build(deps): bump the minor-and-patch group with 10 updates

[dependabot]

Bumps the minor-and-patch group with 10 updates:

Package	From	To
@commitlint/cli	20.4.1	20.4.2
@commitlint/config-conventional	20.4.1	20.4.2
@semantic-release/github	12.0.3	12.0.6
@semantic-release/npm	13.1.3	13.1.4
@types/node	25.2.0	25.3.0
esbuild	0.27.2	0.27.3
typescript-eslint	8.54.0	8.56.1
pino	10.3.0	10.3.1
viem	2.45.1	2.46.2
hono	4.11.7	4.12.2

Updates @commitlint/cli from 20.4.1 to 20.4.2

Release notes

Sourced from @​commitlint/cli's releases.

v20.4.2

20.4.2 (2026-02-19)

Bug Fixes

• fix(rules): ignore cherry-picks in signed-off-by by @​mzedel in conventional-changelog/commitlint#4625
• fix(config-nx-scopes): add unique names to fixture projects by @​escapedcat in conventional-changelog/commitlint#4622

New Contributors

• @​mzedel made their first contribution in conventional-changelog/commitlint#4625

Full Changelog: conventional-changelog/commitlint@v20.4.1...v20.4.2

Changelog

Sourced from @​commitlint/cli's changelog.

20.4.2 (2026-02-19)

Note: Version bump only for package @​commitlint/cli

Commits

• 81cfc9e v20.4.2
• See full diff in compare view

Updates @commitlint/config-conventional from 20.4.1 to 20.4.2

Release notes

Sourced from @​commitlint/config-conventional's releases.

v20.4.2

20.4.2 (2026-02-19)

Bug Fixes

• fix(rules): ignore cherry-picks in signed-off-by by @​mzedel in conventional-changelog/commitlint#4625
• fix(config-nx-scopes): add unique names to fixture projects by @​escapedcat in conventional-changelog/commitlint#4622

New Contributors

• @​mzedel made their first contribution in conventional-changelog/commitlint#4625

Full Changelog: conventional-changelog/commitlint@v20.4.1...v20.4.2

Changelog

Sourced from @​commitlint/config-conventional's changelog.

20.4.2 (2026-02-19)

Note: Version bump only for package @​commitlint/config-conventional

Commits

• 81cfc9e v20.4.2
• See full diff in compare view

Updates @semantic-release/github from 12.0.3 to 12.0.6

Release notes

Sourced from @​semantic-release/github's releases.

v12.0.6

12.0.6 (2026-02-12)

Bug Fixes

• latest: add make_latest property to the GH release PATCH request during publish (#1169) (f516337)

v12.0.5

12.0.5 (2026-02-07)

Bug Fixes

• latest: add make_latest property to the GH release POST request during publish (#1157) (38051ba)

v12.0.4

12.0.4 (2026-02-06)

Bug Fixes

• remove failTitle arg in findSRIssues call (#1164) (f7bdd88)

Commits

• f516337 fix(latest): add make_latest property to the GH release PATCH request during ...
• f367e3a chore(deps): lock file maintenance (#1168)
• 5ba629b chore(deps): update dependency cpy to v13.2.0 (#1167)
• dfc7aa0 chore(deps): update npm to v11.9.0 (#1166)
• ed2b0bd chore(deps): update dependency cpy to v13.1.0 (#1165)
• 38051ba fix(latest): add make_latest property to the GH release POST request during...
• be62f5e chore(deps): update dependency cpy to v13 (#1161)
• f7bdd88 fix: remove failTitle arg in findSRIssues call (#1164)
• fce4835 chore(deps): update dependency tempy to v3.2.0 (#1162)
• e044f74 chore(deps): update dependency semantic-release to v25.0.3 (#1159)
• Additional commits viewable in compare view

Updates @semantic-release/npm from 13.1.3 to 13.1.4

Release notes

Sourced from @​semantic-release/npm's releases.

v13.1.4

13.1.4 (2026-02-06)

Bug Fixes

• deps: update dependency @​actions/core to v3 (#1085) (17abfe1)

Commits

• 17abfe1 fix(deps): update dependency @​actions/core to v3 (#1085)
• 97dbe2c chore(deps): update dependency semantic-release to v25.0.3 (#1087)
• 4aac7fe chore(deps): lock file maintenance (#1086)
• f4f2e9b chore(deps): update dependency lockfile-lint to v5 (#1084)
• 27c3e45 chore(deps): lock file maintenance (#1083)
• b3044ab chore(deps): update npm to v11.8.0 (#1082)
• ca88997 chore(deps): update dependency prettier to v3.8.1 (#1080)
• b622f79 chore(deps): update dependency publint to v0.3.17 (#1079)
• e667a35 build(deps): bump lodash from 4.17.21 to 4.17.23 (#1074)
• 9133448 chore(deps): update dependency lodash-es to v4.17.23 [security] (#1078)
• Additional commits viewable in compare view

Updates @types/node from 25.2.0 to 25.3.0

Commits

• See full diff in compare view

Updates esbuild from 0.27.2 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

• Preserve URL fragments in data URLs (#4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.3

• Preserve URL fragments in data URLs (#4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

... (truncated)

Commits

• 9129e00 publish 0.27.3 to npm
• e20e411 small fix to release notes
• 0dc0f2d fix #4322: parse and print CSS @scope rules
• 55fe391 update firefox css gradient support
• 2c35297 update gradient lowering transform
• 9209e44 Update Go to 1.25.7 (#4388)
• e8d861b close #4374: compat table for the using feature
• 19b8887 no longer need williamkapke/node-compat-table
• 7e44218 the kangax/compat-table repo moved to a new url
• 23b9338 run make update-compat-table
• Additional commits viewable in compare view

Updates typescript-eslint from 8.54.0 to 8.56.1

Release notes

Sourced from typescript-eslint's releases.

v8.56.1

8.56.1 (2026-02-23)

This was a version bump only, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.55.0

8.55.0 (2026-02-09)

🚀 Features

• utils: deprecate defaultOptions in favor of meta.defaultOptions (#11992)

🩹 Fixes

• eslint-plugin: [no-unused-vars] remove trailing newline when removing entire import (#11990)
• eslint-plugin: [no-useless-default-assignment] require strictNullChecks (#11966, #12000)
• eslint-plugin: [no-useless-default-assignment] report unnecessary defaults in ternary expressions (#11984)
• eslint-plugin: [no-useless-default-assignment] reduce param index to ts this handling (#11949)
• typescript-estree: forbid invalid modifier in object expression (#11931)

❤️ Thank You

• Christian Rose @​chrros95
• fisker Cheung @​fisker
• Josh Goldberg

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.56.1 (2026-02-23)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

❤️ Thank You

• Brad Zacher @​bradzacher
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.55.0 (2026-02-09)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 96a04a9 chore(release): publish 8.56.1
• 8b8b68f chore(release): publish 8.56.0
• 68a074f feat: support ESLint v10 (#12057)
• fedfe86 chore(release): publish 8.55.0
• b931f8c chore: use workspace refs for workspace deps (#12018)
• 1f17a79 chore: migrate to pnpm (#11248)
• See full diff in compare view

Updates pino from 10.3.0 to 10.3.1

Release notes

Sourced from pino's releases.

v10.3.1

What's Changed

• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in pinojs/pino#2385
• build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 by @​dependabot[bot] in pinojs/pino#2386
• docs: clarify transport level filtering behavior by @​mcollina in pinojs/pino#2390
• fix(transport): sanitize invalid NODE_OPTIONS preloads for workers by @​mcollina in pinojs/pino#2391

Full Changelog: pinojs/pino@v10.3.0...v10.3.1

Commits

• 6b34498 Bumped v10.3.1
• f1203e6 fix(transport): sanitize invalid NODE_OPTIONS preloads for workers (#2391)
• 6a8e598 docs: clarify transport level filtering behavior (#2390)
• 49a4807 Merge branch 'main' of github.com:pinojs/pino
• 960bbbb build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 (#2386)
• e2a5b4a build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#2385)
• 04859e2 chore: update gitignore for ai assistant files
• See full diff in compare view

Updates viem from 2.45.1 to 2.46.2

Release notes

Sourced from viem's releases.

[email protected]

Patch Changes

• 1a10fb7812cc13bd72495552c4a590aa5ce8cf15 Thanks @​jxom! - viem/tempo: Removed fee payer magic in favor of pure support for 0x78-prefixed fee payer envelopes.

[email protected]

Patch Changes

• 44cbba75ab219c4e297f6cfd21c04f47548585e2 Thanks @​jxom! - Removed Ekta chain.

[email protected]

Minor Changes

• #4304 b6b50d40fb6bbadc851377b74b2dd4da584958b0 Thanks @​jxom! - Breaking (viem/tempo): Renamed nonceKey: 'random' to nonceKey: 'expiring' to align with TIP-1009 terminology.

  TIP-1009 defines "expiring nonces" as time-based replay protection using validBefore timestamps. The name 'expiring' better describes the mechanism than 'random'.

  await sendTransaction(client, {
    account,
  - nonceKey: 'random',
  + nonceKey: 'expiring',
    to: '0x...',
  })

[email protected]

Patch Changes

• #4329 d12bb351c0b8c973b995583695606f9d083af1bb Thanks @​sakulstra! - Added multicall batching support for getBalance via multicall3's getEthBalance. When the client has batch.multicall enabled, getBalance calls are now batched via eth_call instead of making individual eth_getBalance RPC calls.

• #4333 71a324d6b98332f4f98e10c9de4d61287de8534a Thanks @​kiyoakii! - Added blockCreated field to MegaETH Mainnet and Testnet multicall3 contract definitions.

• #4330 aab32a4a5eb3df06cdf8eab5d6f91259d438590b Thanks @​boredland! - Added blockCreated field to zkSync multicall3 contract.

[email protected]

Patch Changes

• #4300 cc60e25ca55c022a56ed9e991ec23cb615593da6 Thanks @​LXPDevs! - Added LuxePorts chain.

• #4306 e3901661ba0442d6ae66c4d702396e8ee247d03f Thanks @​izharan-fireblocks! - Added WalletConnectSessionSettlementError as a non-retryable transport error.

• #4301 662215f12310c3c2b17424093d3f4922693432f2 Thanks @​xGreen-project! - Added XGR Mainnet chain.

• #4315 56d0920fd654ab93e89fff77769b0c982b8928d5 Thanks @​jxom! - Fixed sendCallsSync to respect client-level action overrides (e.g. smart account clients).

• #4294 8c3fa2684820c80e8908cc799fd47815594e4871 Thanks @​Oighty! - Added Citrea Mainnet chain support.

• #4321 059274e18c19270e7f7e98f0b087e7986d5a6dd7 Thanks @​highonrice! - Updated the native currency of Stable Mainnet.

... (truncated)

Commits

• c677096 chore: lockfile
• 2490fca chore: audit
• 719aa1d chore: pin tempo
• ef25164 chore: version package (#4347)
• 1a10fb7 feat(tempo): rm fee payer magic for 0x78-prefixed envelopes
• 72fbfc3 chore: version package (#4341)
• 44cbba7 chore: rm ekta
• 05f8817 fix: incorrect documentation for sendTransactionSync return type (#4339)
• 93981f7 chore: version package (#4338)
• 2a28a31 chore: up snap
• Additional commits viewable in compare view

Updates hono from 4.11.7 to 4.12.2

Release notes

Sourced from hono's releases.

v4.12.2

Security fix

Fixed incorrect handling of X-Forwarded-For in the AWS Lambda adapter behind ALB that could allow IP-based access control bypass. The detail: GHSA-xh87-mx6m-69f3

Thanks @​EdamAme-x

What's Changed

• fix(context): revert PR #4707 by @​yusukebe in honojs/hono#4757

Full Changelog: honojs/hono@v4.12.1...v4.12.2

v4.12.1

What's Changed

• fix(client): export ApplyGlobalResponse from hono/client by @​sushichan044 in honojs/hono#4743

Full Changelog: honojs/hono@v4.12.0...v4.12.1

v4.12.0

Release Notes

Hono v4.12.0 is now available!

This release includes new features for the Hono client, middleware improvements, adapter enhancements, and significant performance improvements to the router and context.

$path for Hono Client

The Hono client now has a $path() method that returns the path string instead of a full URL. This is useful when you need just the path portion for routing or key-based operations:

const client = hc<typeof app>('http://localhost:8787')
// Get the path string
const path = client.api.posts.$path()
// => '/api/posts'
// With path parameters
const postPath = client.api.posts[':id'].$path({
param: { id: '123' },
})
// => '/api/posts/123'
// With query parameters
const searchPath = client.api.posts.$path({
query: { filter: 'test' },
})
// => '/api/posts?filter=test'

... (truncated)

Commits

• df97e5f 4.12.2
• 212c64f fix(context): revert PR #4707 (#4757)
• 5cc8f8f ci: apply automated fixes
• 41adbf5 Merge commit from fork
• 2de30d7 4.12.1
• 91ef235 fix(client): export ApplyGlobalResponse from hono/client (#4743)
• d2ed2e9 4.12.0
• 01e78ad Merge pull request #4735 from honojs/next
• a340a25 perf(context): use createResponseInstance for new Response (#4733)
• bd26c31 perf(trie-router): improve performance (1.5x ~ 2.0x) (#4724)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.