Bump the npm_and_yarn group across 1 directory with 12 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the /apps/api directory:

Package	From	To
express-handlebars	3.1.0	5.3.1
jsonwebtoken	8.5.1	9.0.0
multer	1.4.4	2.0.2
braces	2.3.2	3.0.3
nodemon	1.19.4	3.1.10
cookie	0.3.1	0.7.2
youch	2.2.2	3.3.4
@sentry/node	5.7.0	10.2.0
property-expr	1.5.1	2.0.6
yup	0.27.0	1.7.0
tmp	0.0.33	removed
eslint	6.8.0	9.32.0

Updates express-handlebars from 3.1.0 to 5.3.1

Release notes

Sourced from express-handlebars's releases.

v5.3.1

5.3.1 (2021-05-04)

Bug Fixes

• add note about security (78c47a2)

v5.3.0

5.3.0 (2021-03-30)

Features

• Add partialsDir.rename option (#151) (1a6771b)

v5.2.1

5.2.1 (2021-02-16)

Bug Fixes

• deps: update dependency handlebars to ^4.7.7 (1930523)

v5.2.0

5.2.0 (2020-10-23)

Features

• allow views to be an array (a9f4aaa)

v5.1.0

5.1.0 (2020-07-16)

Features

• add encoding option (9e516c3)

v5.0.0

5.0.0 (2020-07-06)

Bug Fixes

• update code to es2015+ (e5a08ee)
• update node support (ea30d53)

... (truncated)

Changelog

Sourced from express-handlebars's changelog.

5.3.1 (2021-05-04)

Bug Fixes

• add note about security (78c47a2)

5.3.0 (2021-03-30)

Features

• Add partialsDir.rename option (#151) (1a6771b)

5.2.1 (2021-02-16)

Bug Fixes

• deps: update dependency handlebars to ^4.7.7 (1930523)

5.2.0 (2020-10-23)

Features

• allow views to be an array (a9f4aaa)

5.1.0 (2020-07-16)

Features

• add encoding option (9e516c3)

5.0.0 (2020-07-06)

Bug Fixes

• update code to es2015+ (e5a08ee)
• update node support (ea30d53)

BREAKING CHANGES

• Drop support for node versions below v10

4.0.6 (2020-07-06)

... (truncated)

Commits

• 63e8010 chore(release): 5.3.1 [skip ci]
• 78c47a2 fix: add note about security
• 2cde11e chore: update package-lock.json
• 9a6cf60 chore(deps): update devdependency eslint to ^7.25.0
• fbc5681 Merge pull request #157 from express-handlebars/renovate/node-10.x
• 1e2b967 chore(deps): update devdependency eslint-plugin-promise to ^5.1.0
• 4bcc294 chore(deps): update devdependency eslint to ^7.24.0
• 6ffb7ee chore(deps): update devdependency eslint-plugin-promise to v5
• 8b9f920 chore(deps): update devdependency @​semantic-release/npm to ^7.1.1
• b291a6b chore(deps): update node.js to >=v10.24.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by tonybrix, a new releaser for express-handlebars since your current version.

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
• Key types must be valid for the signing / verification algorithm

Security fixes

• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
• 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
• 7e6a86b Upload OpsLevel YAML (#849)
• 74d5719 docs: update references vercel/ms references (#770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
• a46097e docs: make decode impossible to discover before verify
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.

Updates multer from 1.4.4 to 2.0.2

Release notes

Sourced from multer's releases.

v2.0.2

Important

• Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

Full Changelog: expressjs/multer@v2.0.1...v2.0.2

v2.0.1

Important

• Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

What's Changed

• add Arabic translation for README .. by @​3imed-jaberi in expressjs/multer#762
• Update README.md to fix issue #1114 by @​Mohamed-Abdelfattah in expressjs/multer#1169
• Improved documentation translation to Spanish by @​juliomontenegro in expressjs/multer#1174
• Translated to french by @​AlanLg in expressjs/multer#1182
• Improve the Brazilian Portuguese translation by @​vitorRibeiro7 in expressjs/multer#1204
• doc: uzbek language by @​eugene0928 in expressjs/multer#1232
• Fix a mistake with README-pt-br.md by @​Igor-CA in expressjs/multer#1251
• Update in Readme-pt-br and fix in Readme-ko by @​carlosstenzel in expressjs/multer#1252
• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/multer#1260
• ci: replace travis with github action by @​inigomarquinez in expressjs/multer#1259
• docs: improve readability by @​Sreejit-Sengupto in expressjs/multer#1255
• test: add test for out-of-band error event by @​LinusU in expressjs/multer#1294
• chore: upgrade scorecard workflow pinned action versions by @​carpasse in expressjs/multer#1290
• Documentation: remove unfortunate abbreviation from readme by @​MaddyGuthridge in expressjs/multer#1299
• ci: use ubuntu-latest as default runner by @​UlisesGascon in expressjs/multer#1308
• ci: add CodeQL (SAST) by @​bjohansebas in expressjs/multer#1289
• Update readme badges by @​bjohansebas in expressjs/multer#1268
• 📝 fix changelog information by @​ctcpip in expressjs/multer#1316
• master -> v2 by @​ctcpip in expressjs/multer#1317
• chore: fix typo by @​saucecodee in expressjs/multer#993
• Remove --save from README by @​username1001 in expressjs/multer#929
• feat - update link badge in docs by @​carlosstenzel in expressjs/multer#1273
• ci: change branch reference by @​UlisesGascon in expressjs/multer#1319
• ♻️ use version tag for CI, fix CI badge, fix references to master/main by @​ctcpip in expressjs/multer#1324
• deps: update dependencies to latest versions by @​bjohansebas in expressjs/multer#1328
• 📝 list languages in table to prevent GH right-aligning list due to RTL language by @​ctcpip in expressjs/multer#1325
• [StepSecurity] Apply security best practices by @​step-security-bot in expressjs/multer#1311

New Contributors

• @​3imed-jaberi made their first contribution in expressjs/multer#762
• @​Mohamed-Abdelfattah made their first contribution in expressjs/multer#1169
• @​juliomontenegro made their first contribution in expressjs/multer#1174
• @​AlanLg made their first contribution in expressjs/multer#1182
• @​vitorRibeiro7 made their first contribution in expressjs/multer#1204
• @​eugene0928 made their first contribution in expressjs/multer#1232
• @​Igor-CA made their first contribution in expressjs/multer#1251

... (truncated)

Changelog

Sourced from multer's changelog.

2.0.2

• Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

2.0.1

• Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

2.0.0

• Breaking change: The minimum supported Node version is now 10.16.0
• Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)
• Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)

1.4.5-lts.2

• Fix out-of-band error event from busboy (#1177)

1.4.5-lts.1

• No changes

1.4.4-lts.1

• Bugfix: Bump busboy to fix CVE-2022-24434 (#1097)
• Breaking: Require Node.js 10.16.0 or later (#1097)

Commits

• e5db9ca 🔖 2.0.2
• adfeaf6 🥅 improve error handling
• e259a7e 🔖 2.0.1
• 35a3272 Fixes expressjs/multer#1233. Makes multer handle mi...
• f897007 ci: apply security best practices (#1311)
• 061f4cb 📝 list languages in table to prevent GH right-aligning list due to RTL language
• 854d769 deps: update dependencies to latest versions (#1328)
• 256da2f ♻️ use version tag for CI, fix CI badge, fix references to master/main
• dd9dde4 📝 fix badges in translation files (#1321)
• dc2a880 ci: change branch reference
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

• The undocumented .makeRe method was removed
• Require Node.js >= 8.3

Non-breaking changes

• Caching was removed

Commits

• See full diff in compare view

Updates nodemon from 1.19.4 to 3.1.10

Release notes

Sourced from nodemon's releases.

v3.1.10

3.1.10 (2025-04-23)

Bug Fixes

• update types and jsdocs (#2232) (297c7c7), closes #2231

v3.1.9

3.1.9 (2024-12-13)

Bug Fixes

• maintain backward support for exitcrash (9c9de6e)

v3.1.8

3.1.8 (2024-12-13)

