chore(deps): bump the major-deps-updates-main group across 1 directory with 5 updates

[dependabot]

Bumps the major-deps-updates-main group with 5 updates in the / directory:

Package	From	To
@octokit/rest	21.1.1	22.0.0
dotenv	16.5.0	17.2.0
node-fetch	2.7.0	3.3.2
zod	3.24.4	4.0.5
@types/node	22.15.17	24.0.13

Updates @octokit/rest from 21.1.1 to 22.0.0

Release notes

Sourced from @​octokit/rest's releases.

v22.0.0

22.0.0 (2025-05-25)

Bug Fixes

• deps: update octokit monorepo (major) (#504) (77530ab)

BREAKING CHANGES

• deps: Drop support for NodeJS v18
• deps: Remove deprecated Projects endpoints
• deps: Remove deprecated Copilot usage metrics endpoints

Commits

• 77530ab fix(deps): update octokit monorepo (major) (#504)
• d07b719 build(deps): Bump vite from 6.2.5 to 6.3.4 (#509)
• 61b76da build(deps-dev): Bump http-proxy-middleware from 2.0.7 to 2.0.9 (#505)
• 1710669 chore(deps): update dependency undici to v6.21.2 [security] (#513)
• 8ef1473 build(deps): Bump vite from 6.0.11 to 6.2.5 (#503)
• 1e8306b build(deps): Bump webpack-dev-middleware and gatsby in /docs (#497)
• 3db0595 build(deps): Bump send and express in /docs (#490)
• 27f09dd build(deps-dev): Bump webpack from 5.93.0 to 5.98.0 in /docs (#494)
• 005b147 chore(deps): update dependency prismjs to v1.30.0 [security] (#493)
• 3517730 chore(deps): update dependency semantic-release-plugin-update-version-in-file...
• See full diff in compare view

Updates dotenv from 16.5.0 to 17.2.0

Changelog

Sourced from dotenv's changelog.

17.2.0 (2025-07-09)

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

# .env
DOTENV_CONFIG_QUIET=true
HELLO="World"

// index.js
require('dotenv').config()
console.log(`Hello ${process.env.HELLO}`)

$ node index.js
Hello World
or
$ DOTENV_CONFIG_QUIET=true node index.js

17.1.0 (2025-07-07)

Added

• Add additional security and configuration tips to the runtime log (#884)
• Dim the tips text from the main injection information text

const TIPS = [
  '🔐 encrypt with dotenvx: https://dotenvx.com',
  '🔐 prevent committing .env to code: https://dotenvx.com/precommit',
  '🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
  '🛠️  run anywhere with `dotenvx run -- yourcommand`',
  '⚙️  specify custom .env file path with { path: \'/custom/path/.env\' }',
  '⚙️  enable debug logging with { debug: true }',
  '⚙️  override existing env vars with { override: true }',
  '⚙️  suppress all logs with { quiet: true }',
  '⚙️  write to custom object with { processEnv: myObject }',
  '⚙️  load multiple .env files with { path: [\'.env.local\', \'.env\'] }'
]

17.0.1 (2025-07-01)

... (truncated)

Commits

• 11acd9f 17.2.0
• 40e26e9 Merge pull request #889 from motdotla/env-quiet
• e99c367 clean up
• 281354e changelog 🪵
• d856497 smarter DOTENV_CONFIG_QUIET option that can read from source .env file
• 203c4e8 support passing DOTENV_CONFIG_QUIET=true (and other DOTENV_CONFIG options - s...
• 13bc310 17.1.0
• 0bc76fe add to test coverage
• a43eecf changelog 🪵
• 956638e adjust test
• Additional commits viewable in compare view

Updates node-fetch from 2.7.0 to 3.3.2

Release notes

Sourced from node-fetch's releases.

v3.3.2

3.3.2 (2023-07-25)

Bug Fixes

• Remove the default connection close header. (#1736) (8b3320d), closes #1735 #1473

v3.3.1

3.3.1 (2023-03-11)

Bug Fixes

• release "Allow URL class object as an argument for fetch()" #1696 (#1716) (7b86e94)

v3.3.0

3.3.0 (2022-11-10)

Features

• add static Response.json (#1670) (55a4870)

v3.2.10

3.2.10 (2022-07-31)

Bug Fixes

• ReDoS referrer (#1611) (2880238)

v3.2.9

3.2.9 (2022-07-18)

Bug Fixes

• Headers: don't forward secure headers on protocol change (#1599) (e87b093)

v3.2.8

3.2.8 (2022-07-12)

Bug Fixes

• possibly flaky test (#1523) (11b7033)

... (truncated)

Commits

• 8b3320d fix: Remove the default connection close header. (#1736)
• 7b86e94 fix: release "Allow URL class object as an argument for fetch()" #1696 (#1716)
• 8ced5b9 docs: readme - non ESM example (#1707)
• 71e376b ci(release): use latest Node LTS (#1697)
• e093030 Allow URL class object as an argument for fetch() (#1696)
• 55a4870 feat: add static Response.json (#1670)
• c071406 (1138) - Fixed HTTPResponseError with correct constructor and usage (#1666)
• 6f72caa docs: fix missing comma in example (#1623)
• 2880238 fix: ReDoS referrer (#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
• Additional commits viewable in compare view

Updates zod from 3.24.4 to 4.0.5

Release notes

Sourced from zod's releases.

v4.0.5

Commits:

• f91a73ec23f9ec28d908af2caa643a54088516c5 Support pipes in discriminated unions. Closes #4856 (#4861)
• 45afab0f846dffd591362b6f770017507eb185b5 4.0.5

v4.0.4

Commits:

• 9335f0543d6359f9236e3e33b78cc5b2788dbe0f Adds ZodFirstPartyTypeKind stub to fix module resolution failure inside zod-to-json-schema

v4.0.3

Commits:

• 5905a8d810eff6f4677e6aa9e557f92a676805cf Improve check-versions script
• f3e749b1b057a2cf0a0bce7e07abec4e0520e0f8 Remove global File interface
• 44a936cb77961e57a0988d8a3c63d9c71fce69ac 4.0.2
• 74006edd49e3fe8d74010090462859593c2bd1e2 Fix JSR provenance
• ff4af5e889d4ad7136a9cde7202b16261db5c83c 4.0.3
• ce573e8799f86e2f68307eba95c2d40fc92617b7 Update test badge
• 9a7161a976d6349f738c00cb6d6528c0407a65e8 Fix versions

v4.0.0

With this release, [email protected] has been published to npm. There were no code changes between 3.25.76 and 4.0.0!

Zod 4 has been stable for the past 6 weeks, but it was published inside [email protected] on npm. this transitionary window gave the ecosystem time to incrementally support for Zod 4 (without dropping support for Zod 3). As there is now near-universal support for Zod 4 in the ecosystem, ths time feels right to finally put a bow on things 🎀

To upgrade to Zod 4:

npm upgrade zod@^4.0.0

If you’ve already migrated to Zod 4 using the subpaths, there are no changes required. however you can optionally simplify your imports (recommended)

// after upgrading to [email protected]:
import * as z from "zod"; // Zod 4 (regular)
import * as z from "zod/mini" // Zod 4 Mini
// these still work, but are no longer needed
import * as z from "zod/v4";
import * as z from "zod/v4-mini":
// if you still need Zod 3
import * as z from "zod/v3"; // Zod 3

... (truncated)

Commits

• 45afab0 4.0.5
• f91a73e Support pipes in discriminated unions. Closes #4856 (#4861)
• 9335f05 4.0.4
• 4d6e266 improve changelog (#4860)
• 878775e Improve docs
• 9a7161a Fix versions
• ce573e8 Update test badge
• ff4af5e 4.0.3
• 74006ed Fix JSR provenance
• 44a936c 4.0.2
• Additional commits viewable in compare view

Updates @types/node from 22.15.17 to 24.0.13

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions