Bump the major group across 2 directories with 5 updates

[dependabot]

Bumps the major group with 5 updates in the / directory:

Package	From	To
which	5.0.0	6.0.0
zod	3.25.76	4.2.0
@types/node	24.1.0	25.0.2
vite-tsconfig-paths	5.1.4	6.0.1
vite-node	3.2.4	5.2.0

Bumps the major group with 1 update in the /packages/varlock-docs-mcp directory: zod.

Updates which from 5.0.0 to 6.0.0

Release notes

Sourced from which's releases.

v6.0.0

6.0.0 (2025-10-22)

⚠️ BREAKING CHANGES

• align to npm 11 node engine range (#161)

Bug Fixes

• cf1a1bc #161 align to npm 11 node engine range (#161) (@​owlstronaut)

Chores

• 66cf669 #160 bump @​npmcli/template-oss from 4.26.0 to 4.27.1 (#160) (@​dependabot[bot], @​npm-cli-bot)

Changelog

Sourced from which's changelog.

6.0.0 (2025-10-22)

⚠️ BREAKING CHANGES

• align to npm 11 node engine range (#161)

Bug Fixes

• cf1a1bc #161 align to npm 11 node engine range (#161) (@​owlstronaut)

Chores

• 66cf669 #160 bump @​npmcli/template-oss from 4.26.0 to 4.27.1 (#160) (@​dependabot[bot], @​npm-cli-bot)

Commits

• b1bca18 chore: release 6.0.0 (#162)
• cf1a1bc fix!: align to npm 11 node engine range (#161)
• 66cf669 chore: bump @​npmcli/template-oss from 4.26.0 to 4.27.1 (#160)
• b84a6a5 chore: bump @​npmcli/template-oss from 4.25.1 to 4.26.0 (#159)
• 0fb27fe chore: bump @​npmcli/template-oss from 4.25.0 to 4.25.1 (#158)
• 768419e chore: bump @​npmcli/template-oss from 4.24.4 to 4.25.0 (#156)
• ff77c6d chore: bump @​npmcli/template-oss from 4.24.3 to 4.24.4 (#155)
• 746a84d chore: bump @​npmcli/template-oss from 4.23.3 to 4.24.3 (#154)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for which since your current version.

Updates zod from 3.25.76 to 4.2.0

Release notes

Sourced from zod's releases.

v4.2.0

Features

Implement Standard JSON Schema

standard-schema/standard-schema#134

Implement z.fromJSONSchema()

const jsonSchema = {
  type: "object",
  properties: {
    name: { type: "string" },
    age: { type: "number" }
  },
  required: ["name"]
};
const schema = z.fromJSONSchema(jsonSchema);

Implement z.xor()

const schema = z.xor(
  z.object({ type: "user", name: z.string() }),
  z.object({ type: "admin", role: z.string() })
);
// Exactly one of the schemas must match

Implement z.looseRecord()

const schema = z.looseRecord(z.string(), z.number());
// Allows additional properties beyond those defined

Commits:

• af49c084f66339110d00e37ff71dc7b3b9f2b7ef Update docs for JSON Schema conversion of z.undefined() (#5504)
• 767f320318986e422f524b939f1a7174544fda2e Add .toJSONSchema() method (#5477)
• e17dcb63573397063e87d7c7fe10a5a78968181a Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)

v4.1.13

Commits:

• 5c2602ceb8be8941c64bbe5ac7d92cc174ae6f7e Update AI widget (#5318)

... (truncated)

Commits

• dcef973 v4.2.0
• e17dcb6 Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)
• d632df3 Update next
• 767f320 Add .toJSONSchema() method (#5477)
• 325a701 Add pullfrog.yml workflow
• 4972727 Update Next.js and React Flight RCE advisory (#5515)
• af49c08 Update docs for JSON Schema conversion of z.undefined() (#5504)
• fb66ee1 fix(mini): export ZodMiniJSONSchema types to prevent TS4023 (#5511)
• 6e968a3 Add convex-helpers to the ecosystem docs (#5470)
• d224363 test: add result verification to test cases (#5473)
• Additional commits viewable in compare view

Updates @types/node from 24.1.0 to 25.0.2

Commits

• See full diff in compare view

Updates vite-tsconfig-paths from 5.1.4 to 6.0.1

Release notes

Sourced from vite-tsconfig-paths's releases.

v6.0.0

Highlights

• On-demand tsconfig discovery via projectDiscovery: "lazy", while eager discovery remains the default.
• tsconfig/jsconfig files are watched and reloaded automatically in both modes, including during vite build --watch.
• New logFile option for per-import resolution traces (pass true for vite-tsconfig-paths.log or provide a path).
• Support for root /* aliases and other absolute-style imports.
• Support for .astro files when allowJs/loose is enabled.

Fixes

• More reliable tsconfig watching and resolver refreshes: handles lazy discovery edge cases, recreates resolvers after file changes, tolerates missing directories, and copes better with virtual importers.
• Windows path handling now normalizes drive-letter casing to avoid missed matches (#183).

Upgrade notes

• Install the stable release: pnpm add -D vite-tsconfig-paths.
• Opt into lazy discovery or logging when needed:

import tsconfigPaths from 'vite-tsconfig-paths'
export default {
plugins: [
tsconfigPaths({
projectDiscovery: 'lazy',
logFile: true,
}),
],
}

• Rooted path patterns such as "/*": ["src/*"] now resolve the same way tsserver does.

v6.0.0-beta.4

• fix(windows): ensure drive letter is uppercase (#183)
• feat: add .astro to JS-like extension regex (fbbc8edb86606c612565a6672c8e0ae93f0001a0)

v6.0.0-beta.3

• Added support for /* path aliases. (#101)

v6.0.0-beta.2

• Added a new logFile option.
  Pass logFile: true and the plugin will create a vite-tsconfig-paths.log file in your working directory.

  Using DEBUG=vite-tsconfig-paths in the past has worked pretty well, but it isn't always the most readable. In v6 and above, this plugin will still have debug logs using this approach, but module resolution will only be logged through the new logFile option. The log file will be comprehensive (as in, every import that vite-tsconfig-paths receives will be logged). If an import goes unhandled by this plugin, the reason will be logged. If an import is resolved, the resolved path and the tsconfig path are both logged. In fact, every possible code path (in the context of module resolution) is logged to the log file.

• Universal support for tsconfig reloading.
  Whether you're using projectDiscovery: "lazy" or eager loading, this plugin should now be able to watch and reload tsconfig files when you make changes to them. This feature hasn't been rigorously tested yet. Please report issues you come across.

... (truncated)

Commits

• 9625d21 chore: release v6.0.1
• ea57709 fix: ensure getResolvers is never undefined
• afb6ab9 chore(docs): tweak readme
• 3951713 chore(docs): fix grammar
• 17110f1 chore: release v6.0.0
• 9a39620 chore(docs): update readme for v6
• 87890d0 chore(docs): add new section to readme
• 08677af feat(refactor): narrow the plugin type to avoid conflicts
• 5ce91a3 chore: release v6.0.0-beta.4
• 80b4c63 fix(windows): ensure drive letter is uppercase (#183)
• Additional commits viewable in compare view

Updates vite-node from 3.2.4 to 5.2.0

Release notes

Sourced from vite-node's releases.

v5.2.0

   🏎 Performance

• Replace debug with obug  -  by @​sxzz in antfu-collective/vite-node#13 (0b18c)

    View changes on GitHub

v5.1.0

   🚀 Features

• Add node inspector  -  by @​luoling8192 in antfu-collective/vite-node#12 (27fc2)

    View changes on GitHub

v5.0.0

   🚨 Breaking Changes

• Migrate back from Vitest repo  -  by @​antfu in antfu-collective/vite-node#5 (adda4)
  • v4.0.0 is skipped to avoid collision with original Vitest versions.

    View changes on GitHub

v5.0.0-beta.2

No significant changes

    View changes on GitHub

Commits

• 63e2a81 chore: release v5.2.0
• f74746b chore: update deps
• b6e2bf3 refactor: migrate to tsdown (#14)
• 0b18c53 perf: replace debug with obug (#13)
• dc5ff2f chore: release v5.1.0
• 27fc294 feat: add node inspector (#12)
• 2a2d777 chore: release v5.0.0
• 82f3f29 chore: release v5.0.0-beta.2
• 034d21a chore: update package
• 1dce841 chore: update logo url
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite-node since your current version.

Updates zod from 3.25.76 to 4.2.0

Release notes

Sourced from zod's releases.

v4.2.0

Features

Implement Standard JSON Schema

standard-schema/standard-schema#134

Implement z.fromJSONSchema()

const jsonSchema = {
  type: "object",
  properties: {
    name: { type: "string" },
    age: { type: "number" }
  },
  required: ["name"]
};
const schema = z.fromJSONSchema(jsonSchema);

Implement z.xor()

const schema = z.xor(
  z.object({ type: "user", name: z.string() }),
  z.object({ type: "admin", role: z.string() })
);
// Exactly one of the schemas must match

Implement z.looseRecord()

const schema = z.looseRecord(z.string(), z.number());
// Allows additional properties beyond those defined

Commits:

• af49c084f66339110d00e37ff71dc7b3b9f2b7ef Update docs for JSON Schema conversion of z.undefined() (#5504)
• 767f320318986e422f524b939f1a7174544fda2e Add .toJSONSchema() method (#5477)
• e17dcb63573397063e87d7c7fe10a5a78968181a Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)

v4.1.13

Commits:

• 5c2602ceb8be8941c64bbe5ac7d92cc174ae6f7e Update AI widget (#5318)

... (truncated)

Commits

• dcef973 v4.2.0
• e17dcb6 Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)
• d632df3 Update next
• 767f320 Add .toJSONSchema() method (#5477)
• 325a701 Add pullfrog.yml workflow
• 4972727 Update Next.js and React Flight RCE advisory (#5515)
• af49c08 Update docs for JSON Schema conversion of z.undefined() (#5504)
• fb66ee1 fix(mini): export ZodMiniJSONSchema types to prevent TS4023 (#5511)
• 6e968a3 Add convex-helpers to the ecosystem docs (#5470)
• d224363 test: add result verification to test cases (#5473)
• Additional commits viewable in compare view

Updates @types/node from 24.1.0 to 25.0.2

Commits

• See full diff in compare view

Updates zod from 3.25.76 to 4.2.0

Release notes

Sourced from zod's releases.

v4.2.0

Features

Implement Standard JSON Schema

standard-schema/standard-schema#134

Implement z.fromJSONSchema()

const jsonSchema = {
  type: "object",
  properties: {
    name: { type: "string" },
    age: { type: "number" }
  },
  required: ["name"]
};
const schema = z.fromJSONSchema(jsonSchema);

Implement z.xor()

const schema = z.xor(
  z.object({ type: "user", name: z.string() }),
  z.object({ type: "admin", role: z.string() })
);
// Exactly one of the schemas must match

Implement z.looseRecord()

const schema = z.looseRecord(z.string(), z.number());
// Allows additional properties beyond those defined

Commits:

• af49c084f66339110d00e37ff71dc7b3b9f2b7ef Update docs for JSON Schema conversion of z.undefined() (#5504)
• 767f320318986e422f524b939f1a7174544fda2e Add .toJSONSchema() method (#5477)
• e17dcb63573397063e87d7c7fe10a5a78968181a Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)

v4.1.13

Commits:

• 5c2602ceb8be8941c64bbe5ac7d92cc174ae6f7e Update AI widget (#5318)

... (truncated)

Commits

• dcef973 v4.2.0
• e17dcb6 Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)
• d632df3 Update next
• 767f320 Add .toJSONSchema() method (#5477)
• 325a701 Add pullfrog.yml workflow
• 4972727 Update Next.js and React Flight RCE advisory (#5515)
• af49c08 Update docs for JSON Schema conversion of z.undefined() (#5504)
• fb66ee1 fix(mini): export ZodMiniJSONSchema types to prevent TS4023 (#5511)
• 6e968a3 Add convex-helpers to the ecosystem docs (#5470)
• d224363 test: add result verification to test cases (#5473)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[changeset-bot]

⚠️ No Changeset found

Latest commit: 9289931

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	varlock-docs-mcp	9289931	Dec 22 2025, 01:26 PM

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​node@​24.9.2 ⏵ 25.0.3
	@​eslint/​js@​9.39.1 ⏵ 9.39.2

View full report

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.