Bug Fixes

• types updated (cb91187)

v3.1.7

3.1.7 (2024-09-20)

Bug Fixes

• types for export on ESModule (#2211) (9b0606a)

v3.1.6

3.1.6 (2024-09-19)

Bug Fixes

• watch nested paths (11fcaaa), closes #2216

v3.1.5

3.1.5 (2024-09-17)

Bug Fixes

• add missing ignore option to type defintion of config (#2224) (254c2ab)

v3.1.4

3.1.4 (2024-06-20)

... (truncated)

Commits

• 297c7c7 fix: update types and jsdocs (#2232)
• f7661d9 chore: website
• 8fc12e8 Merge branch 'main' of github.com:remy/nodemon
• 8b535a0 chore: fix JQ rendering for site
• 59d5350 chore: website
• 9954aff chore: website
• d147fb6 chore: website
• 53d2dfd chore: website
• 60f1474 chore: website
• af51f77 Merge branch 'main' of github.com:remy/nodemon
• Additional commits viewable in compare view

Updates cookie from 0.3.1 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

• Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

• Add partitioned option

0.5.0

• Add priority option
• Fix expires option to reject invalid dates
• pref: improve default decode speed
• pref: remove slow string split in parse

0.4.2

• pref: read value only when assigning in parse
• pref: remove unnecessary regexp in parse

0.4.1

• Fix maxAge option to reject invalid values

0.4.0

• Add SameSite=None support

Commits

• d19eaa1 0.7.2
• bc38ffd Fix object assignment of hasOwnProperty (#177)
• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates youch from 2.2.2 to 3.3.4

Commits

• See full diff in compare view

Updates @sentry/node from 5.7.0 to 10.2.0

Release notes

Sourced from @​sentry/node's releases.

10.2.0

Important Changes

• feat(core): Add ignoreSpans option (#17078)

This release adds a new top-level Sentry.init option, ignoreSpans, that can be used as follows:

Sentry.init({
  ignoreSpans: [
    'partial match', // string matching on the span name
    /regex/, // regex matching on the span name
    {
      name: 'span name',
      op: /http.client/,
    },
  ],
});

Spans matching the filter criteria will not be recorded. Potential child spans of filtered spans will be re-parented, if possible.

• feat(cloudflare,vercel-edge): Add support for OpenAI instrumentation (#17338)

Adds support for OpenAI manual instrumentation in @sentry/cloudflare and @sentry/vercel-edge.

To instrument the OpenAI client, wrap it with Sentry.instrumentOpenAiClient and set recording settings.

import * as Sentry from '@sentry/cloudflare';
import OpenAI from 'openai';
const openai = new OpenAI();
const client = Sentry.instrumentOpenAiClient(openai, { recordInputs: true, recordOutputs: true });
// use the wrapped client

• ref(aws): Remove manual span creation (#17310)

The startTrace option is deprecated and will be removed in a future major version. If you want to disable tracing, set SENTRY_TRACES_SAMPLE_RATE to 0.0. instead. As of today, the flag does not affect traces anymore.

Other Changes

• feat(astro): Streamline build logs (#17301)
• feat(browser): Handles data URIs in chrome stack frames (#17292)
• feat(core): Accumulate tokens for gen_ai.invoke_agent spans from child LLM calls (#17281)
• feat(deps): Bump @​prisma/instrumentation from 6.12.0 to 6.13.0 (#17315)
• feat(deps): Bump @​sentry/cli from 2.50.0 to 2.50.2 (#17316)
• feat(deps): Bump @​sentry/rollup-plugin from 4.0.0 to 4.0.2 (#17317)

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

10.2.0

Important Changes

• feat(core): Add ignoreSpans option (#17078)

This release adds a new top-level Sentry.init option, ignoreSpans, that can be used as follows:

Sentry.init({
  ignoreSpans: [
    'partial match', // string matching on the span name
    /regex/, // regex matching on the span name
    {
      name: 'span name',
      op: /http.client/,
    },
  ],
});

Spans matching the filter criteria will not be recorded. Potential child spans of filtered spans will be re-parented, if possible.

• feat(cloudflare,vercel-edge): Add support for OpenAI instrumentation (#17338)

Adds support for OpenAI manual instrumentation in @sentry/cloudflare and @sentry/vercel-edge.

To instrument the OpenAI client, wrap it with Sentry.instrumentOpenAiClient and set recording settings.

import * as Sentry from '@sentry/cloudflare';
import OpenAI from 'openai';
const openai = new OpenAI();
const client = Sentry.instrumentOpenAiClient(openai, { recordInputs: true, recordOutputs: true });
// use the wrapped client

• ref(aws): Remove manual span creation (#17310)

The startTrace option is deprecated and will be removed in a future major version. If you want to disable tracing, set SENTRY_TRACES_SAMPLE_RATE to 0.0. instead. As of today, the flag does not affect traces anymore.

Other Changes

• feat(astro): Streamline build logs (#17301)
• feat(browser): Handles data URIs in chrome stack frames (#17292)
• feat(core): Accumulate tokens for gen_ai.invoke_agent spans from child LLM calls (#17281)
• feat(deps): Bump @​prisma/instrumentation from 6.12.0 to 6.13.0 (#17315)
• feat(deps): Bump @​sentry/cli from 2.50.0 to 2.50.2 (#17316)

... (truncated)

Commits

• 8e1c02a release: 10.2.0
• 9a90e11 Merge pull request #17339 from getsentry/prepare-release/10.2.0
• bcbb6af meta(changelog): Update changelog for 10.2.0
• ed07836 feat(cloudflare,vercel-edge): Add support for OpenAI instrumentation (#17338)
• ce66380 feat(react-router): Add support for Hydrogen with RR7 (#17145)
• ac57eb1 ref(google-cloud-serverless): Add mechanism.type to captured errors (#17300)
• 5ae054c ref(core): Add more specific exception mechanism for internal errors (#17253)
• aab4276 feat(browser): Handles data URIs in chrome stack frames (#17292)
• 82f0cf9 chore: Correct title for v8 changelog (#17329)
• 50cce74 meta: Re-organize changelog to add v8 page (#17327)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by sentry-bot, a new releaser for @​sentry/node since your current version.

Updates property-expr from 1.5.1 to 2.0.6

Commits

• See full diff in compare view

Updates yup from 0.27.0 to 1.7.0

Release notes

Sourced from yup's releases.

v1 Because I finally got around to it

jquense/yup#1906

v1.0.0-beta.7

Fixes published artifacts for the main field

v1.0.0-beta.5 - partial fixes and cast migration path

Beta 5 fixes partial and deepPartial making it work correctly with lazy schema. Specifically the optionality is added after lazy is evaluated but before any other when conditions are added. This makes it consistent with other conditional schema, where runtime conditions always supersede previous schema configuration. This allows for optional overrides if necessary.

const person = object({
  name: string().required(),
  age: number().required(),
  legalGuardian:  string().when('age', {
    is: (age) => age != null && age < 18,
    then: (schema) => schema.required(),
  }),
});
const optionalPerson = person.partial()
person.cast({name: 'James', age: 6 }) // => TypeError legalGuardian required
// age is still required b/c it's applied after the partial
optionalPerson.cast({name: 'James',  age: 6 }) // => TypeError legalGuardian required

This works slightly differently for lazy which have no schema to "start" with:

const config = object({
  nameOrIdNumber:  lazy((value) => {
     if (typeof value === 'number') return number().required()
     return string().required()
  }),
});
const opti = config.partial()
config.cast({}) // => TypeError nameOrIdNumber is required
config.partial().cast({}) // => {}

Cast optionality migration path

A larger breaking change in v1 is the assertion of optionality during cast, making previous patterns like string().nullable().required() no longer possible. Generally this pattern is used when deserialized data is not valid to start, but will become valid through user input such as with an HTML form. v1 no longer allows this, but in order to make migration easier we've added an option to cast that mimics the previous behavior (not exactly but closely).

const name = string().required()
</tr></table> 

... (truncated)

Changelog

Sourced from yup's changelog.

