build(deps): bump the minorandpatch group across 1 directory with 8 updates

[dependabot]

Bumps the minorandpatch group with 8 updates in the /website directory:

Package	From	To
mongodb	6.10.0	6.13.0
zod	3.23.8	3.24.1
@types/node	22.9.0	22.13.1
@vitejs/plugin-react	4.3.3	4.3.4
eslint-plugin-prettier	5.2.1	5.2.3
postcss	8.4.49	8.5.1
prettier	3.3.3	3.5.0
typescript	5.6.3	5.7.3

Updates mongodb from 6.10.0 to 6.13.0

Release notes

Sourced from mongodb's releases.

v6.13.0

6.13.0 (2025-01-30)

The MongoDB Node.js team is pleased to announce version 6.13.0 of the mongodb package!

Release Notes

MongoDB Standardized Logging 📝

The driver's standardized logger is now available! The primary goal of our driver's logger is to enable insight into database operations without code changes so enabling and configuring the logger are primarily done through our environment variables.

TL;DR Show me the logs!

env MONGODB_LOG_ALL=debug node server.mjs

[!TIP] If you are a CLI app developer (or otherwise take great care of your std outputs): The client options constructor argument takes precedence over environment variables, permitting you to disable or otherwise customize the logger so your app does not automatically respond to the current environment.

🚀 Improved command monitoring performance

Previously, when command monitoring was enabled, the driver would make deep copies of command and reply objects, which have the potential to be very large documents. These copies have been eliminated, providing a speed and memory efficiency bump to command monitoring.

[!WARNING] Since we no longer make deep copies of commands/replies in Command Monitoring Events, directly modifying the command/reply objects on CommandStartedEvents and CommandSucceededEvents may lead to undefined behaviour.

🧪 Experimental AbortSignal support added to Find and Aggregate! 🚥

A signal argument can now be passed to the following APIs:

• collection.find() & collection.findOne()
• collection.aggregate() & collection.countDocuments()

In order to support field level encryption properly, also:

• db.listCollections()
• db.command()

When aborted, the signal will interrupt the execution of each of each of these APIs. For the cursor-based APIs, this will be observed when attempting to consume from the cursor via toArray(), next(), for-await, etc.

There is a known limitation: aborting a signal closes a perfectly healthy connection which can cause unnecessary connection reestablishment so we're releasing this as experimental for evaluation in use cases that can tolerate the shortcoming.

DNS SRV & TXT look up timeouts are retried

To mitigate the potentially transient DNS timeout error, the driver now catches and retries the DNS lookups upon resolving a mongodb+srv:// style connection string.

MongoClient.close now closes any outstanding cursors

... (truncated)

Changelog

Sourced from mongodb's changelog.

6.13.0 (2025-01-30)

Features

• NODE-5672: support standardized logging (#4387) (d1b2453)
• NODE-6258: add signal support to find and aggregate (#4364) (73def18)
• NODE-6451: retry SRV and TXT lookup for DNS timeout errors (#4375) (fd902d3)
• NODE-6633: MongoClient.close closes active cursors (#4372) (654069f)

Bug Fixes

• NODE-5225: concurrent MongoClient.close() calls each attempt to close the client (#4376) (9419af7)
• NODE-6340: OIDC reauth uses caches speculative auth result (#4379) (8b2b7fd)

Performance Improvements

• NODE-6452: Optimize CommandStartedEvent and CommandSucceededEvent constructors (#4371) (41b066b)
• NODE-6616: shortcircuit logging ejson.stringify (#4377) (c1bcf0d)

6.12.0 (2024-12-10)

Features

• NODE-6593: add support for [email protected] (#4346) (ea8a33f)
• NODE-6605: add error message when invalidating primary (#4340) (37613f1)

Bug Fixes

• NODE-6583: upgrade to BSON v6.10.1 to remove internal unbounded type cache (#4338) (249c279)
• NODE-6600: set object mode correctly for message chunking in SizedMessageTransform (#4345) (5558573)
• NODE-6602: only wrap errors from SOCKS in network errors (#4347) (ed83f36)

6.11.0 (2024-11-22)

Features

• NODE-5682: set maxTimeMS on commands and preempt I/O (#4174) (e4e6a5e)
• NODE-5844: add iscryptd to ServerDescription (#4239) (c39d443)
• NODE-6069: OIDC k8s machine workflow (#4270) (82c931c)
• NODE-6090: Implement CSOT logic for connection checkout and server selection (bd8a9f4)
• NODE-6231: Add CSOT behaviour for retryable reads and writes (#4186) (2ffd5eb)
• NODE-6274: add CSOT support to bulkWrite (#4250) (c5a9ae5)
• NODE-6275: Add CSOT support to GridFS (#4246) (3cb8187)
• NODE-6304: add CSOT support for non-tailable cursors (#4195) (131f6ed)

... (truncated)

Commits

• 76f697f chore(main): release 6.13.0 [skip-ci] (#4374)
• d08480b ci(NODE-6686): deployed Atlas cluster tests use secrets manager (#4384)
• d1b2453 feat(NODE-5672): support standardized logging (#4387)
• 6b15f20 ci(NODE-6682, NODE-6684): deployed KMS tests and serverless tests use secrets...
• 9419af7 fix(NODE-5225): concurrent MongoClient.close() calls each attempt to close th...
• 8b2b7fd fix(NODE-6340): OIDC reauth uses caches speculative auth result (#4379)
• 907aac1 test(NODE-4955): sync unacknowledged write spec tests (#4380)
• 654069f feat(NODE-6633): MongoClient.close closes active cursors (#4372)
• 73def18 feat(NODE-6258): add signal support to find and aggregate (#4364)
• c1bcf0d perf(NODE-6616): shortcircuit logging ejson.stringify (#4377)
• Additional commits viewable in compare view

Updates zod from 3.23.8 to 3.24.1

Release notes

Sourced from zod's releases.

v3.24.1

Commits:

• 0c6cbbdd1315683dd3d589fbdc5765c26431dcc9 Undeprecate .nonempty()
• 4e219d6ad9d5e56e20afd7423092f506400a29e4 Bump min TS version to 5.0
• 65adeeacef0274abbda5438470a3d2bfd376256d v3.24.1

v3.24.0

Implement @standard-schema/spec

This is the first version of Zod to implement the Standard Schema spec. This is a new community effort among several validation library authors to implement a common interface, with the goal of simplifying the process of integrating schema validators with the rest of the ecosystem. Read more about the project and goals here.

z.string().jwt()

Thanks to @​Mokshit06 and @​Cognition-Labs for this contribution!

To verify that a string is a valid 3-part JWT.

z.string().jwt();

⚠️ This does not verify your JWT cryptographically! It merely ensures its in the proper format. Use a library like jsonwebtoken to verify the JWT signature, parse the token, and read the claims.

To constrain the JWT to a specific algorithm:

z.string().jwt({ alg: "RS256" });

z.string().base64url()

Thank you to @​marvinruder!

To complement the JWT validation, Zod 3.24 implements a standalone .base64url() string validation API. (The three elements of JWTs are base64url-encoded JSON strings.)

z.string().base64url()

This functionality is available along the standard z.string().base64() validator added in Zod 3.23.

z.string().cidr()

Thanks to @​wataryooou for their work on this!

A validator for CIDR notation for specifying IP address ranges, e.g. 192.24.12.0/22.

... (truncated)

Commits

• 65adeea v3.24.1
• 4e219d6 Bump min TS version to 5.0
• 0c6cbbd Undeprecate .nonempty()
• b333f96 Fix deno tests
• 964d622 Fix lint
• b68c05f feat: Add JWT string validator (#3893)
• c1dd537 Adds frrm package to documentation (#3818)
• 69a1798 Implement Standard Schema spec (#3850)
• 963386d Fix lint
• 3755146 Remove createParams cascade from .array() (#3530)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by colinhacks, a new releaser for zod since your current version.

Updates @types/node from 22.9.0 to 22.13.1

Commits

• See full diff in compare view

Updates @vitejs/plugin-react from 4.3.3 to 4.3.4

Release notes

Sourced from @​vitejs/plugin-react's releases.

v4.3.4

Add Vite 6 to peerDependencies range

Vite 6 is highly backward compatible, not much to add!

Force Babel to output spec compliant import attributes #386

The default was an old spec (with type: "json"). We now enforce spec compliant (with { type: "json" })

Changelog

Sourced from @​vitejs/plugin-react's changelog.

4.3.4 (2024-11-26)

Add Vite 6 to peerDependencies range

Vite 6 is highly backward compatible, not much to add!

Force Babel to output spec compliant import attributes #386

The default was an old spec (with type: "json"). We now enforce spec compliant (with { type: "json" })

Commits

• 2e368a6 release: [email protected]
• bde1ad6 feat: add Vite 6 to peerDependencies range (#390)
• 45a727c fix(deps): update all non-major dependencies (#373)
• 5d2b6c6 fix: force non-legacy import attributes babel output (#386)
• See full diff in compare view

Updates eslint-plugin-prettier from 5.2.1 to 5.2.3

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.2.3

Patch Changes

• #703 9c6141f Thanks @​BPScott! - Add name field to recommended flat config

v5.2.2

Patch Changes

• #700 aa5b59f Thanks @​ntnyq! - fix: report node when loc not found

What's Changed

• docs(README): fixes legacy ESlint configs link by @​2KAbhishek in prettier/eslint-plugin-prettier#686
• fix: report node when loc not found by @​ntnyq in prettier/eslint-plugin-prettier#700

New Contributors

• @​2KAbhishek made their first contribution in prettier/eslint-plugin-prettier#686
• @​ntnyq made their first contribution in prettier/eslint-plugin-prettier#700

Full Changelog: prettier/eslint-plugin-prettier@v5.2.1...v5.2.2

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.2.3

Patch Changes

• #703 9c6141f Thanks @​BPScott! - Add name field to recommended flat config

5.2.2

Patch Changes

• #700 aa5b59f Thanks @​ntnyq! - fix: report node when loc not found

Commits

• 6fd7ba1 chore: release eslint-plugin-prettier (#704)
• 190d6f9 build(deps): Bump synckit from 0.9.1 to 0.9.2 (#705)
• 9cf6a01 build(deps-dev): Bump svelte from 4.2.8 to 4.2.19 (#677)
• 9c6141f chore: add plugin name to flat recommended config (#703)
• 35a5cd0 chore: bupm eslint-plugin-comments (#702)
• df123a5 chore: release eslint-plugin-prettier (#701)
• e272d7c chore: use double quote for changesets/changelog files
• aa5b59f fix: report node when loc not found (#700)
• 37d87ea chore: update FUNDING.yml
• b307125 docs(README): fixes legacy ESlint configs link (#686)
• Additional commits viewable in compare view

Updates postcss from 8.4.49 to 8.5.1

Release notes

Sourced from postcss's releases.

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

• Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
• Direct donations at GitHub Sponsors or Open Collective.

Changelog

Sourced from postcss's changelog.

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

Commits

• 7b02c75 Release 8.5.1 version
• 4c15339 Update dependencies
• 7efe91e Improve backwards compat for Input#document (#2000)
• 6873270 Release 8.5 version
• 4223bb9 Fix 80 columns limit
• 80e2401 Add Input#document (#1996)
• 6f86879 Update dependencies
• 85cbbec Fix pnpm version on CI
• 76caa57 Update dependencies
• 46ff246 Move to pnpm 10
• Additional commits viewable in compare view

Updates prettier from 3.3.3 to 3.5.0

Release notes

Sourced from prettier's releases.

3.5.0

diff

🔗 Release note

3.4.2

🔗 Changelog

3.4.1

🔗 Changelog

3.4.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.5.0

diff

🔗 Release Notes

3.4.2

diff

Treat U+30A0 & U+30FB in Katakana Block as CJK (#16796 by @​tats-u)

Prettier doesn't treat U+30A0 & U+30FB as Japanese. U+30FB is commonly used in Japanese to represent the delimitation of first and last names of non-Japanese people or “and”. The following “C言語・C++・Go・Rust” means “C language & C++ & Go & Rust” in Japanese.

<!-- Input (--prose-wrap=never) -->
C言
語
・
C++
・
Go
・
Rust
<!-- Prettier 3.4.1 -->
C言語・ C++ ・ Go ・ Rust
<!-- Prettier 3.4.2 -->
C言語・C++・Go・Rust

U+30A0 can be used as the replacement of the - in non-Japanese names (e.g. “Saint-Saëns” (Charles Camille Saint-Saëns) can be represented as “サン゠サーンス” in Japanese), but substituted by ASCII hyphen (U+002D) or U+FF1D (full width hyphen) in many cases (e.g. “サン=サーンス” or “サン＝サーンス”).

Fix comments print on class methods with decorators (#16891 by @​fisker)

// Input
class A {
  @decorator
  /** 
   * The method description
   *
  */
  async method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
</tr></table> 

... (truncated)

Commits

• 7584432 Release 3.5.0
• 4797054 Remove blog post
• 5ed5dc0 Fix a link in changelog (#17088)
• d8c21c5 Fix tag notation in changelog (#17087)
• 0fcd5db Separate license and third-party licenses (#17073)
• 0c2b4bb chore(deps): update babel to v7.26.8 (#17084)
• e3a5595 chore(deps): update babel to v7.26.8 (#17083)
• 4a5ad1f Add disable_search to codecov/codecov-action (#17082)
• b997ce3 chore(deps): update dependency @​glimmer/syntax to v0.94.3 (#17080)
• 7a6273b chore(deps): update dependency esbuild to v0.25.0 (#17081)
• Additional commits viewable in compare view

Updates typescript from 5.6.3 to 5.7.3

Release notes

Sourced from typescript's releases.

TypeScript 5.7.3

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.7.0 (Beta).
• fixed issues query for Typescript 5.7.1 (RC).
• fixed issues query for Typescript 5.7.2 (Stable).
• fixed issues query for Typescript 5.7.3 (Stable).

Downloads are available on npm

TypeScript 5.7

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.7.0 (Beta).
• fixed issues query for Typescript 5.7.1 (RC).
• fixed issues query for Typescript 5.7.2 (Stable).

Downloads are available on:

• npm

TypeScript 5.7 RC

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.7.0 (Beta).
• fixed issues query for Typescript 5.7.1 (RC).

Downloads are available on:

• npm

TypeScript 5.7 Beta

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.7.0 (Beta).

Downloads are available on:

• npm

Commits

• a5e123d Update LKG
• 8bc0204 🤖 Pick PR #60828 (Fix CodeQL configuration, releases) into release-5.7 (#60923)
• 7aa63df 🤖 Pick PR #60393 (Don't try to add an implicit undefi...) into release-5.7 (#...
• 9df7c36 Bump version to 5.7.3 and LKG
• e167412 🤖 Pick PR #60794 (Harden sanitizeLog against incorr...) into release-5.7 (#...
• 9ba364c Fix coverage build on release-5.7 (#60792)
• 4b7441a 🤖 Pick PR #60680 (Mark the inherited any-based index ...) into release-5.7 (#...
• e844dc3 Cherry-pick #60402, #60440, #60616 into release-5.7 (#60777)
• 21b02a1 🤖 Pick PR #60749 (Do not require import attribute on ...) into release-5.7 (#...
• b82fd16 🤖 Pick PR #60576 (Avoid incorrectly reusing assertion...) into release-5.7 (#...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #95.