chore(deps): bump the production-dependencies group with 15 updates

[dependabot]

Bumps the production-dependencies group with 15 updates:

Package	From	To
@logtape/sentry	2.0.2	2.0.5
@sentry/node	10.38.0	10.47.0
lru-cache	11.2.4	11.2.7
node-modules-tools	1.3.2	1.4.2
@logtape/drizzle-orm	2.0.2	2.0.5
dotenv	17.2.3	17.3.1
semver	7.7.3	7.7.4
better-result	2.5.2	2.7.0
@logtape/logtape	2.0.2	2.0.5
@types/node	25.2.1	25.5.0
drizzle-orm	0.45.1	0.45.2
publint	0.3.17	0.3.18
typescript	5.9.3	6.0.2
valibot	1.2.0	1.3.1
wrangler	4.63.0	4.79.0

Updates @logtape/sentry from 2.0.2 to 2.0.5

Changelog

Sourced from @​logtape/sentry's changelog.

Version 2.0.5

Released on March 24, 2026.

@​logtape/logtape

• Fixed a bug where configure() and configureSync() threw in Vercel Edge-like runtimes that define EdgeRuntime but do not provide browser addEventListener() lifecycle hooks. LogTape now skips automatic cleanup hook registration when neither process.on() nor addEventListener() is available. [#149]

#149: dahlia/logtape#149

Version 2.0.4

Released on February 26, 2026.

@​logtape/redaction

• Fixed CREDIT_CARD_NUMBER_PATTERN to correctly match American Express-style credit card numbers (e.g., 1234-5678-901234) on Bun. The previous regex /(?:\d{4}-){3}\d{4}|(?:\d{4}-){2}\d{6}/g triggered a backtracking bug in Bun's regex engine where, after the first alternative partially consumed a common prefix and failed, the engine incorrectly started the second alternative from the failure position rather than from the original match position. The pattern has been rewritten as /(?:\d{4}-){2}(?:\d{4}-\d{4}|\d{6})/g to factor out the common prefix, which avoids the issue while preserving the same matching behavior.

Version 2.0.3

Released on February 26, 2026.

@​logtape/logtape

• Revised the startup notice text from the meta logger to avoid implying that seeing the message always means the meta logger was auto-configured. The message now uses neutral wording while keeping guidance for suppressing it with a higher meta logger level. [#141]

#141: dahlia/logtape#141

Commits

• bfb540f Version bump
• c9255ba Version bump
• f53b69a Version bump
• See full diff in compare view

Updates @sentry/node from 10.38.0 to 10.47.0

Release notes

Sourced from @​sentry/node's releases.

10.47.0

Important Changes

• feat(node-core): Add OTLP integration for node-core/light (#19729)

  Added otlpIntegration at @sentry/node-core/light/otlp for users who manage their own OpenTelemetry setup and want to send trace data to Sentry without adopting the full @sentry/node SDK.

  import { NodeTracerProvider } from '@opentelemetry/sdk-trace-node';
  import * as Sentry from '@sentry/node-core/light';
  import { otlpIntegration } from '@sentry/node-core/light/otlp';
  const provider = new NodeTracerProvider();
  provider.register();
  Sentry.init({
  dsn: 'DSN',
  integrations: [
  otlpIntegration({
  // Export OTel spans to Sentry via OTLP (default: true)
  setupOtlpTracesExporter: true,
  }),
  ],
  });

  The integration links Sentry errors to OTel traces and exports spans to Sentry via OTLP.

• feat(node, bun): Add runtime metrics integrations for Node.js and Bun (#19923, #19979)

  New nodeRuntimeMetricsIntegration and bunRuntimeMetricsIntegration automatically collect runtime health metrics and send them to Sentry on a configurable interval (default: 30s). Collected metrics include memory (RSS, heap used/total), CPU utilization, event loop utilization, and process uptime. Node additionally collects event loop delay percentiles (p50, p99). Extra metrics like CPU time and external memory are available as opt-in.

