chore(deps): bump the npm-root group across 1 directory with 12 updates

[dependabot]

Bumps the npm-root group with 11 updates in the / directory:

Package	From	To
@google-apps/chat	0.22.0	0.23.0
@modelcontextprotocol/sdk	1.26.0	1.27.1
google-auth-library	10.5.0	10.6.1
jsdom	28.0.0	28.1.0
@types/jsdom	27.0.0	28.0.0
marked	17.0.2	17.0.3
@types/node	25.2.3	25.3.0
@typescript-eslint/eslint-plugin	8.55.0	8.56.1
eslint	9.39.2	10.0.2
eslint-plugin-headers	1.3.3	1.3.4
vue	3.5.28	3.5.29

Updates @google-apps/chat from 0.22.0 to 0.23.0

Release notes

Sourced from @​google-apps/chat's releases.

sql: v0.23.0

0.23.0 (2025-11-21)

Features

• [sql] introduces auto_upgrade_enabled option for MySQL in DatabaseInstance.Settings (#6904) (f3c5811)

chat: v0.23.0

0.23.0 (2026-02-19)

Features

• [chat] Addition of QuoteType enum, QuotedMessageSnapshot & ForwardMetadata in the QuotedMessageMetadata proto (#7084) (9f75b64)

Changelog

Sourced from @​google-apps/chat's changelog.

0.23.0 (2026-02-19)

Features

• [chat] Addition of QuoteType enum, QuotedMessageSnapshot & ForwardMetadata in the QuotedMessageMetadata proto (#7084) (9f75b64)

Commits

• See full diff in compare view

Updates @modelcontextprotocol/sdk from 1.26.0 to 1.27.1

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.27.1

What's Changed

• feat: implement auth/pre-registration conformance scenario by @​felixweinberger in modelcontextprotocol/typescript-sdk#1545
• docs: add governance documentation for SEP-1730 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1547
• docs: comprehensive feature documentation for SEP-1730 Tier 1 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1548
• fix: prevent command injection in example URL opening (v1.x backport) by @​maxisbey in modelcontextprotocol/typescript-sdk#1579
• fix: call onerror for silently swallowed transport errors by @​qing-ant in modelcontextprotocol/typescript-sdk#1580
• chore: bump version to 1.27.1 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1581

New Contributors

• @​qing-ant made their first contribution in modelcontextprotocol/typescript-sdk#1580

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

• feat: add conformance test infrastructure for v1.x by @​felixweinberger in modelcontextprotocol/typescript-sdk#1518
• feat: backport discoverOAuthServerInfo() and discovery caching to v1.x by @​felixweinberger in modelcontextprotocol/typescript-sdk#1533
• feat: add url property to RequestInfo interface by @​valentinbeggi in modelcontextprotocol/typescript-sdk#1353
• [v1.x] feat(tasks): add streaming methods for elicitation and sampling by @​LucaButBoring in modelcontextprotocol/typescript-sdk#1528
• chore: bump version for v1.27.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1541

New Contributors

• @​valentinbeggi made their first contribution in modelcontextprotocol/typescript-sdk#1353

Full Changelog: modelcontextprotocol/typescript-sdk@v1.26.0...v1.27.0

Commits

• 4faa8c8 chore: bump version to 1.27.1 (#1581)
• 09a85a8 fix: call onerror for silently swallowed transport errors (#1580)
• e79d14a fix: prevent command injection in example URL opening (v1.x backport) (#1579)
• 342ea39 docs: comprehensive feature documentation for SEP-1730 Tier 1 (#1548)
• 2084a22 docs: add governance documentation for SEP-1730 (#1547)
• f2d2145 feat: implement auth/pre-registration conformance scenario (#1545)
• 8cbc658 chore: bump version for v1.27.0 (#1541)
• 5c16ae3 [v1.x] feat(tasks): add streaming methods for elicitation and sampling (#1528)
• 97ab379 feat: add url property to RequestInfo interface (#1353)
• 825e9ab feat: backport discoverOAuthServerInfo() and discovery caching to v1.x (#1533)
• Additional commits viewable in compare view

Updates google-auth-library from 10.5.0 to 10.6.1

Release notes

Sourced from google-auth-library's releases.

google-auth-library: v10.6.1

10.6.1 (2026-02-20)

Bug Fixes

• DefaultAwsSecurityCredentialSupplier fetches aws-credentials correctly from credential-url (#901) (8c50526)

google-auth-library: v10.6.0

10.6.0 (2025-12-17)

Features

• auth: Use gtoken from internal class instead of dependency (#815) (a38857c)

Changelog

Sourced from google-auth-library's changelog.

10.6.1 (2026-02-20)

Bug Fixes

• DefaultAwsSecurityCredentialSupplier fetches aws-credentials correctly from credential-url (#901) (8c50526)

10.6.0 (2025-12-17)

Features

• auth: Use gtoken from internal class instead of dependency (#815) (a38857c)

Commits

• 8144256 chore: release main
• 8c50526 fix: defaultAwsSecurityCredentialSupplier fetches aws-credentials correctly f...
• d173996 chore(deps): update dependency mocha to v10 (#878)
• ee618f6 delete more configs
• 93ca4c5 chore: upgrade sinon, node types (#864)
• 383aa51 chore: release main
• a38857c feat(auth): use gtoken from internal class instead of dependency (#815)
• c27f023 build(auth): added full implementation of GoogleToken (#814)
• 8f8b2a5 build(auth): add token handler for GoogleToken. (#805)
• 552f153 build(auth): add getToken function for the usage of GoogleToken (#806)
• Additional commits viewable in compare view

Updates jsdom from 28.0.0 to 28.1.0

Release notes

Sourced from jsdom's releases.

Version 28.1.0

• Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
• Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (asamuzaK)
• Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
• Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
• Fixed getComputedStyle() to correctly handle !important priority. (asamuzaK)
• Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
• Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
• Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
• Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
• Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.

Changelog

Sourced from jsdom's changelog.

28.1.0

• Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
• Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (asamuzaK)
• Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
• Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
• Fixed getComputedStyle() to correctly handle !important priority. (asamuzaK)
• Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
• Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
• Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
• Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
• Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.

Commits

• 12949b5 Version 28.1.0
• ce4c58f Apply CSS specificity when computing styles
• 7ed55a0 Skip single-byte-decoder encoding tests on Node 20
• f3b1973 Generalize node version conditions in test expectations
• 853c596 Rewrite getElementById ID caching for tree-order correctness
• 5fbfde6 Fix potential sync XHR worker hang from unhandled dispatch errors
• 82df38f Cache the root node for document-connected trees
• ed7c5c0 Add documentation comment to create-event-accessor.js
• b4562e9 Simplify Window.js installEventHandlers
• 7da340f Centralize "determine the target of an event handler"
• Additional commits viewable in compare view

Updates @types/jsdom from 27.0.0 to 28.0.0

Commits

• See full diff in compare view

Updates marked from 17.0.2 to 17.0.3

Release notes

Sourced from marked's releases.

v17.0.3

17.0.3 (2026-02-17)

Bug Fixes

• escape image alt text (#3896) (909fe44)

Commits

• bced615 chore(release): 17.0.3 [skip ci]
• 909fe44 fix: escape image alt text (#3896)
• eb8ba2b chore(deps-dev): Bump @​semantic-release/github from 12.0.5 to 12.0.6 (#3897)
• b7682a8 chore(deps-dev): Bump markdown-it from 14.1.0 to 14.1.1 (#3898)
• 3d615d9 chore(deps-dev): Bump rimraf from 6.1.2 to 6.1.3 (#3899)
• See full diff in compare view

Updates @types/jsdom from 27.0.0 to 28.0.0

Commits

• See full diff in compare view

Updates @types/node from 25.2.3 to 25.3.0

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.55.0 to 8.56.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

• chore(deps): update dependency minimatch to v10.2.2 by @​benmccann in typescript-eslint/typescript-eslint#12074

You can read about our versioning strategy and releases on our website.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.56.1 (2026-02-23)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 96a04a9 chore(release): publish 8.56.1
• 958f390 chore(eslint-plugin): add default excludes to vitest (#12067)
• ffb46ea docs(eslint-plugin): [method-signature-style] clarify autofix impact on type ...
• 8b8b68f chore(release): publish 8.56.0
• 68a074f feat: support ESLint v10 (#12057)
• c0a359d fix: use parser options from context.languageOptions (#12043)
• See full diff in compare view

Updates @typescript-eslint/parser from 8.55.0 to 8.56.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

• chore(deps): update dependency minimatch to v10.2.2 by @​benmccann in typescript-eslint/typescript-eslint#12074

You can read about our versioning strategy and releases on our website.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.56.1 (2026-02-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

❤️ Thank You

• Brad Zacher @​bradzacher
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 96a04a9 chore(release): publish 8.56.1
• 8b8b68f chore(release): publish 8.56.0
• 68a074f feat: support ESLint v10 (#12057)
• See full diff in compare view

Updates eslint from 9.39.2 to 10.0.2

Release notes

Sourced from eslint's releases.

v10.0.2

Bug Fixes

• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
• 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)

... (truncated)

Commits

• 55122d6 10.0.2
• 80f1e29 Build: changelog update for 10.0.2
• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553)
• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548)
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536)
• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537)
• 98cbf6b docs: update migration guide per Program range change (#20534)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533)
• 0bd5497 10.0.1
• ddb80ef Build: changelog update for 10.0.1
• Additional commits viewable in compare view

Updates eslint-plugin-headers from 1.3.3 to 1.3.4

Release notes

Sourced from eslint-plugin-headers's releases.

v1.3.4

• Support ESLint 10.

Full Changelog: robmisasi/eslint-plugin-headers@v1.3.3...v1.3.4

Commits

• c8f8537 1.3.4
• 7a1f7a0 Tweak AST traversal to support ESLint 10. Update dev dependencies.
• d31dee9 Update dev dependencies.
• See full diff in compare view

Updates vue from 3.5.28 to 3.5.29

Release notes

Sourced from vue's releases.

v3.5.29

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.29 (2026-02-24)

Bug Fixes

• runtime-core: prevent instance leak in withAsyncContext (#14445) (702284f), closes nuxt/nuxt#33644
• server-renderer: render className as escaped string (#14469) (da6690c)
• transition: prevent enter if leave is in progress (#14443) (df059f8), closes #12091 #12133

Commits

• 355d606 release: v3.5.29
• 5b0227d chore(deps): update dependency minimatch to ~10.2.0 [security] (#14460)
• 2a79483 chore(deps): update test (#14456)
• 53a4ab4 chore(deps): update build (#14465)
• 3cb43fe chore(deps): update all non-major dependencies (#14455)
• d3083a5 chore(deps): update lint (#14464)
• 702284f fix(runtime-core): prevent instance leak in withAsyncContext (#14445)
• da6690c fix(server-renderer): render className as escaped string (#14469)
• 521157d types(jsx): flexible class attribute declarations (#14441)
• df059f8 fix(transition): prevent enter if leave is in progress (#14443)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[allenhutchison]

@dependabot ignore eslint major version

[dependabot]

OK, I won't notify you about version 10.x.x of eslint again, unless you unignore it.