chore(deps): bump the minor-and-patch group across 1 directory with 22 updates

[dependabot]

Bumps the minor-and-patch group with 22 updates in the / directory:

Package	From	To
@modelcontextprotocol/sdk	1.27.1	1.29.0
@napi-rs/keyring	1.2.0	1.3.0
axios	1.16.0	1.18.0
grammy	1.41.1	1.44.0
js-yaml	4.1.1	4.2.0
ora	9.3.0	9.4.0
semver	7.7.2	7.8.4
@types/semver	7.7.0	7.7.1
zod	4.3.6	4.4.3
@stryker-mutator/core	9.6.0	9.6.1
@stryker-mutator/jest-runner	9.6.0	9.6.1
@stryker-mutator/typescript-checker	9.6.0	9.6.1
@types/node	25.9.2	25.9.3
esbuild	0.28.0	0.28.1
eslint	10.0.2	10.5.0
eslint-plugin-security	4.0.0	4.0.1
fast-check	4.7.0	4.8.0
jest	30.2.0	30.4.2
prettier	3.8.1	3.8.4
ts-jest	29.4.6	29.4.11
tsx	4.21.0	4.22.4
typescript-eslint	8.56.1	8.61.1

Updates @modelcontextprotocol/sdk from 1.27.1 to 1.29.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

• fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @​felixweinberger in modelcontextprotocol/typescript-sdk#1749
• [v1.x] fix: disallow null (infinite) requested TTL by @​LucaButBoring in modelcontextprotocol/typescript-sdk#1339
• [v1.x] fix: add missing size field to ResourceSchema by @​olaservo in modelcontextprotocol/typescript-sdk#1575
• Add typings exports by @​tdraier in modelcontextprotocol/typescript-sdk#1623
• v1.x npm audit fix by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1780
• v1.x #1623 follow up -add missing types to package.json by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1773
• [v1.x backport] Allow servers / clients to advertise extensions in the capability object by @​localden in modelcontextprotocol/typescript-sdk#1811
• fix(stdio): always set windowsHide on Windows, not just in Electron by @​jnMetaCode in modelcontextprotocol/typescript-sdk#1640
• chore: bump version to 1.29.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1820

New Contributors

• @​tdraier made their first contribution in modelcontextprotocol/typescript-sdk#1623
• @​jnMetaCode made their first contribution in modelcontextprotocol/typescript-sdk#1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

• feat: use scopes_supported from resource metadata by default (fixes #580) by @​antogyn in modelcontextprotocol/typescript-sdk#757
• [v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @​pcarleton in modelcontextprotocol/typescript-sdk#1611
• fix: reject plain JSON Schema objects passed as inputSchema by @​tiluckdave in modelcontextprotocol/typescript-sdk#1596
• fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by @​pcarleton in modelcontextprotocol/typescript-sdk#1462
• fix(server/auth): RFC 8252 loopback port relaxation by @​poteat in modelcontextprotocol/typescript-sdk#1738
• chore: bump version to 1.28.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1746

New Contributors

• @​antogyn made their first contribution in modelcontextprotocol/typescript-sdk#757
• @​tiluckdave made their first contribution in modelcontextprotocol/typescript-sdk#1596
• @​poteat made their first contribution in modelcontextprotocol/typescript-sdk#1738

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

Commits

• e12cbd7 chore: bump version to 1.29.0 (#1820)
• 3913fd4 fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)
• 5608e78 [v1.x backport] Allow servers / clients to advertise extensions in the capabi...
• 7213816 v1.x #1623 follow up -add missing types to package.json (#1773)
• 364f38c v1.x npm audit fix (#1780)
• c95cc09 Add typings exports (#1623)
• ddadaa6 [v1.x] fix: add missing size field to ResourceSchema (#1575)
• 2a15851 [v1.x] fix: disallow null (infinite) requested TTL (#1339)
• 13e30f1 fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)
• a056569 chore: bump version to 1.28.0 (#1746)
• Additional commits viewable in compare view

Updates @napi-rs/keyring from 1.2.0 to 1.3.0

Release notes

Sourced from @​napi-rs/keyring's releases.

v1.3.0

What's Changed

• chore: bump up actions/setup-node action to v5 by @​renovate[bot] in Brooooooklyn/keyring-node#97
• chore: bump up Rust crate windows to 0.62 by @​renovate[bot] in Brooooooklyn/keyring-node#98
• chore: bump up Yarn to v4.10.3 by @​renovate[bot] in Brooooooklyn/keyring-node#100
• chore: bump up actions/setup-node action to v6 by @​renovate[bot] in Brooooooklyn/keyring-node#101
• chore: bump up GitHub Artifact Actions (major) by @​renovate[bot] in Brooooooklyn/keyring-node#102
• chore: bump up all non-major dependencies by @​renovate[bot] in Brooooooklyn/keyring-node#104
• chore: bump up @​oxc-node/core version to ^0.0.34 by @​renovate[bot] in Brooooooklyn/keyring-node#105
• chore: bump up Yarn to v4.12.0 by @​renovate[bot] in Brooooooklyn/keyring-node#107
• chore: bump up actions/checkout action to v6 by @​renovate[bot] in Brooooooklyn/keyring-node#106
• chore: bump up @​oxc-node/core version to ^0.0.35 by @​renovate[bot] in Brooooooklyn/keyring-node#108
• chore: bump up actions/cache action to v5 by @​renovate[bot] in Brooooooklyn/keyring-node#109
• chore: bump up GitHub Artifact Actions (major) by @​renovate[bot] in Brooooooklyn/keyring-node#110
• chore: bump up cross-platform-actions/action action to v0.31.0 by @​renovate[bot] in Brooooooklyn/keyring-node#111
• chore: bump up cross-platform-actions/action action to v0.32.0 by @​renovate[bot] in Brooooooklyn/keyring-node#112
• chore: bump up GitHub Artifact Actions (major) by @​renovate[bot] in Brooooooklyn/keyring-node#113
• chore: bump up ava version to v7 by @​renovate[bot] in Brooooooklyn/keyring-node#114
• chore: bump up Yarn to v4.13.0 by @​renovate[bot] in Brooooooklyn/keyring-node#115
• chore: bump up typescript version to v6 by @​renovate[bot] in Brooooooklyn/keyring-node#116
• chore: bump up @​oxc-node/core version to ^0.1.0 by @​renovate[bot] in Brooooooklyn/keyring-node#117
• chore: bump up cross-platform-actions/action action to v1 by @​renovate[bot] in Brooooooklyn/keyring-node#118
• chore: upgrade Node version to 24 in publish CI by @​Claude in Brooooooklyn/keyring-node#119
• chore: bump up Yarn to v4.14.1 by @​renovate[bot] in Brooooooklyn/keyring-node#120
• chore: bump up Rust crate keyring to v4 by @​renovate[bot] in Brooooooklyn/keyring-node#121
• chore: bump up ava version to v8 by @​renovate[bot] in Brooooooklyn/keyring-node#122

New Contributors

• @​Claude made their first contribution in Brooooooklyn/keyring-node#119

Full Changelog: Brooooooklyn/keyring-node@v1.2.0...v1.3.0

Commits

• e46be75 1.3.0
• da34399 chore: bump up ava version to v8 (#122)
• 477749e chore: bump up Rust crate keyring to v4 (#121)
• e511bd2 chore: bump up Yarn to v4.14.1 (#120)
• b759a1a chore: upgrade Node version to 24 in publish CI (#119)
• ae5070a chore: bump up cross-platform-actions/action action to v1 (#118)
• 6b22fd2 chore: bump up @​oxc-node/core version to ^0.1.0 (#117)
• 966a1bd chore: bump up typescript version to v6 (#116)
• d6611b0 chore: bump up Yarn to v4.13.0 (#115)
• 273bb8d chore: bump up ava version to v7 (#114)
• Additional commits viewable in compare view

Updates axios from 1.16.0 to 1.18.0

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

• Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

• URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

• Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

• Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

• Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

• Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​drori12 (#10984)
• @​eyupcanakman (#10899)
• @​Adi-Beker (#10995)

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

• Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

• URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

• Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

• Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

• Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

• Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​drori12 (#10984)
• @​eyupcanakman (#10899)
• @​Adi-Beker (#10995)

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

... (truncated)

Commits

• 2d06f96 chore(release): prepare release 1.18.0 (#11003)
• 32fc489 fix: malformed http urls (#11000)
• b40ce49 chore(deps-dev): bump the development_dependencies group with 10 updates (#10...
• fe964f9 docs: mark proxy config as Node.js only (#10995)
• 5f229d2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...
• fae9d4e docs: clarify package update PR policy (#10992)
• 28ab2ce chore(deps-dev): bump the development_dependencies group with 2 updates (#10989)
• a8e4f13 fix(core): keep default validateStatus when request passes undefined (#10899)
• 614f455 docs: publish v1.17.0 release notes (#10988)
• 6bb12c1 fix: custom auth headers not stripped on cross-origin redirects (#10892)
• Additional commits viewable in compare view

Updates grammy from 1.41.1 to 1.44.0

Release notes

Sourced from grammy's releases.

v1.44.0

What's Changed

• fix: support Node timeout handles in backport by @​KnightNiwrem in grammyjs/grammY#909
• fix: remove dead code in constant-time token comparison by @​arunr-inji in grammyjs/grammY#906
• feat: support Bot API 10.1 by @​KnorpelSenf in grammyjs/grammY#911

Full Changelog: grammyjs/grammY@v1.43.0...v1.44.0

v1.43.0

What's Changed

• fix(azure): read secret-token header from request, not response by @​glacierphonk in grammyjs/grammY#896
• fix: resolve ctx.from for managed_bot updates by @​Dramex in grammyjs/grammY#895
• fix(aws-lambda): accept lowercased secret-token header for HTTP API by @​glacierphonk in grammyjs/grammY#900
• feat: support Bot API 10.0 by @​KnorpelSenf in grammyjs/grammY#905

New Contributors

• @​Dramex made their first contribution in grammyjs/grammY#895

Full Changelog: grammyjs/grammY@v1.42.0...v1.43.0

v1.42.0

What's Changed

• fix: correct typo in filter key chat_owner_changd by @​glacierphonk in grammyjs/grammY#881
• feat: support Bot API 9.6 by @​KnorpelSenf in grammyjs/grammY#892

New Contributors

• @​glacierphonk made their first contribution in grammyjs/grammY#881
• @​github-actions[bot] made their first contribution in grammyjs/grammY#891

Full Changelog: grammyjs/grammY@v1.41.1...v1.42.0

Commits

• f5c1a3d 1.44.0
• 64d1822 feat: support Bot API 10.1 (#911)
• befe997 fix: remove dead code in constant-time token comparison (#906)
• ca25630 fix: broken All Contributors emoji key link (#907)
• a2530e1 fix: support Node timeout handles in backport (#909)
• daece29 1.43.0
• 88912c7 feat: support Bot API 10.0 (#905)
• c865dd3 fix(aws-lambda): accept lowercased secret-token header for HTTP API (#900)
• f3532b8 docs: add @​Dramex as a contributor for bug, and code (#899)
• 804c112 docs: add @​glacierphonk as a contributor for bug, code, and ideas (#897)
• Additional commits viewable in compare view

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

• Added docs/safety.md with notes about processing untrusted YAML.
• Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
• Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
• Added sourcemaps to dist/ builds.

Changed

• Stop resolving numbers with underscores as numeric scalars, #627.
• Switched dev toolchains to Vite / neostandard.
• Updated demo.
• Reorganized tests.
• dist/ files are no longer kept in the repository.

Fixed

• Fix parsing of properties on the first implicit block mapping key, #62.
• Fix trailing whitespace handling when folding flow scalar lines, #307.
• Reject top-level block scalars without content indentation, #280.
• Ensure numbers survive round-trip, #737.
• Fix test coverage for issue #221.
• Fix flow scalar trailing whitespace folding, #307.
• Fix digits in YAML named tag handles.

Security

• Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

Commits

• See full diff in compare view

Updates ora from 9.3.0 to 9.4.0

Release notes

Sourced from ora's releases.

v9.4.0

• Add successSymbol and failSymbol options to oraPromise 3d2e0a9

---

sindresorhus/ora@v9.3.0...v9.4.0

Commits

• 46a6703 9.4.0
• 3d2e0a9 Add successSymbol and failSymbol options to oraPromise
• f70f613 Test tweaks
• 7cf29a7 Validate some options better
• See full diff in compare view

Updates semver from 7.7.2 to 7.8.4

Release notes

Sourced from semver's releases.

v7.8.4

7.8.4 (2026-06-09)

Bug Fixes

• e583226 #874 reject numeric segments after x-ranges (@​pupuking723)

v7.8.3

7.8.3 (2026-06-08)

Bug Fixes

• 046da7f #872 align caret includePrerelease lower bounds (#872) (@​wayyoungboy)

Chores

• 3485dda #866 bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@​dependabot[bot])

v7.8.2

7.8.2 (2026-06-04)

Bug Fixes

• bea6028 #870 increment dotted prerelease identifiers (#870) (@​liuzemei, @​SheldonNeo)

v7.8.1

7.8.1 (2026-05-21)

Bug Fixes

• 17aa702 #869 strip build metadata before comparator trimming (#869) (@​owlstronaut)
• 5f3ca13 #867 handle prerelease bounds in subset (#867) (@​puneetdixit200, Puneet Dixit)

v7.8.0

7.8.0 (2026-05-08)

Features

• 0d0a0a2 #855 Add truncate function (#855) (@​pjohnmeyer, @​owlstronaut)

Bug Fixes

• 3905343 #859 Warn when defaulting to --inc=patch in CLI (@​pjohnmeyer)

Documentation

• c368af6 #853 fix typos in documentation (#853) (@​ankitkumar572005)
• 37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@​abhu85, @​claude)

Chores

• 9542e09 #860 template-oss-apply (@​owlstronaut)
• 937bc2c #860 template-oss-apply@5.0.0 (@​owlstronaut)
• 6946fef #852 bump @​npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@​dependabot[bot], @​npm-cli-bot)

v7.7.4

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

... (truncated)

Changelog

Sourced from semver's changelog.

7.8.4 (2026-06-09)

Bug Fixes

• e583226 #874 reject numeric segments after x-ranges (@​pupuking723)

7.8.3 (2026-06-08)

Bug Fixes

• 046da7f #872 align caret includePrerelease lower bounds (#872) (@​wayyoungboy)

Chores

• 3485dda #866 bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@​dependabot[bot])

7.8.2 (2026-06-04)

Bug Fixes

• bea6028 #870 increment dotted prerelease identifiers (#870) (@​liuzemei, @​SheldonNeo)

7.8.1 (2026-05-21)

Bug Fixes

• 17aa702 #869 strip build metadata before comparator trimming (#869) (@​owlstronaut)
• 5f3ca13 #867 handle prerelease bounds in subset (#867) (@​puneetdixit200, Puneet Dixit)

7.8.0 (2026-05-08)

Features

• 0d0a0a2 #855 Add truncate function (#855) (@​pjohnmeyer, @​owlstronaut)

Bug Fixes

• 3905343 #859 Warn when defaulting to --inc=patch in CLI (@​pjohnmeyer)

Documentation

• c368af6 #853 fix typos in documentation (#853) (@​ankitkumar572005)
• 37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@​abhu85, @​claude)

Chores

• 9542e09 #860 template-oss-apply (@​owlstronaut)
• 937bc2c #860 template-oss-apply@5.0.0 (@​owlstronaut)
• 6946fef #852 bump @​npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@​dependabot[bot], @​npm-cli-bot)

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

7.7.3 (2025-10-06)

Bug Fixes

• e37e0ca #813 faster paths for compare (#813) (@​H4ad)
• 2471d75 #811 x-range build metadata support (i529015)

Chores

• 8f05c87 #807 bump @​npmcli/template-oss from 4.25.0 to 4.25.1 (#807) (@​dependabot[bot], @​owlstronaut)

Commits

• Description has been truncated

[omrfc]

@dependabot rebase\n\nPlease rebase onto the v2.3.0 main branch. The current failures include stale baseline/version expectations and a maintain test fixed during the v2.3.0 release. After rebase, runtime security-relevant updates will be evaluated separately if the grouped PR remains red.