This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.<br>[View this repository on the Mend.io Web Portal](https://developer.mend.io/github/mx-space/core). ## Config Migration Needed - [ ] <!-- create-config-migration-pr --> Select this checkbox to let Renovate create an automated Config Migration PR. ## Rate-Limited The following updates are currently rate-limited. To force their creation now, click on a checkbox below. - [ ] <!-- unlimit-branch=renovate/better-auth-api-key-1.5.x-lockfile -->chore(deps): update dependency @better-auth/api-key to v1.5.6 - [ ] <!-- unlimit-branch=renovate/better-auth-passkey-1.5.x-lockfile -->chore(deps): update dependency @better-auth/passkey to v1.5.6 - [ ] <!-- unlimit-branch=renovate/patch-swc-monorepo -->chore(deps): update dependency @swc/core to v1.15.21 - [ ] <!-- unlimit-branch=renovate/node-25.3.x -->chore(deps): update dependency @types/node to v25.3.5 - [ ] <!-- unlimit-branch=renovate/patch-vitest-monorepo -->chore(deps): update dependency @vitest/coverage-v8 to v4.1.2 - [ ] <!-- unlimit-branch=renovate/better-auth-1.5.x-lockfile -->chore(deps): update dependency better-auth to v1.5.6 - [ ] <!-- unlimit-branch=renovate/es-toolkit-1.45.x -->chore(deps): update dependency es-toolkit to v1.45.1 - [ ] <!-- unlimit-branch=renovate/patch-eslint-monorepo -->chore(deps): update dependency eslint to v10.0.3 - [ ] <!-- unlimit-branch=renovate/lint-staged-16.3.x -->chore(deps): update dependency lint-staged to v16.3.4 - [ ] <!-- unlimit-branch=renovate/rolldown-1.0.x -->chore(deps): update dependency rolldown to v1.0.0-rc.12 - [ ] <!-- unlimit-branch=renovate/tsdown-0.21.x -->chore(deps): update dependency tsdown to v0.21.6 - [ ] <!-- unlimit-branch=renovate/mongoose-paginate-v2-1.9.x -->fix(deps): update dependency mongoose-paginate-v2 to v1.9.4 - [ ] <!-- unlimit-branch=renovate/cloudflare-workers-types-4.x-lockfile -->chore(deps): update dependency @cloudflare/workers-types to v4.20260317.1 - [ ] <!-- unlimit-branch=renovate/node-25.x -->chore(deps): update dependency @types/node to v25.5.0 - [ ] <!-- unlimit-branch=renovate/eslint-monorepo -->chore(deps): update dependency eslint to v10.1.0 - [ ] <!-- unlimit-branch=renovate/lint-staged-16.x -->chore(deps): update dependency lint-staged to v16.4.0 - [ ] <!-- unlimit-branch=renovate/wrangler-4.x-lockfile -->chore(deps): update dependency wrangler to v4.77.0 - [ ] <!-- unlimit-branch=renovate/mongoose-9.x -->fix(deps): update dependency mongoose to ~9.3.0 - [ ] <!-- unlimit-branch=renovate/openai-6.x -->fix(deps): update dependency openai to v6.33.0 - [ ] <!-- unlimit-branch=renovate/typescript-6.x -->chore(deps): update dependency typescript to v6 - [ ] <!-- unlimit-branch=renovate/docker-build-push-action-7.x -->chore(deps): update docker/build-push-action action to v7 - [ ] <!-- unlimit-branch=renovate/docker-login-action-4.x -->chore(deps): update docker/login-action action to v4 - [ ] <!-- unlimit-branch=renovate/docker-metadata-action-6.x -->chore(deps): update docker/metadata-action action to v6 - [ ] <!-- unlimit-branch=renovate/docker-setup-buildx-action-4.x -->chore(deps): update docker/setup-buildx-action action to v4 - [ ] <!-- unlimit-branch=renovate/docker-setup-qemu-action-4.x -->chore(deps): update docker/setup-qemu-action action to v4 - [ ] <!-- unlimit-branch=renovate/node-24.x -->chore(deps): update node.js to v24 - [ ] <!-- unlimit-branch=renovate/redis-8.x -->chore(deps): update redis docker tag to v8 - [ ] <!-- unlimit-branch=renovate/ejs-5.x -->fix(deps): update dependency ejs to v5 - [ ] <!-- create-all-rate-limited-prs -->🔐 **Create all rate-limited PRs at once** 🔐 ## Open The following updates have all been created. To force a retry/rebase of any, click on a checkbox below. - [ ] <!-- rebase-branch=renovate/npm-nodemailer-vulnerability -->[fix(deps): update dependency nodemailer to v8.0.4 [security]](../pull/2622) - [ ] <!-- rebase-branch=renovate/pnpm-action-setup-digest -->[chore(deps): update pnpm/action-setup digest to 738f428](../pull/2514) - [ ] <!-- rebase-branch=renovate/express-4.x -->[chore(deps): update dependency express to v4.22.1](../pull/2540) - [ ] <!-- rebase-branch=renovate/mongodb-6.x -->[chore(deps): update dependency mongodb to v6.21.0](../pull/2352) - [ ] <!-- rebase-branch=renovate/whatwg-url-14.x -->[chore(deps): update dependency whatwg-url to v14.2.0](../pull/2415) - [ ] <!-- rebase-branch=renovate/pnpm-10.x -->[chore(deps): update pnpm to v10.33.0](../pull/2613) - [ ] <!-- rebase-branch=renovate/express-5.x -->[chore(deps): update dependency express to v5](../pull/2553) - [ ] <!-- rebase-branch=renovate/mongodb-7.x -->[chore(deps): update dependency mongodb to v7](../pull/2554) - [ ] <!-- rebase-branch=renovate/whatwg-url-16.x -->[chore(deps): update dependency whatwg-url to v16](../pull/2614) - [ ] <!-- rebase-branch=renovate/major-github-artifact-actions -->[chore(deps): update github artifact actions (major)](../pull/2615) (`actions/download-artifact`, `actions/upload-artifact`) - [ ] <!-- rebase-branch=renovate/mongo-8.x -->[chore(deps): update mongo docker tag to v8](../pull/2616) - [ ] <!-- rebase-all-open-prs -->**Click on this checkbox to rebase all open PRs at once** ## Detected Dependencies <details><summary>docker-compose (2)</summary> <blockquote> <details><summary>docker-compose.server.yml (2)</summary> - `redis 7-alpine` → [Updates: `8-alpine`] - `mongo 7` → [Updates: `8`] </details> <details><summary>docker-compose.yml (1)</summary> - `mongo 7` → [Updates: `8`] </details> </blockquote> </details> <details><summary>dockerfile (1)</summary> <blockquote> <details><summary>dockerfile (2)</summary> - `node 22-alpine` → [Updates: `24-alpine`] - `node 22-alpine` → [Updates: `24-alpine`] </details> </blockquote> </details> <details><summary>github-actions (4)</summary> <blockquote> <details><summary>.github/actions/setup-node/action.yml (2)</summary> - `actions/setup-node v6` - `pnpm/action-setup e94b270858c939f4f8b43f5c1438fa1d9a67ad5d` → [Updates: `undefined`] </details> <details><summary>.github/workflows/api-client.yml (1)</summary> - `actions/checkout v6` </details> <details><summary>.github/workflows/ci.yml (8)</summary> - `actions/checkout v6` - `actions/checkout v6` - `docker/metadata-action v5` → [Updates: `v6`] - `docker/setup-qemu-action v3` → [Updates: `v4`] - `docker/setup-buildx-action v3` → [Updates: `v4`] - `docker/build-push-action v6` → [Updates: `v7`] - `actions/checkout v6` - `actions/checkout v6` </details> <details><summary>.github/workflows/release.yml (15)</summary> - `actions/checkout v6` - `actions/checkout v6` - `softprops/action-gh-release v2` - `actions/checkout v6` - `docker/setup-qemu-action v3` → [Updates: `v4`] - `docker/metadata-action v5` → [Updates: `v6`] - `docker/setup-buildx-action v3` → [Updates: `v4`] - `docker/build-push-action v6` → [Updates: `v7`] - `docker/login-action v3` → [Updates: `v4`] - `docker/build-push-action v6` → [Updates: `v7`] - `actions/upload-artifact v6` → [Updates: `v7`] - `actions/download-artifact v7` → [Updates: `v8`] - `docker/login-action v3` → [Updates: `v4`] - `docker/setup-buildx-action v3` → [Updates: `v4`] - `docker/metadata-action v5` → [Updates: `v6`] </details> </blockquote> </details> <details><summary>npm (10)</summary> <blockquote> <details><summary>apps/core/external/pino/package.json</summary> </details> <details><summary>apps/core/external/request/package.json</summary> </details> <details><summary>apps/core/package.json (123)</summary> - `@antfu/install-pkg 1.1.0` - `@anthropic-ai/sdk ^0.80.0` - `@babel/core 7.29.0` - `@babel/plugin-transform-modules-commonjs 7.28.6` - `@babel/plugin-transform-typescript 7.28.6` - `@babel/types ^7.29.0` - `@better-auth/api-key ^1.5.1` → [Updates: `^1.5.1`] - `@better-auth/passkey ^1.5.1` → [Updates: `^1.5.1`] - `@fastify/cookie 11.0.2` - `@fastify/multipart 9.4.0` - `@fastify/static 9.0.0` - `@haklex/rich-headless 0.0.88` - `@innei/next-async 0.4.0` - `@innei/pretty-logger-nestjs 0.4.2` - `@keyv/redis 5.1.6` - `@lexical/code-core ^0.42.0` - `@lexical/extension ^0.42.0` - `@lexical/headless ^0.42.0` - `@lexical/link ^0.42.0` - `@lexical/list ^0.42.0` - `@lexical/rich-text ^0.42.0` - `@lexical/table ^0.42.0` - `@nestjs/cache-manager 3.1.0` - `@nestjs/common 11.1.17` - `@nestjs/core 11.1.17` - `@nestjs/event-emitter 3.0.1` - `@nestjs/mapped-types ^2.1.0` - `@nestjs/platform-fastify 11.1.17` - `@nestjs/platform-socket.io 11.1.17` - `@nestjs/schedule 6.1.1` - `@nestjs/throttler 6.5.0` - `@nestjs/websockets 11.1.17` - `@socket.io/redis-adapter 8.3.0` - `@socket.io/redis-emitter 5.1.0` - `@typegoose/auto-increment ^5.0.0` - `@typegoose/typegoose ^13.2.1` - `@types/jsonwebtoken 9.0.10` - `axios ^1.13.3` - `axios-retry 4.5.0` - `bcryptjs ^3.0.3` - `better-auth ^1.5.1` → [Updates: `^1.5.1`] - `blurhash 2.0.5` - `cache-manager 7.2.8` - `commander 14.0.3` - `dayjs 1.11.20` - `diff-match-patch ^1.0.5` - `dotenv ^17.3.1` - `dotenv-expand ^12.0.3` - `ejs 4.0.1` → [Updates: `5.0.1`] - `es-toolkit ^1.45.1` - `form-data 4.0.5` - `inquirer ^13.3.2` - `isbot 5.1.36` - `js-yaml ^4.1.1` - `json5 2.2.3` - `jsondiffpatch ^0.7.3` - `jsonrepair ^3.13.3` - `jsonwebtoken 9.0.3` - `jszip 3.10.1` - `keyv 5.6.0` - `lexical ^0.42.0` - `linkedom 0.18.12` - `lru-cache 11.2.7` - `marked 17.0.5` - `mime-types ^3.0.1` - `mkdirp ^3.0.1` - `mongoose ~9.2.4` → [Updates: `~9.3.0`] - `mongoose-aggregate-paginate-v2 1.1.4` - `mongoose-autopopulate 1.2.1` - `mongoose-lean-getters 2.3.1` - `mongoose-lean-virtuals 2.1.0` - `mongoose-paginate-v2 1.9.3` → [Updates: `1.9.4`] - `nanoid 5.1.7` - `nestjs-zod ^5.2.1` - `node-machine-id 1.1.12` - `nodemailer 8.0.3` → [Updates: `8.0.4`] - `object-scan ^20.0.4` - `openai 6.32.0` → [Updates: `6.33.0`] - `picocolors ^1.1.1` - `pluralize ^8.0.0` - `qs 6.15.0` - `reflect-metadata 0.2.2` - `remove-markdown 0.6.3` - `remove-md-codeblock 0.0.4` - `resend ^6.9.4` - `rxjs 7.8.2` - `semver 7.7.4` - `slugify 1.6.8` - `source-map-support ^0.5.21` - `ua-parser-js 2.0.9` - `wildcard-match 5.1.4` - `xss 1.0.15` - `zod 4.3.6` - `@nestjs/cli 11.0.16` - `@nestjs/schematics 11.0.9` - `@nestjs/testing 11.1.17` - `@swc/cli ^0.8.0` - `@swc/core 1.15.18` → [Updates: `1.15.21`] - `@types/babel__core 7.20.5` - `@types/diff-match-patch ^1.0.36` - `@types/ejs 3.1.5` - `@types/get-image-colors 4.0.5` - `@types/js-yaml 4.0.9` - `@types/mime-types 3.0.1` - `@types/node 25.5.0` - `@types/nodemailer 7.0.11` - `@types/qs 6.15.0` - `@types/remove-markdown 0.3.4` - `@types/semver 7.7.1` - `@types/ua-parser-js 0.7.39` - `@types/validator 13.15.10` - `@vitest/coverage-v8 ^4.1.0` → [Updates: `^4.1.0`] - `ioredis 5.10.1` - `mongodb-memory-server ^11.0.1` - `redis-memory-server ^0.16.0` - `rimraf 6.1.3` - `sharp 0.34.5` - `socket.io ^4.8.3` - `tsdown 0.21.4` → [Updates: `0.21.6`] - `typescript 5.9.3` → [Updates: `6.0.2`] - `unplugin-swc 1.5.9` - `vite-tsconfig-paths 6.1.1` - `node >=22` </details> <details><summary>apps/telemetry/package.json (2)</summary> - `@cloudflare/workers-types ^4.20260301.1` → [Updates: `^4.20260301.1`] - `wrangler ^4.69.0` → [Updates: `^4.69.0`] </details> <details><summary>external/pino/package.json</summary> </details> <details><summary>external/request/package.json</summary> </details> <details><summary>package.json (26)</summary> - `@ianvs/prettier-plugin-sort-imports 4.7.1` - `@lobehub/eslint-config ^2.1.5` - `@types/node 25.3.3` → [Updates: `25.3.5`, `25.5.0`] - `cross-env 10.1.0` - `eslint ^10.0.0` → [Updates: `^10.0.0`] - `lint-staged 16.3.1` → [Updates: `16.3.4`, `16.4.0`] - `mongodb-memory-server 11.0.1` - `prettier 3.8.1` - `prettier-package-json 2.8.0` - `prettier-plugin-ember-template-tag 2.1.3` - `redis-memory-server 0.16.0` - `rimraf 6.1.3` - `rolldown 1.0.0-rc.6` → [Updates: `1.0.0-rc.12`] - `simple-git-hooks 2.13.1` - `ts-node 10.9.2` - `tsconfig-paths 4.2.0` - `typescript 5.9.3` → [Updates: `6.0.2`] - `vite-tsconfig-paths 6.1.1` - `node >=22` - `rolldown 1.0.0-rc.6` → [Updates: `1.0.0-rc.12`] - `mongodb 6.12.0` → [Updates: `6.21.0`, `7.1.1`] - `semver 7.7.4` - `typescript 5.9.3` → [Updates: `6.0.2`] - `whatwg-url 14.1.1` → [Updates: `14.2.0`, `16.0.1`] - `zod 4.3.6` - `pnpm 10.28.2` → [Updates: `10.33.0`] </details> <details><summary>packages/api-client/package.json (12)</summary> - `@types/cors 2.8.19` - `@types/express 5.0.6` - `abort-controller 3.0.0` - `axios ^1.13.3` - `camelcase-keys ^10.0.2` - `cors 2.8.6` - `es-toolkit 1.45.0` → [Updates: `1.45.1`] - `express 4.21.2` → [Updates: `4.22.1`, `5.2.1`] - `form-data 4.0.5` - `tsdown 0.21.0-beta.2` → [Updates: `0.21.6`] - `umi-request 1.4.0` - `node >=22` </details> <details><summary>packages/webhook/package.json (3)</summary> - `express 4.21.2` → [Updates: `4.22.1`, `5.2.1`] - `tsdown 0.21.0-beta.2` → [Updates: `0.21.6`] - `node >=22` </details> <details><summary>pnpm-workspace.yaml</summary> </details> </blockquote> </details> <details><summary>nvm (1)</summary> <blockquote> <details><summary>.nvmrc (1)</summary> - `node 22` → [Updates: `24`] </details> </blockquote> </details> --- - [ ] <!-- manual job -->Check this box to trigger a request for Renovate to run again on this repository
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.
Config Migration Needed
Rate-Limited
The following updates are currently rate-limited. To force their creation now, click on a checkbox below.
Open
The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.
actions/download-artifact,actions/upload-artifact)Detected Dependencies
docker-compose (2)
dockerfile (1)
github-actions (4)
npm (10)
nvm (1)