Bump the "all-weekly-updates" group with 9 updates across multiple ecosystems

[dependabot]

Bumps the all-weekly-updates group in /lib/java with 1 update: com.fasterxml.jackson.core:jackson-databind.

Updates com.fasterxml.jackson.core:jackson-databind from 2.20.0 to 2.20.1

Commits

• See full diff in compare view

Bumps the all-weekly-updates group in /test/runner with 1 update: nats-py.

Updates nats-py from 2.11.0 to 2.12.0

Release notes

Sourced from nats-py's releases.

Release v2.12.0

Added

• Add options to send custom WebSocket headers on connect

  custom_headers = {
      "Authorization": ["Bearer MySecretToken"],
      "X-Client-ID": ["my-client-123"],
      "Accept": ["application/json", "text/plain"]
  }
  nc = await nats.connect(
  "ws://localhost:4222",
  ws_connection_headers=custom_headers
  )

Fixed

• Fix filter_subject overriding filter_subjects #711
• Fix EOF processing while client is connecting #719
• Fix error when closing ws transport
• Fix test_object_list #728

Improved

• Add consumer pause/resume support #761
• Add time field to RawStreamMsg
• Add allow_msg_schedules to StreamConfig #765
• Add per-message TTL support #763
• Add allow_batch to StreamConfig #764
• Add test for direct get returning no responders #767

Commits

• 0c24b9d Bump to v2.12.0
• 6374a81 Merge pull request #770 from nats-io/update-v2
• 00b0781 Apply isort
• 899e1c5 Fix filter_subject overriding filter_subjects (#711)
• c0fb7a8 Apply fmt
• b1e8033 Add time field to RawStreamMsg
• 46b24a7 Add consumer pause/resume support (#761)
• cade40e Add test for direct get returning no responders (#767)
• 2860401 Add allow_msg_schedules to StreamConfig (#765)
• 3741fb7 Add per-message TTL support (#763)
• Additional commits viewable in compare view

Bumps the all-weekly-updates group in /bind/dart with 1 update: @rollup/plugin-commonjs.

Updates @rollup/plugin-commonjs from 28.0.9 to 29.0.0

Changelog

Sourced from @​rollup/plugin-commonjs's changelog.

v29.0.0

2025-10-30

Breaking Changes

• feat!: revert #1909 and add requireNodeBuiltins option (#1937)

Commits

• c8e78c8 chore(release): commonjs v29.0.0
• d2b14ed feat(commonjs)!: revert #1909 and add requireNodeBuiltins option (#1937)
• See full diff in compare view

Bumps the all-weekly-updates group in /lib/py with 1 update: nats-py.

Updates nats-py from 2.11.0 to 2.12.0

Release notes

Sourced from nats-py's releases.

Release v2.12.0

Added

• Add options to send custom WebSocket headers on connect

  custom_headers = {
      "Authorization": ["Bearer MySecretToken"],
      "X-Client-ID": ["my-client-123"],
      "Accept": ["application/json", "text/plain"]
  }
  nc = await nats.connect(
  "ws://localhost:4222",
  ws_connection_headers=custom_headers
  )

Fixed

• Fix filter_subject overriding filter_subjects #711
• Fix EOF processing while client is connecting #719
• Fix error when closing ws transport
• Fix test_object_list #728

Improved

• Add consumer pause/resume support #761
• Add time field to RawStreamMsg
• Add allow_msg_schedules to StreamConfig #765
• Add per-message TTL support #763
• Add allow_batch to StreamConfig #764
• Add test for direct get returning no responders #767

Commits

• 0c24b9d Bump to v2.12.0
• 6374a81 Merge pull request #770 from nats-io/update-v2
• 00b0781 Apply isort
• 899e1c5 Fix filter_subject overriding filter_subjects (#711)
• c0fb7a8 Apply fmt
• b1e8033 Add time field to RawStreamMsg
• 46b24a7 Add consumer pause/resume support (#761)
• cade40e Add test for direct get returning no responders (#767)
• 2860401 Add allow_msg_schedules to StreamConfig (#765)
• 3741fb7 Add per-message TTL support (#763)
• Additional commits viewable in compare view

Bumps the all-weekly-updates group in /sdk/console with 4 updates: @sveltejs/kit, @types/node, jsdom and svelte.

