Update dependencies: Bump the all-dependencies group with 6 updates

[dependabot]

Bumps the all-dependencies group with 6 updates:

Package	From	To
ioredis	5.4.2	5.5.0
semver	7.7.0	7.7.1
@types/node	22.13.0	22.13.1
@vitest/coverage-v8	3.0.4	3.0.5
mongoose	8.9.6	8.10.0
vitest	3.0.4	3.0.5

Updates ioredis from 5.4.2 to 5.5.0

Release notes

Sourced from ioredis's releases.

v5.5.0

5.5.0 (2025-02-07)

Features

• Add ability for nat mapping through function (#1948) (3a04bee)
• HscanStream: adding NOVALUES option (#1943) (2f9843d)

Changelog

Sourced from ioredis's changelog.

5.5.0 (2025-02-07)

Features

• Add ability for nat mapping through function (#1948) (3a04bee)
• HscanStream: adding NOVALUES option (#1943) (2f9843d)

Commits

• 49d1cf0 chore(release): 5.5.0 [skip ci]
• 3a04bee feat: Add ability for nat mapping through function (#1948)
• 2f9843d feat(HscanStream): adding NOVALUES option (#1943)
• 5d3e7ca Update README.md
• See full diff in compare view

Updates semver from 7.7.0 to 7.7.1

Release notes

Sourced from semver's releases.

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

Changelog

Sourced from semver's changelog.

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

Commits

• 30c438b chore: release 7.7.1 (#765)
• af761c0 fix(inc): fully capture prerelease identifier (#764)
• See full diff in compare view

Updates @types/node from 22.13.0 to 22.13.1

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 3.0.4 to 3.0.5

Release notes

Sourced from @​vitest/coverage-v8's releases.

v3.0.5

This release includes security patches for:

• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

🚀 Features

• ui: Insert message "no tests found" in ui - by @​DevJoaoLopes in vitest-dev/vitest#7366 (92da4)

🐞 Bug Fixes

• Validate websocket request - by @​hi-ogawa and @​AriPerkkio in vitest-dev/vitest#7317 (191ef)
• Don't toggle cli cursor on non-TTY - by @​AriPerkkio in vitest-dev/vitest#7336 (3c805)
• vite-node: Differentiate file url with hash and query - by @​hi-ogawa in vitest-dev/vitest#7365 (926ca)

View changes on GitHub

Commits

• 1154662 chore: release v3.0.5
• See full diff in compare view

Updates mongoose from 8.9.6 to 8.10.0

Release notes

Sourced from mongoose's releases.

8.10.0 / 2025-02-05

• feat(schema+schematype): add toJSONSchema() method to convert schemas and schematypes to JSON schema #15184 #11162
• feat(connection): make connection helpers respect bufferTimeoutMS #15229 #15201
• feat(document): support schematype-level transform option #15163 #15084
• feat(model): add insertOne() function to insert a single doc #15162 #14843
• feat(connection): support Connection.prototype.aggregate() for db-level aggregations #15153
• feat(model): make syncIndexes() not call createIndex() on indexes that already exist #15175 #12250
• feat(model): useConnection(connection) function #14802
• fix(model): disallow updateMany(update) and fix TypeScript types re: updateMany() #15199 #15190
• fix(collection): avoid buffering if creating a collection during a connection interruption #15187 #14971
• fix(model): throw error if calling create() with multiple docs in a transaction unless ordered: true #15100
• fix(model): skip createCollection() in syncIndexes() if autoCreate: false #15155
• fix(model): make hydrate() handle hydrating deeply nested populated docs with hydratedPopulatedDocs #15130
• types(document): make sure toObject() and toJSON() apply versionKey __v #15097
• ci(NODE-6505): CI Setup for Encryption Support #15139 aditi-khare-mongoDB

8.9.7 / 2025-02-04

• fix: avoid applying defaults on map embedded paths #15217 #15196
• types: add missing $median operator to aggregation types #15233 #15209
• docs(document): clarify that toObject() returns a POJO that may contain non-POJO values #15232 #15208

Changelog

Sourced from mongoose's changelog.

8.10.0 / 2025-02-05

• feat(schema+schematype): add toJSONSchema() method to convert schemas and schematypes to JSON schema #15184 #11162
• feat(connection): make connection helpers respect bufferTimeoutMS #15229 #15201
• feat(document): support schematype-level transform option #15163 #15084
• feat(model): add insertOne() function to insert a single doc #15162 #14843
• feat(connection): support Connection.prototype.aggregate() for db-level aggregations #15153
• feat(model): make syncIndexes() not call createIndex() on indexes that already exist #15175 #12250
• feat(model): useConnection(connection) function #14802
• fix(model): disallow updateMany(update) and fix TypeScript types re: updateMany() #15199 #15190
• fix(collection): avoid buffering if creating a collection during a connection interruption #15187 #14971
• fix(model): throw error if calling create() with multiple docs in a transaction unless ordered: true #15100
• fix(model): skip createCollection() in syncIndexes() if autoCreate: false #15155
• fix(model): make hydrate() handle hydrating deeply nested populated docs with hydratedPopulatedDocs #15130
• types(document): make sure toObject() and toJSON() apply versionKey __v #15097
• ci(NODE-6505): CI Setup for Encryption Support #15139 aditi-khare-mongoDB

8.9.7 / 2025-02-04

• fix: avoid applying defaults on map embedded paths #15217 #15196
• types: add missing $median operator to aggregation types #15233 #15209
• docs(document): clarify that toObject() returns a POJO that may contain non-POJO values #15232 #15208

Commits

• 3501adf chore: release 8.10.0
• ebf1533 Merge pull request #15214 from Automattic/8.10
• 0d41398 Merge branch 'master' into 8.10
• 8a55290 test: make distinct() transaction test more durable
• 70377fc chore: release 8.9.7
• bd53c4c Merge pull request #15233 from Automattic/vkarpov15/gh-15209
• 2de289b types: add Median as AccumulatorOperator
• 52f3ced Merge pull request #15232 from Automattic/vkarpov15/gh-15208
• f344f63 types: avoid flattening/transforming MongoDB Sessions to fix tests
• cfd1bb5 correctly check out pinned commit
• Additional commits viewable in compare view

Updates vitest from 3.0.4 to 3.0.5

Release notes

Sourced from vitest's releases.

v3.0.5

This release includes security patches for:

• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

🚀 Features

• ui: Insert message "no tests found" in ui - by @​DevJoaoLopes in vitest-dev/vitest#7366 (92da4)

🐞 Bug Fixes

• Validate websocket request - by @​hi-ogawa and @​AriPerkkio in vitest-dev/vitest#7317 (191ef)
• Don't toggle cli cursor on non-TTY - by @​AriPerkkio in vitest-dev/vitest#7336 (3c805)
• vite-node: Differentiate file url with hash and query - by @​hi-ogawa in vitest-dev/vitest#7365 (926ca)

View changes on GitHub

Commits

• 1154662 chore: release v3.0.5
• 3c8050e fix: don't toggle cli cursor on non-TTY (#7336)
• 191ef9e fix: validate websocket request (#7317)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud