chore(deps): bump the patch-updates group with 5 updates

[dependabot]

Bumps the patch-updates group with 5 updates:

Package	From	To
@hono/node-server	1.19.9	1.19.11
eslint	10.0.2	10.0.3
turbo	2.8.12	2.8.14
sql.js	1.14.0	1.14.1
postcss	8.5.6	8.5.8

Updates @hono/node-server from 1.19.9 to 1.19.11

Release notes

Sourced from @​hono/node-server's releases.

v1.19.11

What's Changed

• fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @​usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

Commits

• ecd4d6b 1.19.11
• c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
• 2f8ca36 1.19.10
• 455015b Merge commit from fork
• cc05c48 chore: add benchmark for comparing with npm and local (dev) (#305)
• 58c4412 chore: Adding LICENSE file with MIT license referenced in README.md (#297)
• b1daa4c docs(readme): add @​usualoma as an author (#300)
• See full diff in compare view

Updates eslint from 10.0.2 to 10.0.3

Release notes

Sourced from eslint's releases.

v10.0.3

Bug Fixes

• e511b58 fix: update eslint (#20595) (renovate[bot])
• f4c9cf9 fix: include variable name in no-useless-assignment message (#20581) (sethamus)
• ee9ff31 fix: update dependency minimatch to ^10.2.4 (#20562) (Milos Djermanovic)

Documentation

• 9fc31b0 docs: Update README (GitHub Actions Bot)
• 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570) (DesselBane)
• 23b2759 docs: add v10 migration guide link to Use docs index (#20577) (Pixel998)
• 80259a9 docs: Remove deprecated eslintrc documentation files (#20472) (Copilot)
• 9b9b4ba docs: fix typo in no-await-in-loop documentation (#20575) (Pixel998)
• e7d72a7 docs: document TypeScript 5.3 minimum supported version (#20547) (sethamus)

Chores

• ef8fb92 chore: package.json update for eslint-config-eslint release (Jenkins)
• e8f2104 chore: updates for v9.39.4 release (Jenkins)
• 5cd1604 refactor: simplify isCombiningCharacter helper (#20524) (Huáng Jùnliàng)
• 70ff1d0 chore: eslint-config-eslint require Node ^20.19.0 || ^22.13.0 || >=24 (#20586) (Milos Djermanovic)
• e32df71 chore: update eslint-plugin-eslint-comments, remove legacy-peer-deps (#20576) (Milos Djermanovic)
• 53ca6ee chore: disable eslint-comments/no-unused-disable rule (#20578) (Milos Djermanovic)
• e121895 ci: pin Node.js 25.6.1 (#20559) (Milos Djermanovic)
• efc5aef chore: update tsconfig.json in eslint-config-eslint (#20551) (Francesco Trotta)

Commits

• bfce7ea 10.0.3
• d44ced8 Build: changelog update for 10.0.3
• e511b58 fix: update eslint (#20595)
• ef8fb92 chore: package.json update for eslint-config-eslint release
• e8f2104 chore: updates for v9.39.4 release
• 5cd1604 refactor: simplify isCombiningCharacter helper (#20524)
• 9fc31b0 docs: Update README
• 70ff1d0 chore: eslint-config-eslint require Node ^20.19.0 || ^22.13.0 || >=24 (#20586)
• f4c9cf9 fix: include variable name in no-useless-assignment message (#20581)
• 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570)
• Additional commits viewable in compare view

Updates turbo from 2.8.12 to 2.8.14

Release notes

Sourced from turbo's releases.

Turborepo v2.8.14-canary.9

What's Changed

Changelog

• perf: Fire-and-forget telemetry and analytics HTTP flushes on shutdown by @​anthonyshew in vercel/turborepo#12162
• perf: Defer lockfile await until after internal dependency resolution by @​anthonyshew in vercel/turborepo#12164
• refactor: Extract turborepo-query-api trait crate for compile-time decoupling by @​anthonyshew in vercel/turborepo#12165
• feat: Include version, platform, and CPU count in Chrome trace profiles by @​anthonyshew in vercel/turborepo#12166
• docs: Remove bespoke AI prompts from documentation pages by @​anthonyshew in vercel/turborepo#12167
• test: Add comprehensive path traversal tests for cache archive by @​anthonyshew in vercel/turborepo#12169
• test: Add regression tests and OutputWatcher trait to prepare for daemon removal from turbo watch by @​anthonyshew in vercel/turborepo#12171

Full Changelog: vercel/turborepo@v2.8.14-canary.8...v2.8.14-canary.9

Turborepo v2.8.14-canary.5

What's Changed

Changelog

• fix: Preserve deeply nested workspace deps during npm lockfile pruning by @​anthonyshew in vercel/turborepo#12146

Full Changelog: vercel/turborepo@v2.8.14-canary.4...v2.8.14-canary.5

Turborepo v2.8.14-canary.4

What's Changed

Changelog

• feat: Add runAttributes config to OTel metrics for cardinality control by @​bkonkle in vercel/turborepo#12144

Full Changelog: vercel/turborepo@v2.8.14-canary.3...v2.8.14-canary.4

Turborepo v2.8.14-canary.3

What's Changed

Changelog

• fix: Treat Bun runtime modules as builtins in Boundaries by @​anthonyshew in vercel/turborepo#12141
• feat: Add futureFlags.longerSignatureKey to enforce minimum HMAC key length by @​anthonyshew in vercel/turborepo#12142

Full Changelog: vercel/turborepo@v2.8.14-canary.2...v2.8.14-canary.3

Turborepo v2.8.14-canary.2

... (truncated)

Commits

• c8fe2c1 publish 2.8.14 to registry
• 27e8e67 release(turborepo): 2.8.14-canary.9 (#12173)
• 0efbe30 test: Add regression tests and OutputWatcher trait to prepare for daemon re...
• 6fbd5bb test: Add comprehensive path traversal tests for cache archive (#12169)
• c456ad3 ci: Remove redundant rust_check job from lint workflow (#12168)
• ebe5e87 docs: Remove bespoke AI prompts from documentation pages (#12167)
• 716d886 feat: Include version, platform, and CPU count in Chrome trace profiles (#12166)
• 7acfdc4 refactor: Extract turborepo-query-api trait crate for compile-time decoupli...
• 14dd839 perf: Defer lockfile await until after internal dependency resolution (#12164)
• 6923c52 perf: Fire-and-forget telemetry and analytics HTTP flushes on shutdown (#12162)
• Additional commits viewable in compare view

Updates sql.js from 1.14.0 to 1.14.1

Commits

• 8088a68 Fix browser bundle (#625)
• ee29605 Update devcontainer + migrate linting to ESLint 10 (#623)
• d58d741 sqlite 3.45.2 (#581)
• See full diff in compare view

Updates postcss from 8.5.6 to 8.5.8

Release notes

Sourced from postcss's releases.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

• 65de537 Release 8.5.8 version
• b2c6d97 Run git hook register
• 0ae0a49 Update Processor#version
• 6ee9f14 Release 8.5.7 version
• 3fbc951 Fix uvu Node.js 25 support
• 52db53e Update dependencies
• 497daef Speed up source map annotation cleaning by moving from RegExp
• 41e739a Remove banner
• 1329142 chore: speed up space-only string check in lib/parser.js (#2064)
• 23beff9 Update dependencies
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
objectos	Ready	Preview, Comment	Mar 9, 2026 2:19am
objectos-demo	Error		Mar 9, 2026 2:19am

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.