  // Node.js
  import * as Sentry from '@sentry/node';
  Sentry.init({
  dsn: '...',
  integrations: [Sentry.nodeRuntimeMetricsIntegration()],
  });
  // Bun
  import * as Sentry from '@​sentry/bun';
  Sentry.init({
  dsn: '...',
  integrations: [Sentry.bunRuntimeMetricsIntegration()],
  });

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

10.47.0

Important Changes

• feat(node-core): Add OTLP integration for node-core/light (#19729)

  Added otlpIntegration at @sentry/node-core/light/otlp for users who manage their own OpenTelemetry setup and want to send trace data to Sentry without adopting the full @sentry/node SDK.

  import { NodeTracerProvider } from '@opentelemetry/sdk-trace-node';
  import * as Sentry from '@sentry/node-core/light';
  import { otlpIntegration } from '@sentry/node-core/light/otlp';
  const provider = new NodeTracerProvider();
  provider.register();
  Sentry.init({
  dsn: 'DSN',
  integrations: [
  otlpIntegration({
  // Export OTel spans to Sentry via OTLP (default: true)
  setupOtlpTracesExporter: true,
  }),
  ],
  });

  The integration links Sentry errors to OTel traces and exports spans to Sentry via OTLP.

• feat(node, bun): Add runtime metrics integrations for Node.js and Bun (#19923, #19979)

  New nodeRuntimeMetricsIntegration and bunRuntimeMetricsIntegration automatically collect runtime health metrics and send them to Sentry on a configurable interval (default: 30s). Collected metrics include memory (RSS, heap used/total), CPU utilization, event loop utilization, and process uptime. Node additionally collects event loop delay percentiles (p50, p99). Extra metrics like CPU time and external memory are available as opt-in.

  // Node.js
  import * as Sentry from '@sentry/node';
  Sentry.init({
  dsn: '...',
  integrations: [Sentry.nodeRuntimeMetricsIntegration()],
  });
  // Bun
  import * as Sentry from '@​sentry/bun';
  Sentry.init({
  dsn: '...',
  integrations: [Sentry.bunRuntimeMetricsIntegration()],

... (truncated)

Commits

• a5a4e73 release: 10.47.0
• c7477bb Merge pull request #20050 from getsentry/prepare-release/10.47.0
• 3d4e38d meta(changelog): Update changelog for 10.47.0
• 2c0ce6f feat(deps): Bump OpenTelemetry dependencies (#20046)
• 8f08fcb fix(browser-tests): Pin axios to 1.13.5 to avoid compromised 1.14.1 (#20047)
• 3815492 fix(profiling): Disable profiling in worker threads (#20040)
• 61edc25 Merge pull request #19890 from getsentry/fix/react-router-debug-id-double-inj...
• 28f94f3 fix(react-router): Disable debug ID injection in Vite plugin to prevent doubl...
• 9bfc682 ref(browser-tests): Add waitForMetricRequest helper (#20002)
• 08cab24 fix(node): Deduplicate sentry-trace and baggage headers on outgoing reque...
• Additional commits viewable in compare view

Updates lru-cache from 11.2.4 to 11.2.7

Commits

• e787b9f 11.2.7
• e6f15bf format tests, update project ci settings
• 2ec0b52 abstract out the update autopurge fn, formatting
• 879f8b1 abstract out setPurgeTimer (internal)
• 88ae941 fix: reschedule autopurge timer when updateAgeOnGet resets TTL start
• 757c157 remove unused polyfills from tests
• ad9c097 11.2.6
• ac2a7f4 export minified version by default
• 8a34522 remove dead/commented code from test
• b89badb 11.2.5
• Additional commits viewable in compare view

Updates node-modules-tools from 1.3.2 to 1.4.2

Release notes

Sourced from node-modules-tools's releases.

v1.4.2

No significant changes

    View changes on GitHub

v1.4.1

No significant changes

    View changes on GitHub

v1.4.0

   🚀 Features

• Add vulnerability tab on report view  -  by @​SimYunSup in antfu/node-modules-inspector#111 (f44e5)

   🐞 Bug Fixes

• Typo of flamegraph  -  by @​KazariEX in antfu/node-modules-inspector#144 (beb01)
• Improve esm analyze  -  by @​antfu (97b5b)

    View changes on GitHub

Commits

• 04c6791 chore: release v1.4.2
• acbe17e chore: release v1.4.1
• d7550de chore: snapshot
• 5e5247f chore: fix build
• c15e9f1 chore: release v1.4.0
• 07c6286 chore: update deps
• f44e5ae feat: Add vulnerability tab on report view (#111)
• 97b5b4f fix: improve esm analyze
• See full diff in compare view

Updates @logtape/drizzle-orm from 2.0.2 to 2.0.5

Changelog

Sourced from @​logtape/drizzle-orm's changelog.

Version 2.0.5

Released on March 24, 2026.

@​logtape/logtape

• Fixed a bug where configure() and configureSync() threw in Vercel Edge-like runtimes that define EdgeRuntime but do not provide browser addEventListener() lifecycle hooks. LogTape now skips automatic cleanup hook registration when neither process.on() nor addEventListener() is available. [#149]

#149: dahlia/logtape#149

Version 2.0.4

Released on February 26, 2026.

@​logtape/redaction

• Fixed CREDIT_CARD_NUMBER_PATTERN to correctly match American Express-style credit card numbers (e.g., 1234-5678-901234) on Bun. The previous regex /(?:\d{4}-){3}\d{4}|(?:\d{4}-){2}\d{6}/g triggered a backtracking bug in Bun's regex engine where, after the first alternative partially consumed a common prefix and failed, the engine incorrectly started the second alternative from the failure position rather than from the original match position. The pattern has been rewritten as /(?:\d{4}-){2}(?:\d{4}-\d{4}|\d{6})/g to factor out the common prefix, which avoids the issue while preserving the same matching behavior.

Version 2.0.3

Released on February 26, 2026.

@​logtape/logtape

• Revised the startup notice text from the meta logger to avoid implying that seeing the message always means the meta logger was auto-configured. The message now uses neutral wording while keeping guidance for suppressing it with a higher meta logger level. [#141]

#141: dahlia/logtape#141

Commits

• bfb540f Version bump
• c9255ba Version bump
• f53b69a Version bump
• See full diff in compare view

Updates dotenv from 17.2.3 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

• 7bc16a4 17.3.1
• 27303fd update README-es
• 6379eb2 update README
• b6d7339 fix spelling
• 5febe35 17.3.0
• f61f383 changelog 🪵
• dec94ad update README
• 4856950 update README
• 6351887 update README
• 23bd017 update README
• Additional commits viewable in compare view

Updates semver from 7.7.3 to 7.7.4

Release notes

Sourced from semver's releases.

v7.7.4

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/[email protected] (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

Changelog

Sourced from semver's changelog.

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/[email protected] (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

Commits

• 5993c2e chore: release 7.7.4 (#839)
• 120968b deps: @​npmcli/template-oss@​4.29.0 (#840)
• a29faa5 fix(cli): pass options to semver.valid() for loose version validation (#835)
• 1d28d5e docs: fix typos and update -n CLI option documentation (#836)
• 5816d4c chore: bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829)
• ab9e28a chore: bump @​npmcli/template-oss from 4.27.1 to 4.28.0 (#827)
• 44d7130 chore: bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824)
• 7073576 chore: reorder parameters in invalid-versions.js test (#820)
• 16a35f5 chore: bump @​npmcli/template-oss from 4.26.0 to 4.27.1 (#823)
• 3a3459d chore: bump @​npmcli/template-oss from 4.25.1 to 4.26.0 (#818)
• See full diff in compare view

Updates better-result from 2.5.2 to 2.7.0

Release notes

Sourced from better-result's releases.

v2.6.0

What's Changed

Features

• Result.deserialize now returns ResultDeserializationError instead of null (#29)

  • Adds ResultDeserializationError tagged error class
  • Result.deserialize returns Result<T, E | ResultDeserializationError> instead of Result<T, E> | null
  • Allows handling deserialization failures using the same Result utilities as everything else

• Compile-time protection against async in Result.try (#30) by @​trvswgnr

  • Prevents a footgun where Result.try silently accepts async functions
  • TypeScript now rejects async functions at compile time, guiding users toward Result.tryPromise

Fixes

• Fix opensrc repository URL (#28)
• Remove recursive publish script

Docs

• Fix TaggedError example in JSDoc (#27)

Full Changelog: dmmulroy/better-result@v2.5.2...v2.6.0

Commits

• See full diff in compare view

Updates @logtape/logtape from 2.0.2 to 2.0.5

Changelog

Sourced from @​logtape/logtape's changelog.

Version 2.0.5

Released on March 24, 2026.

@​logtape/logtape

• Fixed a bug where configure() and configureSync() threw in Vercel Edge-like runtimes that define EdgeRuntime but do not provide browser addEventListener() lifecycle hooks. LogTape now skips automatic cleanup hook registration when neither process.on() nor addEventListener() is available. [#149]

#149: dahlia/logtape#149

Version 2.0.4

Released on February 26, 2026.

@​logtape/redaction

• Fixed CREDIT_CARD_NUMBER_PATTERN to correctly match American Express-style credit card numbers (e.g., 1234-5678-901234) on Bun. The previous regex /(?:\d{4}-){3}\d{4}|(?:\d{4}-){2}\d{6}/g triggered a backtracking bug in Bun's regex engine where, after the first alternative partially consumed a common prefix and failed, the engine incorrectly started the second alternative from the failure position rather than from the original match position. The pattern has been rewritten as /(?:\d{4}-){2}(?:\d{4}-\d{4}|\d{6})/g to factor out the common prefix, which avoids the issue while preserving the same matching behavior.

Version 2.0.3

Released on February 26, 2026.

@​logtape/logtape

• Revised the startup notice text from the meta logger to avoid implying that seeing the message always means the meta logger was auto-configured. The message now uses neutral wording while keeping guidance for suppressing it with a higher meta logger level. [#141]

#141: dahlia/logtape#141

Commits

• 5c0d948 Fix Edge cleanup hook registration
• bfb540f Version bump
• c9255ba Version bump
• e1ff153 Refine meta logger notice wording and docs
• f53b69a Version bump
• See full diff in compare view

Updates @types/node from 25.2.1 to 25.5.0

Commits

• See full diff in compare view

Updates drizzle-orm from 0.45.1 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

• Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

Commits

• 273c780 + 0.45.2 (#5534)
• 4aa6ecf Kit updates (#5490)
• e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
• See full diff in compare view

Updates publint from 0.3.17 to 0.3.18

Release notes

Sourced from publint's releases.

[email protected]

Patch Changes

• Fix deprecated subpath mapping check crash and make getPkgPathValue from publint/utils return undefined if the path is invalid (ad2aa9c)

Changelog

Sourced from publint's changelog.

0.3.18

Patch Changes

• Fix deprecated subpath mapping check crash and make getPkgPathValue from publint/utils return undefined if the path is invalid (ad2aa9c)

Commits

• 9808a56 Release packages (#219)
• ad2aa9c Fix deprecated subpath mapping check
• 113388f Update docs
• c2d2d70 Update dependencies
• See full diff in compare view

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• 206ed1a Deprecate assert in import() (#63172)
• e688ac8 Update dependencies (#63156)
• 29b300d Bump the github-actions group across 1 directory with 2 updates (#63205)
• 0c2c7a3 DOM update (#63183)
• Additional commits viewable in compare view

Updates valibot from 1.2.0 to 1.3.1

Release notes

Sourced from valibot's releases.

v1.3.1

• Change MAC48_REGEX, MAC64_REGEX and MAC_REGEX to drop the i flag for better JSON Schema compatibility (pull request #1430)
• Change hash action to use case-expanded character classes instead of the i flag (pull request #1430)

v1.3.0

Many thanks to @​EskiMojo14, @​yslpn, @​alexilyaev, @​idleberg, @​BerkliumBirb and @​frenzzy for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

• Add guard transformation action to narrow types using type predicates (pull request #1204)
• Add parseBoolean transformation action to parse boolean values from strings and other types (pull request #1251)
• Add isrc validation action to validate ISRC codes (pull request #1373)
• Add cache method for caching schema output by input (pull request #1170)
• Add domain validation action to validate domain names (pull request #1284)
• Add jwsCompact validation action to validate JWS compact strings (pull request #1348)
• Fix creditCard validation action to allow 13-digit Visa card numbers (pull request #1347)
• Fix isoTimestamp validation action to allow optional space before UTC offset for PostgreSQL timestamptz compatibility (pull request #1195)
• Fix types for deeply readonly default and fallback values

v1.3.0 (to-json-schema)

Many thanks to @​Xiot for contributing to this release.

• Add ignoreActions configuration to be able to ignore specific actions during conversion
• Add typeMode configuration to be able to control whether to convert input or output type of schema
• Add ConversionContext, OverrideSchemaContext, OverrideActionContext and OverrideRefContext to exports
• Change JSDoc comments to improve documentation
• Change build step to tsdown and Rolldown

Commits

• 1627d57 Bump library version to 1.3.1 and update changelog
• d19a019 Undo some of regex changes that were made by mistake
• ea0dd44 Update i18n version to 1.1.0 and update README
• 6c81715 Merge pull request #1311 from mreleftheros/i18n-greek
• d5b4641 Remove build timers from language build scripts
• 1e4526f Improve Greek language messages for clarity and consistency
• c5fa221 Bump version of to-json-schema to 1.6.0 and update changelog
• dc7c927 Finalize Greek language support PR
• e84e76a Merge branch 'main' into i18n-greek
• 2ad6f1c Merge branch 'main' into i18n-greek
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for valibot since your current version.

Updates wrangler from 4.63.0 to 4.79.0

Release notes

Sourced from wrangler's releases.

[email protected]

Minor Changes

• #12868 ffbc268 Thanks @​danielgek! - Add wrangler ai-search command namespace for managing Cloudflare AI Search instances

  Introduces a CLI surface for the Cloudflare AI Search API (open beta), including:

  • Instance management: ai-search list, create, get, update, delete
  • Semantic search: ai-search search with repeatable --filter key=value flags
  • Instance stats: ai-search stats

  The create command uses an interactive wizard to guide configuration. All commands require authentication via wrangler login.

• #13097 cd0e971 Thanks @​pombosilva! - Add --local flag to Workflows commands for interacting with local dev

  All Workflows CLI commands now support a --local flag that targets a running wrangler dev session instead of the Cloudflare production API. This uses the /cdn-cgi/explorer/api/workflows endpoints served by the local dev server.

  wrangler workflows list --local
  wrangler workflows trigger my-workflow '{"key":"value"}' --local
  wrangler workflows instances describe my-workflow latest --local
  wrangler workflows instances pause my-workflow <id> --local --port 9000
  

  By default, commands continue to hit remote (production). Pass --local to opt in, and optionally --port to specify a custom dev server port (defaults to 8787).

Patch Changes

• #13050 ed20a9b Thanks @​dario-piotrowicz! - Add minimum and maximum version checks for frameworks during auto-configuration

  When Wrangler automatically configures a project, it now validates the installed version of the detected framework before proceeding:

  • If the version is below the minimum known-good version, the command exits with an error asking the user to upgrade the framework.
  • If the version is above the maximum known major version, a warning is emitted to let the user know the framework version has not been officially tested with this feature, and the command continues.

• #13111 f214760 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260317.1	1.20260329.1

• #13079 746858a Thanks @​penalosa! - Fix getPlatformProxy and unstable_getMiniflareWorkerOptions crashing when assets is configured without a directory

  getPlatformProxy and unstable_getMiniflareWorkerOptions now skip asset setup when the config has an assets block but no directory — instead of throwing "missing required directory property". This happens when an external tool like @cloudflare/vite-plugin handles asset serving independently.

• #13112 9aad27f Thanks @​dario-piotrowicz! - Fix autoconfig failing on waku projects that use hono

  Waku has a tight integration with Hono, causing both to be detected simultaneously and triggering a "multiple frameworks found" error. Hono is now filtered out when Waku is also detected.

• #13113 1fc5518 Thanks @​dario-piotrowicz! - Skip lock file warning for static projects during autoconfig

... (truncated)

Commits

• d927ee3 Version Packages (#13096)
• 958afe7 Remove some of the no-restricted-imports eslint disabling comments (#13140)
• f214760 Bump the workerd-and-workers-types group with 2 updates (#13111)
• ed20a9b Add minimum and maximum version checks for frameworks during auto-configurati...
• b539dc7 [wrangler] skip fetching all deployable versions when user already specified ...
• a532eea refactor(miniflare): use CorePaths for local explorer routes (#13090)
• 2565b1d Improve error message when the assets directory path points to a file instead...
• e200179 Deduplicate codemod logic in C3 and autoconfig by moving it to its own `@clou...
• cd0e971 [wrangler] Add Workflows local commands (#13097)
• ffbc268 [wrangler] Add ai search commands (#12868)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions