staged from 16.1.0 to 16.1.2

Release notes

Sourced from lint-staged's releases.

v16.1.2

Patch Changes

• #1570 a7c0c88 Thanks @​ItsNickBarry! - When using --diff-filter with the D option to include deleted staged files, lint-staged no longer tries to stage the deleted files, unless they're no longer deleted. Previously this caused an error from git add like fatal: pathspec 'deleted-file' did not match any files.

• 38f942e Thanks @​iiroj! - Removed an extraneous log entry that printed shouldHidePArtiallyStagedFiles to console output.

v16.1.1

Patch Changes

• #1565 3686977 Thanks @​iiroj! - Lint-staged now explicitly warns about potential data loss when using --no-stash.

• #1571 02299a9 Thanks @​iiroj! - Function tasks (introduced in v16.0.0) only receive the staged files matching the configured glob, instead of all staged files.

• #1563 bc61c74 Thanks @​iiroj! - This version fixes incorrect behavior where unstaged changes were committed when using the --no-stash option. This happened because --no-stash implied --no-hide-partially-staged, meaning unstaged changes to files which also had other staged changes were added to the commit by lint-staged; this is no longer the case.

  The previous (incorrect) behavior can still be achieved by using both options --no-stash --no-hide-partially-staged at the same time.

Changelog

Sourced from lint-staged's changelog.

16.1.2

Patch Changes

• #1570 a7c0c88 Thanks @​ItsNickBarry! - When using --diff-filter with the D option to include deleted staged files, lint-staged no longer tries to stage the deleted files, unless they're no longer deleted. Previously this caused an error from git add like fatal: pathspec 'deleted-file' did not match any files.

• 38f942e Thanks @​iiroj! - Removed an extraneous log entry that printed shouldHidePArtiallyStagedFiles to console output.

16.1.1

Patch Changes

• #1565 3686977 Thanks @​iiroj! - Lint-staged now explicitly warns about potential data loss when using --no-stash.

• #1571 02299a9 Thanks @​iiroj! - Function tasks (introduced in v16.0.0) only receive the staged files matching the configured glob, instead of all staged files.

• #1563 bc61c74 Thanks @​iiroj! - This version fixes incorrect behavior where unstaged changes were committed when using the --no-stash option. This happened because --no-stash implied --no-hide-partially-staged, meaning unstaged changes to files which also had other staged changes were added to the commit by lint-staged; this is no longer the case.

  The previous (incorrect) behavior can still be achieved by using both options --no-stash --no-hide-partially-staged at the same time.

Commits

• 0c48e29 chore(changeset): release
• e07227e perf: call rev-parse only once instead of three times when resolving git repo
• 38f942e fix: remove extra log entry
• 5031a71 perf: further optimize file chunking
• 6ec38b9 perf: optimize file list length calculation (#1581)
• a7c0c88 fix: only stage changes to deleted files if they're no longer deleted after r...
• ccd5edd test: pass --no-error-on-unmatched-pattern to prettier command in --diff-opti...
• 48a6e95 test: add failing test for staged deleted files not passed directly to tasks ...
• b56b29e test: add failing test for staged deleted files with diff filter D
• 8420429 chore(changeset): release
• Additional commits viewable in compare view

Updates prettier from 3.5.3 to 3.6.0

Release notes

Sourced from prettier's releases.

3.6.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.6.0

diff

🔗 Release Notes

Commits

• e1c8095 Release 3.6.0
• 9dfcdcb Disable "Linting files" step
• 64e0147 get previous version from package.json
• 1a32b27 Release @​prettier/plugin-oxc and @​prettier/plugin-hermes
• e0055d2 Avoid break TSImportType with long module name (#17637)
• c19a8a9 chore(deps): update dependency @​stylistic/eslint-plugin to v5 (#17640)
• b4522b4 Add badge to plugins (#17639)
• 16c2d2e chore(deps): update dependency concurrently to v9.2.0 (#17638)
• 42d733b Improve .prettierignore file (#17632)
• 25e2145 Add test for #11526 (#17551)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.