Bump the dependencies group with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates:

Package	From	To
dotenv	17.2.2	17.2.3
@types/node	24.5.2	24.7.0
cross-env	10.0.0	10.1.0
typescript	5.9.2	5.9.3
vite	7.1.7	7.1.9
@aws-sdk/client-s3	3.896.0	3.901.0
@aws-sdk/lib-storage	3.896.0	3.903.0
@aws-sdk/s3-request-presigner	3.896.0	3.901.0
@google-cloud/storage	7.17.1	7.17.2

Updates dotenv from 17.2.2 to 17.2.3

Changelog

Sourced from dotenv's changelog.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

Commits

• affe113 17.2.3
• db1ff1f changelog 🪵
• 7063f16 Merge pull request #913 from motdotla/new-tips
• 0bbe72c test against expected tips
• 017951b only run .js tests
• 39eda1f add space back
• fcc030e update tips
• b6c7a0d updated tips - as Dotenvx Radar has been renamed Dotenvx Ops
• b3c8b16 remove unnecessary call to npx
• d6e4c17 Merge pull request #912 from adjerbetian/fix/typescript-error-definition
• Additional commits viewable in compare view

Updates @types/node from 24.5.2 to 24.7.0

Commits

• See full diff in compare view

Updates cross-env from 10.0.0 to 10.1.0

Release notes

Sourced from cross-env's releases.

v10.1.0

10.1.0 (2025-09-29)

Features

• add support for default value syntax (152ae6a)

For example:

"dev:server": "cross-env wrangler dev --port ${PORT:-8787}",

If PORT is already set, use that value, otherwise fallback to 8787.

Learn more about Shell Parameter Expansion

Commits

• 152ae6a feat: add support ofr default value syntax
• bd70d1a chore: upgrade zshy
• 8e0b190 chore(ci): get coverage
• See full diff in compare view

Updates typescript from 5.9.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• See full diff in compare view

Updates vite from 7.1.7 to 7.1.9

Release notes

Sourced from vite's releases.

v7.1.9

Please refer to CHANGELOG.md for details.

v7.1.8

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.1.9 (2025-10-03)

Reverts

• server: drain stdin when not interactive (#20885) (12d72b0)

7.1.8 (2025-10-02)

Bug Fixes

• css: improve url escape characters handling (#20847) (24a61a3)
• deps: update all non-major dependencies (#20855) (788a183)
• deps: update artichokie to 0.4.2 (#20864) (e670799)
• dev: skip JS responses for document requests (#20866) (6bc6c4d)
• glob: fix HMR for array patterns with exclusions (#20872) (63e040f)
• keep ids for virtual modules as-is (#20808) (d4eca98)
• server: drain stdin when not interactive (#20837) (bb950e9)
• server: improve malformed URL handling in middlewares (#20830) (d65a983)

Documentation

• create-vite: provide deno example (#20747) (fdb758a)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#20810) (ea68a88)
• deps: update rolldown-related dependencies (#20854) (4dd06fd)
• update url of create-react-app license (#20865) (166a178)

Commits

• 17e2517 release: v7.1.9
• 12d72b0 revert(server): drain stdin when not interactive (#20885)
• 8d12c8b release: v7.1.8
• 63e040f fix(glob): fix HMR for array patterns with exclusions (#20872)
• 24a61a3 fix(css): improve url escape characters handling (#20847)
• 6bc6c4d fix(dev): skip JS responses for document requests (#20866)
• 166a178 chore: update url of create-react-app license (#20865)
• d4eca98 fix: keep ids for virtual modules as-is (#20808)
• e670799 fix(deps): update artichokie to 0.4.2 (#20864)
• bb950e9 fix(server): drain stdin when not interactive (#20837)
• Additional commits viewable in compare view

Updates @aws-sdk/client-s3 from 3.896.0 to 3.901.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.901.0

3.901.0(2025-10-01)

Chores

• codegen:
  • bump Gradle to 9.0.0 (#7390) (1e004195)
  • bump codegen version to 0.36.0 (#7393) (d0a9cd8b)
• add more bundle types to the benchmark (#7392) (97078ce6)
• bump '@smithy/*' versions (#7391) (0a418cc2)

Documentation Changes

• client-ecs: This is a documentation only Amazon ECS release that adds additional information for health checks. (a5652334)
• client-database-migration-service: This is a doc-only update, revising text for kms-key-arns. (629c6306)

New Features

• client-chime-sdk-meetings: Add support to receive dual stack MediaPlacement URLs in Chime Meetings SDK (c32ced42)
• client-cleanroomsml: This release introduces data access budgets to view how many times an input channel can be used for ML jobs in a collaboration. (a6cc054b)
• client-cleanrooms: This release introduces data access budgets to control how many times a table can be used for queries and jobs in a collaboration. (783dbc10)
• client-pcs: Added the UpdateCluster API action to modify cluster configurations, and Slurm custom settings for queues. (3b9d480e)
• client-ivs-realtime: Remove incorrect ReadOnly trait on IVS RealTime ImportPublicKey API (8b79cdc1)

---

For list of updated packages, view updated-packages.md in assets-3.901.0.zip

v3.900.0

3.900.0(2025-09-30)

Chores

• codegen:
  • replace legacy gradle plugin code (#7389) (e2b60b5d)
  • bump smithy-plugin to 0.7.0 (#7388) (b9cbc475)
  • bump smithy-gradle-plugin to 1.3.0 (#7387) (f449c5b8)
  • upgrade smithy to 1.62.0 (#7386) (568fe9a6)

Documentation Changes

• client-quicksight: added warnings to a few CLI pages (1ea0f889)

New Features

• clients: update client endpoints as of 2025-09-30 (453bf08d)
• client-customer-profiles: This release introduces ListProfileHistoryRecords and GetProfileHistoryRecord APIs for comprehensive profile history tracking with complete audit trails of creation, updates, merges, deletions, and data ingestion events. (a39cb127)
• client-rds: Enhanced RDS error handling: Added DBProxyEndpointNotFoundFault, DBShardGroupNotFoundFault, KMSKeyNotAccessibleFault for snapshots/restores/backups, NetworkTypeNotSupported, StorageTypeNotSupportedFault for restores, and granular state validation faults. Changed DBInstanceNotReadyFault to HTTP 400. (a6d4eb28)
• client-datasync: Added support for FIPS VPC endpoints in FIPS-enabled AWS Regions. (def03385)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.901.0 (2025-10-01)

Note: Version bump only for package @​aws-sdk/client-s3

3.899.0 (2025-09-29)

Note: Version bump only for package @​aws-sdk/client-s3

Commits

• 5befda8 Publish v3.901.0
• 0a418cc chore: bump '@smithy/*' versions (#7391)
• 99ff240 Publish v3.899.0
• ad1514d chore(codegen): sync for separating error schema & ctor (#7377)
• See full diff in compare view

Updates @aws-sdk/lib-storage from 3.896.0 to 3.903.0

Release notes

Sourced from @​aws-sdk/lib-storage's releases.

v3.903.0

3.903.0(2025-10-03)

Chores

• devDeps: bump turbo to 2.5.8 (#7400) (736bf073)

New Features

• client-qconnect: Updated Amazon Q in Connect APIs to support Email Contact Recommendations. (e8840367)
• client-medialive: AWS Elemental MediaLive enables Mediapackage V2 users to configure ID3, KLV, Nielsen ID3, and Segment Length related parameters through the Mediapackage output group. (5187cdb8)
• client-cleanrooms: Added support for reading data sources across regions, and results delivery to allowedlisted regions. (77935070)
• client-payment-cryptography-data: Added a new API - translateKeyMaterial; allows keys wrapped by ECDH derived keys to be rewrapped under a static AES keyblock without first importing the key into the service. (efdc7091)

Tests

• lib-storage: example of how to mock requests for MPU (#7378) (3352e3ae)

---

For list of updated packages, view updated-packages.md in assets-3.903.0.zip

v3.902.0

3.902.0(2025-10-02)

Chores

• deps: bump yarn to 4.10.3 (#7399) (084f2889)
• keep vite build directory contents between builds (#7394) (b07c0575)
• codegen:
  • bump gradle to 9.1.0 (#7398) (ff45bcb9)
  • enable Gradle configuration cache (#7396) (e89f59d5)
• ci: use gradle/actions/setup-gradle for setting up gradle (#7397) (9986ee41)

Documentation Changes

• client-guardduty: Updated descriptions for the Location parameter in CreateTrustedEntitySet and CreateThreatEntitySet. (3d2d565a)

New Features

• client-dynamodb: Add support for dual-stack account endpoint generation (14f648bb)
• client-connectcases: New Search All Related Items API enables searching related items across cases (4535c435)
• client-cloudformation: Add new warning type 'EXCLUDED_RESOURCES' (228e3628)
• client-synthetics: Adds support to configure canaries with pre-configured blueprint code on supported runtime versions. This behavior can be controlled via the new BlueprintTypes property exposed in the CreateCanary and UpdateCanary APIs. (b9d0925c)

---

For list of updated packages, view updated-packages.md in assets-3.902.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/lib-storage's changelog.

3.903.0 (2025-10-03)

Note: Version bump only for package @​aws-sdk/lib-storage

3.901.0 (2025-10-01)

Note: Version bump only for package @​aws-sdk/lib-storage

3.900.0 (2025-09-30)

Bug Fixes

• lib-storage: use input parameter object size information if available (#7385) (45d5730)

3.899.0 (2025-09-29)

Bug Fixes

• lib-storage: respect user-provided partSize option for Upload (#7381) (31fc996)

Commits

• 41a8028 Publish v3.903.0
• 3352e3a test(lib-storage): example of how to mock requests for MPU (#7378)
• 5befda8 Publish v3.901.0
• 0a418cc chore: bump '@smithy/*' versions (#7391)
• 0dcf5be Publish v3.900.0
• 45d5730 fix(lib-storage): use input parameter object size information if available (#...
• 99ff240 Publish v3.899.0
• 31fc996 fix(lib-storage): respect user-provided partSize option for Upload (#7381)
• ad1514d chore(codegen): sync for separating error schema & ctor (#7377)
• See full diff in compare view

Updates @aws-sdk/s3-request-presigner from 3.896.0 to 3.901.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.901.0

3.901.0(2025-10-01)

Chores

• codegen:
  • bump Gradle to 9.0.0 (#7390) (1e004195)
  • bump codegen version to 0.36.0 (#7393) (d0a9cd8b)
• add more bundle types to the benchmark (#7392) (97078ce6)
• bump '@smithy/*' versions (#7391) (0a418cc2)

Documentation Changes

• client-ecs: This is a documentation only Amazon ECS release that adds additional information for health checks. (a5652334)
• client-database-migration-service: This is a doc-only update, revising text for kms-key-arns. (629c6306)

New Features

• client-chime-sdk-meetings: Add support to receive dual stack MediaPlacement URLs in Chime Meetings SDK (c32ced42)
• client-cleanroomsml: This release introduces data access budgets to view how many times an input channel can be used for ML jobs in a collaboration. (a6cc054b)
• client-cleanrooms: This release introduces data access budgets to control how many times a table can be used for queries and jobs in a collaboration. (783dbc10)
• client-pcs: Added the UpdateCluster API action to modify cluster configurations, and Slurm custom settings for queues. (3b9d480e)
• client-ivs-realtime: Remove incorrect ReadOnly trait on IVS RealTime ImportPublicKey API (8b79cdc1)

---

For list of updated packages, view updated-packages.md in assets-3.901.0.zip

v3.900.0

3.900.0(2025-09-30)

Chores

• codegen:
  • replace legacy gradle plugin code (#7389) (e2b60b5d)
  • bump smithy-plugin to 0.7.0 (#7388) (b9cbc475)
  • bump smithy-gradle-plugin to 1.3.0 (#7387) (f449c5b8)
  • upgrade smithy to 1.62.0 (#7386) (568fe9a6)

Documentation Changes

• client-quicksight: added warnings to a few CLI pages (1ea0f889)

New Features

• clients: update client endpoints as of 2025-09-30 (453bf08d)
• client-customer-profiles: This release introduces ListProfileHistoryRecords and GetProfileHistoryRecord APIs for comprehensive profile history tracking with complete audit trails of creation, updates, merges, deletions, and data ingestion events. (a39cb127)
• client-rds: Enhanced RDS error handling: Added DBProxyEndpointNotFoundFault, DBShardGroupNotFoundFault, KMSKeyNotAccessibleFault for snapshots/restores/backups, NetworkTypeNotSupported, StorageTypeNotSupportedFault for restores, and granular state validation faults. Changed DBInstanceNotReadyFault to HTTP 400. (a6d4eb28)
• client-datasync: Added support for FIPS VPC endpoints in FIPS-enabled AWS Regions. (def03385)

... (truncated)

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.901.0 (2025-10-01)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.899.0 (2025-09-29)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

Commits

• 5befda8 Publish v3.901.0
• 0a418cc chore: bump '@smithy/*' versions (#7391)
• 99ff240 Publish v3.899.0
• ad1514d chore(codegen): sync for separating error schema & ctor (#7377)
• See full diff in compare view

Updates @google-cloud/storage from 7.17.1 to 7.17.2

Release notes

Sourced from @​google-cloud/storage's releases.

v7.17.2

7.17.2 (2025-10-06)

Bug Fixes

• Common Service: should retry a request failed (#2652) (b38b5d2)
• Implement path containment to prevent traversal attacks (#2654) (08d7abf)

Changelog

Sourced from @​google-cloud/storage's changelog.

7.17.2 (2025-10-06)

Bug Fixes

• Common Service: should retry a request failed (#2652) (b38b5d2)
• Implement path containment to prevent traversal attacks (#2654) (08d7abf)

Commits

• 70f706e chore(main): release 7.17.2 (#2653)
• 005ade2 chore: disable renovate for Node github action YAML configs (#2658)
• 08d7abf fix: Implement path containment to prevent traversal attacks (#2654)
• b38b5d2 fix: Common Service: should retry a request failed (#2652)
• 19f8a32 chore(Node.js): Update PR Template (#2583)
• 4bab389 chore: fix npm for Node v18 samples tests (#2557)
• c1aa7d8 build: configure release builds using multi-scm (#2552)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions