build(deps): bump the alldependencies group across 1 directory with 12 updates

[dependabot]

Bumps the alldependencies group with 4 updates in the / directory: express, ramda, @types/ramda and dprint.

Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 4.22.1 by @​UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• Refactor: improve readability by @​sazk07 in expressjs/express#6190
• ci: add support for Node.js@23.0 by @​UlisesGascon in expressjs/express#6080
• Method functions with no path should error by @​wesleytodd in expressjs/express#5957
• ci: updated github actions ci workflow by @​Phillip9587 in expressjs/express#6323
• ci: reorder npm i steps to fix ci for older node versions by @​Phillip9587 in expressjs/express#6336
• Backport: ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/express#6506
• chore(4.x): wider range for query test skip by @​jonchurch in expressjs/express#6513
• use tilde notation for certain dependencies by @​UlisesGascon in expressjs/express#6905
• deps: qs@6.14.0 by @​UlisesGascon in expressjs/express#6909
• deps: use tilde notation for qs by @​Phillip9587 in expressjs/express#6919
• Release: 4.22.0 by @​UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

• Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
• deps: use tilde notation for dependencies
• deps: qs@6.14.0

Commits

• 12fae14 4.22.1
• 5ddf311 Revert "sec: security patch for CVE-2024-51999"
• 49744ab 4.22.0 (#6921)
• 6e97452 sec: security patch for CVE-2024-51999
• 6a23d34 deps: use tilde notation for qs (#6919)
• 8c12cdf deps: qs@6.14.0 (#6909)
• 7fea74f deps: use tilde notation for certain dependencies (#6905)
• dac7a04 chore: wider range for query test skip (#6513)
• 997919b ci: add node.js 24 to test matrix (#6506)
• 36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
• Additional commits viewable in compare view

Updates ramda from 0.30.1 to 0.32.0

Release notes

Sourced from ramda's releases.

v0.32.0

upgrade guide

v0.31.3

upgrade guide

Commits

• f0b1fb5 Version 0.32.0
• fc8f028 fix exports in package.json (#3522)
• 29470a6 docs(rebuild): fix typo (#3521)
• 7414650 docs(pipeWith): add usage example (#3520)
• 746e0f8 docs: update jsdelivr link (#3518)
• 3c81269 docs: add Map & Set example to type.js (#3517)
• 3cade36 feat: better handling of decimal arguments to range (#3516)
• d4443e6 Update head.js and last.js docs example (#3515)
• 7ee3d7a Version 0.31.3
• 69dfa7f do not clean dist
• Additional commits viewable in compare view

Updates winston from 3.18.3 to 3.19.0

Release notes

Sourced from winston's releases.

v3.19.0

• Run npm audit fix e7ccdc4
• Don't include jest.config.js in npm package 5a63c8c
• fix: append error cause when using logger.child() (#2467) e74a7ae
• Bump rimraf from 5.0.1 to 5.0.10 (#2517) 8a956fd
• fix: ensure File transport flushes all data before emitting finish (#2594) 86c890f
• Bump actions/setup-node from 4 to 6 (#2589) 3b8be02
• Bump @​babel/core from 7.28.0 to 7.28.5 (#2591) f4c3e2c
• Bump actions/checkout from 4 to 6 (#2593) dd7906e
• chore: migrate test runner from mocha to jest (#2567) 2e9eb18

---

winstonjs/winston@v3.18.3...v3.19.0

Commits

• ed45345 3.19.0
• e7ccdc4 Run npm audit fix
• 5a63c8c Don't include jest.config.js in npm package
• e74a7ae fix: append error cause when using logger.child() (#2467)
• 8a956fd Bump rimraf from 5.0.1 to 5.0.10 (#2517)
• 86c890f fix: ensure File transport flushes all data before emitting finish (#2594)
• 3b8be02 Bump actions/setup-node from 4 to 6 (#2589)
• f4c3e2c Bump @​babel/core from 7.28.0 to 7.28.5 (#2591)
• dd7906e Bump actions/checkout from 4 to 6 (#2593)
• 2e9eb18 chore: migrate test runner from mocha to jest (#2567)
• See full diff in compare view

Updates @eslint/js from 9.39.1 to 9.39.2

Release notes

Sourced from @​eslint/js's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

Commits

• c43ce24 chore: package.json update for @​eslint/js release
• See full diff in compare view

Updates @swc/core from 1.15.0 to 1.15.5

Changelog

Sourced from @​swc/core's changelog.

[1.15.5] - 2025-12-15

Bug Fixes

• (es/parser) Fix bump length (#11372) (ec5c1bc)

• (es/transforms) Adjust import rewriter pass before inject helpers pass (#11371) (8516991)

[1.15.4] - 2025-12-13

Bug Fixes

• (es/compat) Preserve return value for single-property object destructuring (#11334) (847ad22)

• (es/compat) Fix generator transform for compound assignments, for-in, and labeled break (#11339) (9b6bedd)

• (es/compat) Destructuring evaluation order (#11337) (49d04c7)

• (es/compat) Fix parameter default value evaluation order with object rest (#11352) (2ebb261)

• (es/fixer) Preserve parens around IFFE in binary expressions within sequences (#11324) (a4c84ea)

• (es/helpers) Avoid extra trap calls on excluded keys in object rest spread (#11338) (4662caf)

• (es/minifier) Fix debug cargo feature (#11325) (be86fad)

• (es/minifier) Fix optimization pass for merge_imports (#11331) (ca2f7ed)

• (es/parser) Don't call bump_bytes in the continue_if of byte_search! (#11328) (583619d)

• (es/parser) Support type-only string literal in import specifiers (#11333) (07762f1)

• (es/parser) Handle TypeScript expressions in destructuring patterns (#11353) (160ec34)

... (truncated)

Commits

• bd5cb41 chore: Publish 1.15.5 with swc_core v50.2.3
• f61bbcb chore: Update changelog
• 905f8ab chore: Publish 1.15.5-nightly-20251215.1 with swc_core v50.2.3
• 4912395 chore: Publish crates with swc_core v50.2.3
• ec5c1bc fix(es/parser): Fix bump length (#11372)
• 8516991 fix(es/transforms): Adjust import rewriter pass before inject helpers pass (#...
• 0957612 chore: Update changelog
• f34aa97 chore: Publish 1.15.4 with swc_core v50.2.2
• d0c0ea4 chore: Update changelog
• d818608 chore: Publish 1.15.4-nightly-20251213.1 with swc_core v50.2.2
• Additional commits viewable in compare view

Updates @types/express from 5.0.5 to 5.0.6

Commits

• See full diff in compare view

Updates @types/node from 22.19.0 to 22.19.3

Commits

• See full diff in compare view

Updates @types/ramda from 0.30.2 to 0.31.1

Commits

• See full diff in compare view

Updates dprint from 0.49.1 to 0.50.2

Release notes

Sourced from dprint's releases.

0.50.2

Changes

• fix: upgrade wasmer to 6.1.0-rc.3 to fix build failure with Rust ≥ 1.89.0 (dprint/dprint#1021)
• fix: ignore empty proxy env (dprint/dprint#1014)

Install

Run dprint upgrade or see https://dprint.dev/install/

Checksums

Artifact	SHA-256 Checksum
dprint-x86_64-apple-darwin.zip	61becbf8d1b16540e364a4f00be704266ae322ee0ff3ba66a4a21033f66a8d55
dprint-aarch64-apple-darwin.zip	f534bcc054947ab2a42c069b5f6027914d252729bd15c1109812313b35a662a5
dprint-x86_64-pc-windows-msvc.zip	2dbdb57106818acd930a00bc0c2c33370bd4c7265f78a6cda000e3621f2d3c1c
dprint-x86_64-pc-windows-msvc-installer.exe	0b2dab815dd68501b7418831157a907a4db89b84b623a71c1deb486a08244b83
dprint-x86_64-unknown-linux-gnu.zip	95c7e633a67531ffc4990c152d59ed0802e1c0caf7e27e424e9cea9ef3d499d4
dprint-x86_64-unknown-linux-musl.zip	4b0e7911262049ccb8e1ac5968bf7a66dc490968fe1552a123bb2d6dadf2ad95
dprint-aarch64-unknown-linux-gnu.zip	039d4dca4360cb6622a2b56c3fc29ea71c356cd954e0b9566bff1a70e75beda8
dprint-aarch64-unknown-linux-musl.zip	a4982964a68aefc2720b4c79c51a57e49b32f8944c1641fd9e714503fcf01847
dprint-riscv64gc-unknown-linux-gnu.zip	6918c45b0070da1da137fa328c7ca82133c6ab0b49a651fa53513305611fe3a8

0.50.1

Changes

• fix: update to wasmer v6 (#984)
• perf: avoid traversing some non-matching directories when providing include globs on the command line (#999)
• perf: avoid traversing more directories (#1000)

Install

Run dprint upgrade or see https://dprint.dev/install/

Checksums

Artifact	SHA-256 Checksum
dprint-x86_64-apple-darwin.zip	def8ae0eb100c91df7a3a05ff699c84cac3deb67b6e08ed186d70c669194e031
dprint-aarch64-apple-darwin.zip	c92e1a8dddd9bc65391468265b2805cb2317e4490fd777bca2dfaf1ef716ac36
dprint-x86_64-pc-windows-msvc.zip	8102e7f79394cf71f2e9b63ca0cf791dddacc6e118f5a29c1c88777ecea37e3e
dprint-x86_64-pc-windows-msvc-installer.exe	0f66e0c39395985eb28f2a45bb2956298773e006de1eba2924123edaecb55297
dprint-x86_64-unknown-linux-gnu.zip	11d791a5da5178a6d1359f23ea00b2d47426672fe310c5f32da2c66e80e07675
dprint-x86_64-unknown-linux-musl.zip	82ddddc881bf8ec0b4c55e3f835a2dc3d81d8fff39aad79e6b5c017e4dff1d5e
dprint-aarch64-unknown-linux-gnu.zip	54e5d4bd3f186fb8acfcf6e40df15af7e53c12799ed21a1409d133868a66bb40
dprint-aarch64-unknown-linux-musl.zip	a3e954bcd8e569812d4bb1f9c8001c9a6802ce38e33c0c0273ac51eb59cf5072
dprint-riscv64gc-unknown-linux-gnu.zip	841120bd28f9d3afdd89bab65a2cb676877c808a460507f1567d97604a111b61

0.50.0

... (truncated)

Commits

• f2d93f7 0.50.2
• 376eed3 docs: add python instructions (#1019)
• 427a506 fix: upgrade wasmer to 6.1.0-rc.3 to fix build failure with Rust ≥ 1.89.0 (#1...
• 93934db fix: ignore empty proxy env (#1014)
• 35f43b9 docs: add lowercase proxy env vars to docs (#1011)
• 2575a0b chore: update deps to help with homebrew build (#1003)
• 087a19c 0.50.1
• bd55431 perf: avoid traversing more directories (#1000)
• b37b49a perf: avoid traversing some non-matching directories when providing include g...
• 4d6d08f docs: change about markup_fmt (#995)
• Additional commits viewable in compare view

Updates eslint from 9.39.1 to 9.39.2

Release notes

Sourced from eslint's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

Commits

• 9278324 9.39.2
• 542266a Build: changelog update for 9.39.2
• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394)
• c43ce24 chore: package.json update for @​eslint/js release
• 5705833 fix: warn when eslint-env configuration comments are found (#20381)
• 506f154 build: add .scss files entry to knip (#20391)
• 4c9858e ci: add v9.x-dev branch (#20382)
• See full diff in compare view

Updates tsx from 4.20.6 to 4.21.0

Release notes

Sourced from tsx's releases.

v4.21.0

4.21.0 (2025-11-30)

Features

• upgrade esbuild (#748) (048fb62)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• f6284cd ci: lock in semantic-release v24
• 048fb62 feat: upgrade esbuild (#748)
• See full diff in compare view

Updates typescript-eslint from 8.46.3 to 8.49.0

Release notes

Sourced from typescript-eslint's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

• eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

• deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

• Justin McBride
• Kirk Waiblinger @​kirkwaiblinger

You can read about our versioning strategy and releases on our website.

v8.48.1

8.48.1 (2025-12-02)

⏪ Reverts

• eslint-plugin: revert "[no-redundant-type-constituents] use assignability checking for redundancy checks (#10744)" (#11812)

🩹 Fixes

• eslint-plugin: [consistent-type-exports] check value flag before resolving alias (#11769)
• eslint-plugin: honor ignored base types on generic classes (#11767)
• eslint-plugin: [restrict-template-expressions] check base types in allow list (#11764, #11759)

❤️ Thank You

• Josh Goldberg
• OleksandraKordonets
• SangheeSon @​Higangssh
• tao

You can read about our versioning strategy and releases on our website.

v8.48.0

8.48.0 (2025-11-24)

🚀 Features

• eslint-plugin: [no-redundant-type-constituents] use assignability checking for redundancy checks (#10744)
• rule-tester: remove workaround for jest circular structure error (#11772)
• typescript-estree: gate all errors behind allowInvalidAST (#11693)
• typescript-estree: replace fast-glob with tinyglobby (#11740)

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.49.0 (2025-12-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.48.1 (2025-12-02)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.48.0 (2025-11-24)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.47.0 (2025-11-17)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.46.4 (2025-11-10)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• 864595a chore(release): publish 8.49.0
• 32b7e89 chore(deps): update dependency @​vitest/eslint-plugin to v1.5.1 (#11816)
• 8fe3445 chore(release): publish 8.48.1
• 6fb1551 chore(release): publish 8.48.0
• a4dc42a chore: migrate to nx 22 (#11780)
• 28cf803 chore(release): publish 8.47.0
• 843f144 chore(release): publish 8.46.4
• 7c6944e chore: fix typos (#11744)
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
express	[>= 5.a, < 6]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.