1.7.0 (2025-08-01)

Features

• Implement standard schema interface (#2258) (ced5f51)
• resolve ref params if present when describing (ef53030), closes #2276

1.6.1 (2024-12-17)

Bug Fixes

• lazy validation errors thrown in builders should resolve async like other validations (c7d7f97)

1.6.0 (2024-12-16)

Features

• expose LazySchema (2b0f126)

1.5.0 (2024-12-03)

Bug Fixes

• readme: some typos and update CustomizingErrors doc (#2163) (5c77e0d)

Features

• Add exact and stripUnknown method to object() (adcdd8d)

... (truncated)

Commits

• 12a8260 Publish v1.7.0
• c042368 chore: patch release
• ced5f51 feat: Implement standard schema interface (#2258)
• 871a74f chore: fix CI
• ef53030 feat: resolve ref params if present when describing
• d00abc3 Publish v1.6.1
• c7d7f97 fix: lazy validation errors thrown in builders should resolve async like othe...
• f27fa44 Publish v1.6.0
• 0d7c327 build: modernize stuff
• 2b0f126 feat: expose LazySchema
• Additional commits viewable in compare view

Removes tmp

Updates eslint from 6.8.0 to 9.32.0

Release notes

Sourced from eslint's releases.

v9.32.0

Features

• 1245000 feat: support explicit resource management in core rules (#19828) (fnx)
• 0e957a7 feat: support typescript types in accessor rules (#19882) (fnx)

Bug Fixes

• 960fd40 fix: Upgrade @​eslint/js (#19971) (Nicholas C. Zakas)
• bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)
• d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)
• f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)
• 7863d26 fix: remove outdated types in ParserOptions.ecmaFeatures (#19944) (ntnyq)
• 3173305 fix: update execScript message in no-implied-eval rule (#19937) (TKDev7)

Documentation

• 86e7426 docs: Update README (GitHub Actions Bot)

Chores

• 50de1ce chore: package.json update for @​eslint/js release (Jenkins)
• 74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)
• 2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)
• b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)
• f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)
• e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)
• e855717 chore: switch performance tests to hyperfine (#19919) (Francesco Trotta)
• 2f73a23 test: switch to flat config mode in ast-utils tests (#19948) (Milos Djermanovic)
• c565a53 chore: exclude further_reading_links.json from Prettier formatting (#19943) (Milos Djermanovic)

v9.31.0

Features

• 35cf44c feat: output full actual location in rule tester if different (#19904) (ST-DDT)
• a6a6325 feat: support explicit resource management in no-loop-func (#19895) (Milos Djermanovic)
• 4682cdc feat: support explicit resource management in no-undef-init (#19894) (Milos Djermanovic)
• 5848216 feat: support explicit resource management in init-declarations (#19893) (Milos Djermanovic)
• bb370b8 feat: support explicit resource management in no-const-assign (#19892) (Milos Djermanovic)

Bug Fixes

• 07fac6c fix: retry on EMFILE when writing autofix results (#19926) (TKDev7)
• 28cc7ab fix: Remove incorrect RuleContext types (#19910) (Nicholas C. Zakas)

Documentation

• 664cb44 docs: Update README (GitHub Actions Bot)
• 40dbe2a docs: fix mismatch between globalIgnores() code and text (#19914) (MaoShizhong)
• 5a0069d docs: Update README (GitHub Actions Bot)
• fef04b5 docs: Update working on issues info (#19902) (Nicholas C. Zakas)

Chores

• 3ddd454 chore: upgrade to @eslint/js@9.31.0 (#19935) (Francesco Trotta)
• d5054e5 chore: package.json update for @​eslint/js release (Jenkins)
• 0f4a378 chore: update eslint (#19933) (renovate[bot])
• 76c2340 chore: bump mocha to v11 (#19917) (루밀LuMir)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.32.0 - July 25, 2025

• 960fd40 fix: Upgrade @​eslint/js (#19971) (Nicholas C. Zakas)
• 50de1ce chore: package.json update for @​eslint/js release (Jenkins)
• bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)
• 74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)
• d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)
• 2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)
• b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)
• f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)
• f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)
• 86e7426 docs: Update README (GitHub Actions Bot)
• e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)