Updates @sveltejs/kit from 2.48.0 to 2.48.4

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.48.4

Patch Changes

• fix: adjust query's promise implementation to properly allow chaining (#14859)

• fix: make prerender cache work, including in development (#14860)

@​sveltejs/kit@​2.48.3

Patch Changes

• fix: include hash when using resolve with hash routing enabled (#14786)

• fix: afterNavigate callback not running after hydration when experimental async is enabled (#14644) fix: Snapshot restore method not called after reload when experimental async is enabled

• fix: expose issue.path in .allIssues() (#14784)

@​sveltejs/kit@​2.48.2

Patch Changes

• fix: update DOM before running navigate callbacks (#14829)

@​sveltejs/kit@​2.48.1

Patch Changes

• fix: wait for commit promise instead of settled (#14818)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.48.4

Patch Changes

• fix: adjust query's promise implementation to properly allow chaining (#14859)

• fix: make prerender cache work, including in development (#14860)

2.48.3

Patch Changes

• fix: include hash when using resolve with hash routing enabled (#14786)

• fix: afterNavigate callback not running after hydration when experimental async is enabled (#14644) fix: Snapshot restore method not called after reload when experimental async is enabled

• fix: expose issue.path in .allIssues() (#14784)

2.48.2

Patch Changes

• fix: update DOM before running navigate callbacks (#14829)

2.48.1

Patch Changes

• fix: wait for commit promise instead of settled (#14818)

Commits

• 6cee4c3 Version Packages (#14861)
• 5d76111 fix: adjust query's promise implementation to properly allow chaining (#14859)
• d9bbf66 fix: make prerender cache work, including in dev (#14860)
• e781061 fix (#14854)
• a15ac5c Version Packages (#14839)
• 2ccc638 fix: expose issue.path in .allIssues() for field containers (#14784)
• cd72d94 fix: prefix route pathname with hash when using resolve with hash routing e...
• 53b1b73 fix: afterNavigate callback not running after hydration when experimental a...
• 9aac3d4 Version Packages (#14831)
• 75eda1c fix: update DOM before running navigate callbacks (#14829)
• Additional commits viewable in compare view

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates jsdom from 27.0.1 to 27.1.0

Release notes

Sourced from jsdom's releases.

Version 27.1.0

• Improved CSS parsing by switching to @acemir/cssom, including support for nested selectors, nested declarations, layer statements, and improved at-rule validation. (acemir)
• Fixed some selector cache invalidation issues where changes to attributes were not being picked up. (asamuzaK)
• Fixed package.json "engines" field to reflect the new minimum Node.js versions needed to run jsdom, as noted in the changelog for v27.0.1.

Changelog

Sourced from jsdom's changelog.

27.1.0

• Improved CSS parsing by switching to @acemir/cssom, including support for nested selectors, nested declarations, layer statements, and improved at-rule validation. (acemir)
• Fixed some selector cache invalidation issues where changes to attributes were not being picked up. (asamuzaK)
• Fixed package.json "engines" field to reflect the new minimum Node.js versions needed to run jsdom, as noted in the changelog for v27.0.1.

Commits

• adb999a Version 27.1.0
• 91f40c4 Update dependencies and dev dependencies
• ebad33c Note more strict minimum version requirement
• bd02585 Swap rweb-cssom to @​acemir/cssom
• f15c830 Add failing test for cssText setter
• a833763 Clear domSelector cache on attribute change
• See full diff in compare view

Updates svelte from 5.42.2 to 5.43.2

Release notes

Sourced from svelte's releases.

svelte@5.43.2

Patch Changes

• fix: treat each blocks with async dependencies as uncontrolled (#17077)

svelte@5.43.1

Patch Changes

• fix: transform $bindable after await expressions (#17066)

svelte@5.43.0

Minor Changes

• feat: out-of-order rendering (#17038)

Patch Changes

• fix: settle batch after DOM updates (#17054)

svelte@5.42.3

Patch Changes

• fix: handle <svelte:head> rendered asynchronously (#17052)

• fix: don't restore batch in #await (#17051)

Changelog

Sourced from svelte's changelog.

5.43.2

Patch Changes

• fix: treat each blocks with async dependencies as uncontrolled (#17077)

5.43.1

Patch Changes

• fix: transform $bindable after await expressions (#17066)

5.43.0

Minor Changes

• feat: out-of-order rendering (#17038)

Patch Changes

• fix: settle batch after DOM updates (#17054)

5.42.3

Patch Changes

• fix: handle <svelte:head> rendered asynchronously (#17052)

• fix: don't restore batch in #await (#17051)

Commits

• 723c421 Version Packages (#17078)
• a791e91 fix: treat each blocks with async dependencies as uncontrolled (#17077)
• 8ebc3b1 Version Packages (#17076)
• 9477f18 fix: transform $bindable after await expressions (#17066)
• 70d020b Version Packages (#17055)
• 83746ad Fix spelling in code comments (#17059)
• 1126ef3 feat: out of order rendering (#17038)
• 90a8a03 fix: settle batch after DOM updates (#17054)
• 1b2f7b0 Version Packages (#17053)
• d2f453f fix: don't restore batch in #await (#17051)
• Additional commits viewable in compare view

Bumps the all-weekly-updates group in /sdk/cli with 2 updates: starlette and websockets.

