Bump the npm-minor-and-patch-updates group across 2 directories with 16 updates

[dependabot]

Bumps the npm-minor-and-patch-updates group with 16 updates in the / directory:

Package	From	To
@opentelemetry/auto-instrumentations-node	0.72.0	0.73.0
@opentelemetry/instrumentation-express	0.62.0	0.63.0
@opentelemetry/instrumentation-http	0.214.0	0.215.0
@opentelemetry/sdk-metrics	2.6.1	2.7.0
@opentelemetry/sdk-node	0.214.0	0.215.0
@opentelemetry/sdk-trace-node	2.6.1	2.7.0
ace-linters	2.1.2	2.1.4
dotenv	17.4.1	17.4.2
hmrc-frontend	7.7.0	7.10.0
mongoose	9.4.1	9.5.0
openai	6.33.0	6.34.0
@types/express-session	1.18.2	1.19.0
eslint	10.2.0	10.2.1
eslint-plugin-perfectionist	5.8.0	5.9.0
prettier	3.8.1	3.8.3
typescript-eslint	8.58.0	8.59.0

Bumps the npm-minor-and-patch-updates group with 2 updates in the /data/zip-download directory: hmrc-frontend and @types/express-session.

Updates @opentelemetry/auto-instrumentations-node from 0.72.0 to 0.73.0

Release notes

Sourced from @​opentelemetry/auto-instrumentations-node's releases.

auto-instrumentations-node: v0.73.0

0.73.0 (2026-04-17)

Features

• deps: update deps matching '@opentelemetry/*' (#3479) (8891261)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.69.0 to ^0.70.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.30.0 to ^0.31.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.31.0 to ^0.32.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-express bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.23.0 to ^0.24.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.67.0 to ^0.68.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-net bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.12.0 to ^0.13.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.39.0 to ^0.40.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-router bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.27.0 to ^0.28.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.24.0 to ^0.25.0

... (truncated)

Changelog

Sourced from @​opentelemetry/auto-instrumentations-node's changelog.

0.73.0 (2026-04-17)

Features

• deps: update deps matching '@opentelemetry/*' (#3479) (8891261)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.69.0 to ^0.70.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.30.0 to ^0.31.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.31.0 to ^0.32.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-express bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.23.0 to ^0.24.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.67.0 to ^0.68.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-net bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.12.0 to ^0.13.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.39.0 to ^0.40.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-router bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.27.0 to ^0.28.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.24.0 to ^0.25.0
    • @​opentelemetry/instrumentation-winston bumped from ^0.58.0 to ^0.59.0

... (truncated)

Commits

• bd017c8 chore: release main (#3451)
• 8891261 feat(deps): update deps matching '@opentelemetry/*' (#3479)
• 36a030c chore: switch to short license header (#3476)
• See full diff in compare view

Updates @opentelemetry/instrumentation-express from 0.62.0 to 0.63.0

Release notes

Sourced from @​opentelemetry/instrumentation-express's releases.

instrumentation-redis: v0.63.0

0.63.0 (2026-04-17)

Features

• deps: update deps matching '@opentelemetry/*' (#3479) (8891261)

Bug Fixes

• redis-common: expand redaction to include ACL, CONFIG, PSETEX, GETSET (#3472) (39193ca)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/redis-common bumped from ^0.38.2 to ^0.38.3
  • devDependencies
    • @​opentelemetry/contrib-test-utils bumped from ^0.61.0 to ^0.62.0

instrumentation-koa: v0.63.0

0.63.0 (2026-04-17)

Features

• deps: update deps matching '@opentelemetry/*' (#3479) (8891261)

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • @​opentelemetry/contrib-test-utils bumped from ^0.61.0 to ^0.62.0

instrumentation-ioredis: v0.63.0

0.63.0 (2026-04-17)

Features

• deps: update deps matching '@opentelemetry/*' (#3479) (8891261)

Bug Fixes

• redis-common: expand redaction to include ACL, CONFIG, PSETEX, GETSET (#3472) (39193ca)

... (truncated)

Changelog

Sourced from @​opentelemetry/instrumentation-express's changelog.

0.63.0 (2026-04-17)

Features

• deps: update deps matching '@opentelemetry/*' (#3479) (8891261)

Bug Fixes

• instrumentation-express: end span on close event rather than finish (#3462) (fb1f127)

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • @​opentelemetry/contrib-test-utils bumped from ^0.61.0 to ^0.62.0

Commits

• c7f4e6c chore: release main (#3107)
• 13c58e9 fix: force new release-please PR (#3098)
• 0994142 chore: release main (#3091)
• 4e49448 chore: lint CHANGELOG.md files a little more loosely (#3086)
• 53e7669 chore: add missing coverage flags (#3042)
• f54a1ba chore: release main (#3033)
• bee0a66 feat(deps): update deps matching '@opentelemetry/*' (#3034)
• 0a45ac1 chore: release main (#3011)
• fd9e262 feat(deps): update otel deps (#3027)
• 2300dc1 chore: improve test workflow and coverage reports (#2866)
• Additional commits viewable in compare view

Updates @opentelemetry/instrumentation-http from 0.214.0 to 0.215.0

Release notes

Sourced from @​opentelemetry/instrumentation-http's releases.

experimental/v0.215.0

0.215.0

💥 Breaking Changes

• feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
  • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
• feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

• feat(otlp-transformer): add custom protobuf logs serializer #6228 @​pichlermarc
• feat(otlp-transformer): add custom protobuf logs export response deserializer #6530 @​pichlermarc

🐛 Bug Fixes

• fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
• fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
• fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
• fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
• fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates @opentelemetry/sdk-metrics from 2.6.1 to 2.7.0

Release notes

Sourced from @​opentelemetry/sdk-metrics's releases.

v2.7.0

2.7.0

🚀 Features

• feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
• feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
• feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

• test(exporter-zipkin): fix broken browser test assertions and add missing coverage #6566 @​overbalance
• fix(sdk-metrics): repair ExponentialHistogram tests #6565 @​overbalance

Changelog

Sourced from @​opentelemetry/sdk-metrics's changelog.

2.7.0

🚀 Features

• feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
• feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
• feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

• test(exporter-zipkin): fix broken browser test assertions and add missing coverage #6566 @​overbalance
• fix(sdk-metrics): repair ExponentialHistogram tests #6565 @​overbalance

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates @opentelemetry/sdk-node from 0.214.0 to 0.215.0

Release notes

Sourced from @​opentelemetry/sdk-node's releases.

experimental/v0.215.0

0.215.0

💥 Breaking Changes

• feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
  • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
• feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

• feat(otlp-transformer): add custom protobuf logs serializer #6228 @​pichlermarc
• feat(otlp-transformer): add custom protobuf logs export response deserializer #6530 @​pichlermarc

🐛 Bug Fixes

• fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
• fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
• fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
• fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
• fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates @opentelemetry/sdk-trace-node from 2.6.1 to 2.7.0

Release notes

Sourced from @​opentelemetry/sdk-trace-node's releases.

v2.7.0

2.7.0

🚀 Features

• feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
• feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
• feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

• test(exporter-zipkin): fix broken browser test assertions and add missing coverage #6566 @​overbalance
• fix(sdk-metrics): repair ExponentialHistogram tests #6565 @​overbalance

Changelog

Sourced from @​opentelemetry/sdk-trace-node's changelog.

2.7.0

🚀 Features

• feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
• feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
• feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

• test(exporter-zipkin): fix broken browser test assertions and add missing coverage #6566 @​overbalance
• fix(sdk-metrics): repair ExponentialHistogram tests #6565 @​overbalance

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates ace-linters from 2.1.2 to 2.1.4

Commits

• See full diff in compare view

Updates dotenv from 17.4.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates hmrc-frontend from 7.7.0 to 7.10.0

Release notes

Sourced from hmrc-frontend's releases.

7.10.0

Release : hmrc-frontend 7.10.0

Last commit sha : b4dbda1d245cbe5076dbccceb29cc791e8381615 Last commit author : Timothy Bryan Last commit time : 2026-04-20T09:39:47Z

Updated user research banner heading content (#536)

• updated research banner content

• updating backstop images and new version info

7.9.0

Release : hmrc-frontend 7.9.0

Last commit sha : 5ce26a071a6f94cf6adf80ffcaf0fffc7eb7c906 Last commit author : TimothyFothergill Last commit time : 2026-04-13T14:17:15Z

Nojira npm audit fix and nsprc changes (#535)

NOJIRA audit fixes

7.8.0

Release : hmrc-frontend 7.8.0

Last commit sha : 7ae7e1850a5b6d6ff7c84088437cd84fccdaff6c Last commit author : Joanna Pinto Paul Last commit time : 2026-04-07T15:25:31Z

NOJIRA: Updated npm audit exclusions (#534)

Changelog

Sourced from hmrc-frontend's changelog.

[7.10.0] - 2026-04-20

Changed

• Updated the content of the User Research Banner

[7.9.0] - 2026-04-13

Changed

• Updated npm audit exclusions

[7.8.0] - 2026-04-07

Changed

• Updated npm audit exclusions

Commits

• b4dbda1 Updated user research banner heading content (#536)
• 5ce26a0 Nojira npm audit fix and nsprc changes (#535)
• 7ae7e18 NOJIRA: Updated npm audit exclusions (#534)
• See full diff in compare view

Updates mongoose from 9.4.1 to 9.5.0

Release notes

Sourced from mongoose's releases.

9.5.0 / 2026-04-20

• feat(debug): add timestamp option to debug output #16216 rejunp
• feat(query): add cloneUpdate option to explicitly disable update cloning #16230 #16202
• feat(query): extend defaults query option to find() #16226 sderrow
• fix(query): avoid cloning update until absolutely necessary to better support updates with __proto__ #16230 #16202
• fix(query): avoid treating documents with a $set() method as objects with a $set property when casting updates #16230
• fix(queryHelpers): pass default options to discriminators #16227 #16226
• fix(document): handle including and excluding nested paths with optimistic concurrency #16177 #16054
• fix(model): throw ObjectParameterError in insertOne() if doc is not an object #16221 IshitaSingh0822
• fix(cast): preserve reason in CastError message after setModel() #16167 White-Devil2839
• perf(model): remove unnecessary clone in findOneAndUpdate() #16230
• perf: use kareem 3.3.0 mongoosejs/kareem#45 #16229
• chore: use TSTyche assertions #16222 mrazauskas

Changelog

Sourced from mongoose's changelog.

9.5.0 / 2026-04-20

• feat(debug): add timestamp option to debug output #16216 rejunp
• feat(query): add cloneUpdate option to explicitly disable update cloning #16230 #16202
• feat(query): extend defaults query option to find() #16226 sderrow
• fix(query): avoid cloning update until absolutely necessary to better support updates with __proto__ #16230 #16202
• fix(query): avoid treating documents with a $set() method as objects with a $set property when casting updates #16230
• fix(queryHelpers): pass default options to discriminators #16227 #16226
• fix(document): handle including and excluding nested paths with optimistic concurrency #16177 #16054
• fix(model): throw ObjectParameterError in insertOne() if doc is not an object #16221 IshitaSingh0822
• fix(cast): preserve reason in CastError message after setModel() #16167 White-Devil2839
• perf(model): remove unnecessary clone in findOneAndUpdate() #16230
• perf: use kareem 3.3.0 mongoosejs/kareem#45 #16229
• chore: use TSTyche assertions #16222 mrazauskas

Commits

• b949826 chore: release 9.5.0
• a35104a Merge pull request #16230 from Automattic/vkarpov15/gh-16202-2
• 841eea1 Merge branch 'vkarpov15/gh-16202-2' of github.com:Automattic/mongoose into vk...
• 1db8455 address code review comments
• e1d8e43 Apply suggestion from @​Copilot
• 279cbf8 feat(query): add cloneUpdate option that tells Mongoose explicitly to not clo...
• 2d5cf49 Merge branch 'master' into vkarpov15/gh-16202-2
• 5800081 Merge pull request #16229 from Automattic/vkarpov15/kareem-3.3
• 32675b3 further reduce min-release-age for kareem
• 6a24e3f chore: temp reduce min-release-age for kareem
• Additional commits viewable in compare view

Updates openai from 6.33.0 to 6.34.0

Release notes

Sourced from openai's releases.

v6.34.0

6.34.0 (2026-04-08)

Full Changelog: v6.33.0...v6.34.0

Features

• api: add phase field to Message in conversations (eb7cbc1)
• client: add support for short-lived tokens (#839) (a72ebcf)

Bug Fixes

• api: remove web_search_call.results from ResponseIncludable in responses (1f6968e)

Chores

• internal: codegen related update (1081460)
• internal: update multipart form array serialization (3faee8d)
• tests: bump steady to v0.20.1 (b73cc6b)

Documentation

• api: add multi-file ingestion recommendations to vector-stores files/file-batches (1bc32a3)

Changelog

Sourced from openai's changelog.

6.34.0 (2026-04-08)

Full Changelog: v6.33.0...v6.34.0

Features

• api: add phase field to Message in conversations (eb7cbc1)
• client: add support for short-lived tokens (#839) (a72ebcf)

Bug Fixes

• api: remove web_search_call.results from ResponseIncludable in responses (1f6968e)

Chores

• internal: codegen related update (1081460)
• internal: update multipart form array serialization (3faee8d)
• tests: bump steady to v0.20.1 (b73cc6b)

Documentation

• api: add multi-file ingestion recommendations to vector-stores files/file-batches (1bc32a3)

Commits

• 35feb53 Merge pull request #1797 from openai/release-please--branches--master--change...
• 398e589 release: 6.34.0
• a72ebcf feat(client): add support for short-lived tokens (#839)
• b73cc6b chore(tests): bump steady to v0.20.1
• eb7cbc1 feat(api): add phase field to Message in conversations
• 1f6968e fix(api): remove web_search_call.results from ResponseIncludable in responses
• 1081460 chore(internal): codegen related update
• 1bc32a3 docs(api): add multi-file ingestion recommendations to vector-stores files/fi...
• 3faee8d chore(internal): update multipart form array serialization
• be64904 Merge pull request #1798 from openai/codex/pin-github-workflow-refs-20260326-...
• Additional commits viewable in compare view

Updates @types/express-session from 1.18.2 to 1.19.0

Commits

• See full diff in compare view

Updates eslint from 10.2.0 to 10.2.1

Release notes

Sourced from eslint's releases.

v10.2.1

Bug Fixes

• 14be92b fix: model generator yield resumption paths in code path analysis (#20665) (sethamus)
• 84a19d2 fix: no-async-promise-executor false positives for shadowed Promise (#20740) (xbinaryx)
• af764af fix: clarify language and processor validation errors (#20729) (Pixel998)
...

Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.