Updates starlette from 0.48.0 to 0.50.0

Release notes

Sourced from starlette's releases.

Version 0.50.0

Removed

• Drop Python 3.9 support #3061.

---

Full Changelog: Kludex/starlette@0.49.3...0.50.0

Version 0.49.3

Fixed

• Relax strictness on Middleware type #3059.

---

Full Changelog: Kludex/starlette@0.49.2...0.49.3

Version 0.49.2

Fixed

• Ignore if-modified-since header if if-none-match is present in StaticFiles #3044.

---

Full Changelog: Kludex/starlette@0.49.1...0.49.2

Version 0.49.1

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

• Optimize the HTTP ranges parsing logic 4ea6e22b489ec388d6004cfbca52dd5b147127c5

---

Full Changelog: Kludex/starlette@0.49.0...0.49.1

Version 0.49.0

Added

• Add encoding parameter to Config class #2996.
• Support multiple cookie headers in Request.cookies #3029.
• Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

• Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

... (truncated)

Changelog

Sourced from starlette's changelog.

0.50.0 (November 1, 2025)

• Drop Python 3.9 support #3061.

0.49.3 (November 1, 2025)

This is the last release that supports Python 3.9, which will be dropped in the next minor release.

Fixed

• Relax strictness on Middleware type #3059.

0.49.2 (November 1, 2025)

Fixed

• Ignore if-modified-since header if if-none-match is present in StaticFiles #3044.

0.49.1 (October 28, 2025)

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

• Optimize the HTTP ranges parsing logic 4ea6e22b489ec388d6004cfbca52dd5b147127c5

0.49.0 (October 28, 2025)

Added

• Add encoding parameter to Config class #2996.
• Support multiple cookie headers in Request.cookies #3029.
• Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

• Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

Commits

• 4941b4a Version 0.50.0 (#3063)
• a0499f6 Drop support for Python 3.9 (#3061)
• de3ffec Version 0.49.3 (#3062)
• c443396 Relax strictness on Middleware type (#3059)
• 85bf027 Version 0.49.2 (#3058)
• 3d480dd Ignore if-modified-since if if-none-match is present (#3057)
• da06052 Bump the github-actions group with 3 updates (#3056)
• 34caa99 Add groups configuration for GitHub Actions (#3055)
• 7e4b742 Version 0.49.1 (#3047)
• 4ea6e22 Merge commit from fork
• Additional commits viewable in compare view

Updates websockets from 12.0 to 15.0.1

Release notes

Sourced from websockets's releases.

15.0.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

15.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

14.2

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

14.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

14.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

13.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

13.0.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

13.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

Commits

• 37c9bc0 Release version 15.0.1.
• fce02ab Docs. Correct Producer pattern example.
• 5fa24bb Exit cleanly the interactive client on ^C.
• d0e60d3 Remove spurious PYTHONPATH declarations.
• d7dafcc Add test coverage for interactive client.
• 3c62503 Use entrypoint instead of runpy in docs.
• f4e4345 added entry point script for the cli client in the pyproject.toml
• 6f89bac Start version 15.1.
• 7ac73c6 Release version 15.0.
• a1ba01d Rewrite interactive client (again) without threads.
• Additional commits viewable in compare view

Bumps the all-weekly-updates group in /test/lib/java with 2 updates: com.fasterxml.jackson.core:jackson-databind and org.junit.jupiter:junit-jupiter-api.

Updates com.fasterxml.jackson.core:jackson-databind from 2.20.0 to 2.20.1

Commits

• See full diff in compare view

Updates org.junit.jupiter:junit-jupiter-api from 6.0.0 to 6.0.1

Release notes

Sourced from org.junit.jupiter:junit-jupiter-api's releases.

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

Commits

• d774b9c Release 6.0.1 (second attempt)
• 8178545 Mark module as deprecated for removal
• 7b43fcc Back to snapshots for further development
• a5ef746 Release 6.0.1
• 008be8d Finalize 5.14.1 release notes
• b2c55a8 Finalize 6.0.1 release notes
• 866c01a Add note about duplicate test execution with @​Suite (#5080)
• de88e88 Fix broken links in documentation
• 9dd132d Add Valhalla EA to workflow matrix
• fedda88 Make jdk.jfr import optional in OSGi manifest (#5092)
• Additional commits viewable in compare view

Bumps the all-weekly-updates group in /lib/ts with 3 updates: @rollup/plugin-commonjs, @types/node and eslint.

Updates @rollup/plugin-commonjs from 28.0.9 to 29.0.0

Changelog

Sourced from @​rollup/plugin-commonjs's changelog.

v29.0.0

2025-10-30

Breaking Changes

• feat!: revert #1909 and add requireNodeBuiltins option (#1937)

Commits

• c8e78c8 chore(release): commonjs v29.0.0
• d2b14ed feat(commonjs)!: revert #1909 and add requireNodeBuiltins option (#1937)
• See full diff in compare view

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates eslint from 9.38.0 to 9.39.0

Release notes

Sourced from eslint's releases.

v9.39.0

Features

• cc57d87 feat: update error loc to key in no-dupe-class-members (#20259) (Tanuj Kanti)
• 126552f feat: update error location in for-direction and no-dupe-args (#20258) (Tanuj Kanti)
• 167d097 feat: update complexity rule to highlight only static block header (#20245) (jaymarvelz)

Bug Fixes

• 15f5c7c fix: forward traversal step.args to visitors (#20253) (jaymarvelz)
• 5a1a534 fix: allow JSDoc comments in object-shorthand rule (#20167) (Nitin Kumar)
• e86b813 fix: Use more types from @​eslint/core (#20257) (Nicholas C. Zakas)
• 927272d fix: correct Scope typings (#20198) (jaymarvelz)
• 37f76d9 fix: use AST.Program type for Program node (#20244) (Francesco Trotta)
• ae07f0b fix: unify timing report for concurrent linting (#20188) (jaymarvelz)
• b165d47 fix: correct Rule typings (#20199) (jaymarvelz)
• fb97cda fix: improve error message for missing fix function in suggestions (#20218) (jaymarvelz)

Documentation

• d3e81e3 docs: Always recommend to include a files property (#20158) (Percy Ma)
• 0f0385f docs: use consistent naming recommendation (#20250) (Alex M. Spieslechner)
• a3b1456 docs: Update README (GitHub Actions Bot)
• cf5f2dd docs: fix correct tag of no-useless-constructor (#20255) (Tanuj Kanti)
• 10b995c docs: add TS options and examples for nofunc in no-use-before-define (#20249) (Tanuj Kanti)
• 2584187 docs: remove repetitive word in comment (#20242) (reddaisyy)
• 637216b docs: update CLI flags migration instructions (#20238) (jaymarvelz)
• e7cda3b docs: Update README (GitHub Actions Bot)
• 7b9446f docs: handle empty flags sections on the feature flags page (#20222) (sethamus)

Chores

• dfe3c1b chore: update @eslint/js version to 9.39.0 (#20270) (Francesco Trotta)
• 2375a6d chore: package.json update for @​eslint/js release (Jenkins)
• a1f4e52 chore: update @eslint dependencies (#20265) (Francesco Trotta)
• c7d3229 chore: update dependency @​eslint/core to ^0.17.0 (#20256) (renovate[bot])
• 27549bc chore: update fuzz testing to not error if code sample minimizer fails (#20252) (Milos Djermanovic)
• a1370ee ci: bump actions/setup-node from 5 to 6 (#20230) (dependabot[bot])
• 9e7fad4 chore: add script to auto-generate eslint:recommended configuration (#20208) (唯然)

Commits

• ac3a60d 9.39.0
• e79017f Build: changelog update for 9.39.0
• dfe3c1b chore: update @eslint/js version to 9.39.0 (#20270)
• 2375a6d chore: package.json update for @​eslint/js release
• d3e81e3 docs: Always recommend to include a files property (#20158)
• 15f5c7c fix: forward traversal step.args to visitors (#20253)
• 5a1a534 fix: allow JSDoc comments in object-shorthand rule (#20167)
• cc57d87 feat: update error loc to key in no-dupe-class-members (#20259)
• a1f4e52 chore: update @eslint dependencies (#20265)
• e86b813 fix: Use more types from @​eslint/core (#20257)
• Additional commits viewable in compare view

Bumps the all-weekly-updates group in /sdk/prettier with 1 update: @rollup/plugin-commonjs.

Updates @rollup/plugin-commonjs from 28.0.9 to 29.0.0

Changelog

Sourced from @​rollup/plugin-commonjs's changelog.

v29.0.0

2025-10-30

Breaking Changes

• feat!: revert #1909 and add requireNodeBuiltins option (#1937)

Commits

• c8e78c8 chore(release): commonjs v29.0.0
• d2b14ed feat(commonjs)!: revert #1909 and add requireNodeBuiltins option (#1937)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions