chore(deps): bump the backend-minor-and-patch group across 1 directory with 3 updates

[dependabot]

Bumps the backend-minor-and-patch group with 3 updates in the /backend directory: dotenv, mongoose and @types/node.

Updates dotenv from 17.3.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

• Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates mongoose from 9.2.4 to 9.6.2

Release notes

Sourced from mongoose's releases.

9.6.2 / 2026-05-08

• fix(document): correctly handle modified subpaths when parent path is unset after modifying #16271 #16252
• types: handle compiling with exactOptionalPropertyTypes #16277 #16273
• chore: align Node version docs and types #16270 AbdelrahmanHafez

9.6.1 / 2026-04-29

• types(objectid): fix _id getter helper on ObjectId #16251 noseworthy

9.6.0 / 2026-04-28

• feat: upgrade mongodb node driver to 7.2 #16245
• feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
• types(query): make QueryFilter respect string unions and enums #16242 #16240
• types: export Projector and ArrayProjectionOperators #16243 #16235

9.5.0 / 2026-04-20

• feat(debug): add timestamp option to debug output #16216 rejunp
• feat(query): add cloneUpdate option to explicitly disable update cloning #16230 #16202
• feat(query): extend defaults query option to find() #16226 sderrow
• fix(query): avoid cloning update until absolutely necessary to better support updates with __proto__ #16230 #16202
• fix(query): avoid treating documents with a $set() method as objects with a $set property when casting updates #16230
• fix(queryHelpers): pass default options to discriminators #16227 #16226
• fix(document): handle including and excluding nested paths with optimistic concurrency #16177 #16054
• fix(model): throw ObjectParameterError in insertOne() if doc is not an object #16221 IshitaSingh0822
• fix(cast): preserve reason in CastError message after setModel() #16167 White-Devil2839
• perf(model): remove unnecessary clone in findOneAndUpdate() #16230
• perf: use kareem 3.3.0 mongoosejs/kareem#45 #16229
• chore: use TSTyche assertions #16222 mrazauskas

9.4.1 / 2026-04-03

• Revert "fix(setDefaultsOnInsert): run setters on default values during upsert" #16218 #16051

9.4.0 / 2026-04-03

• perf(document+model): avoid parallel save error instantiation, simplify resetting atomics, streamline validation and collection handling
• feat(document): add $getChanges() alias, deprecate getChanges() #15959 techcodie
• fix(schema): support toJSONSchema on unions #16179
• fix(schema): implement validation for Union schemas and subdocuments techcodie
• fix(connection): snapshot Date in heartbeat handler and flush queue on recovery #16183 andreialecu
• fix(model): use duck-typing with version check to validate the argument to useConnection() is actually a connection #16098
• fix(setDefaultsOnInsert): run setters on default values during upsert #16051 mahmoodhamdi
• fix(utils): properly compare Set objects in deepEqual KhanjarSingh
• fix(utils): wrap discriminator merge check in parentheses to fix precedence Necro-Rohan
• fix(schema): correct template literal in encryptionType error message Mridul012
• fix(schema): correct error when unsupported query operator with number #16062
• fix(types): make MergeType and UnpackedIntersection distributive over union types techcodie

... (truncated)

Changelog

Sourced from mongoose's changelog.

9.6.2 / 2026-05-08

• fix(document): correctly handle modified subpaths when parent path is unset after modifying #16271 #16252
• types: handle compiling with exactOptionalPropertyTypes #16277 #16273
• chore: align Node version docs and types #16270 AbdelrahmanHafez

9.6.1 / 2026-04-29

• types(objectid): fix _id getter helper on ObjectId #16251 noseworthy

9.6.0 / 2026-04-28

• feat: upgrade mongodb node driver to 7.2 #16245
• feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
• types(query): make QueryFilter respect string unions and enums #16242 #16240
• types: export Projector and ArrayProjectionOperators #16243 #16235

8.23.1 / 2026-04-23

• fix(model): support sort option in Model.bulkWrite() updateOne and replaceOne operations #16091 #16079
• fix(setDefaultsOnInsert): check child filter paths before applying defaults (backport #16031 to 8.x) #16219 marklai1998
• fix(schema): always pass raw string value to error validators, only trim to 30 chars for maxlength validator #16238 #16236 #15550 #15571

9.5.0 / 2026-04-20

• feat(debug): add timestamp option to debug output #16216 rejunp
• feat(query): add cloneUpdate option to explicitly disable update cloning #16230 #16202
• feat(query): extend defaults query option to find() #16226 sderrow
• fix(query): avoid cloning update until absolutely necessary to better support updates with __proto__ #16230 #16202
• fix(query): avoid treating documents with a $set() method as objects with a $set property when casting updates #16230
• fix(queryHelpers): pass default options to discriminators #16227 #16226
• fix(document): handle including and excluding nested paths with optimistic concurrency #16177 #16054
• fix(model): throw ObjectParameterError in insertOne() if doc is not an object #16221 IshitaSingh0822
• fix(cast): preserve reason in CastError message after setModel() #16167 White-Devil2839
• perf(model): remove unnecessary clone in findOneAndUpdate() #16230
• perf: use kareem 3.3.0 mongoosejs/kareem#45 #16229
• chore: use TSTyche assertions #16222 mrazauskas

9.4.1 / 2026-04-03

• Revert "fix(setDefaultsOnInsert): run setters on default values during upsert" #16218 #16051

9.4.0 / 2026-04-03

• perf(document+model): avoid parallel save error instantiation, simplify resetting atomics, streamline validation and collection handling
• feat(document): add $getChanges() alias, deprecate getChanges() #15959 techcodie
• fix(schema): support toJSONSchema on unions #16179
• fix(schema): implement validation for Union schemas and subdocuments techcodie
• fix(connection): snapshot Date in heartbeat handler and flush queue on recovery #16183 andreialecu
• fix(model): use duck-typing with version check to validate the argument to useConnection() is actually a connection #16098

... (truncated)

Commits

• 45230cc chore: release 9.6.2
• ccac981 Merge pull request #16277 from Automattic/vkarpov15/gh-16273
• a917973 types: handle compiling with exactOptionalPropertyTypes
• 2b7bb96 Merge pull request #16271 from Automattic/vkarpov15/gh-16252
• ca7f2a0 new affiliate links
• aa9a2e3 Merge branch 'master' into vkarpov15/affiliate
• 5f86a12 Merge pull request #16232 from Automattic/vkarpov15/website-relayout
• 378f90b increment latest release numbers
• bef3027 color cleanup and minor fixes from review
• 70f0699 use Mongoose red for links
• Additional commits viewable in compare view

Updates @types/node from 25.4.0 to 25.9.1

Commits

• See full diff in compare view

[dependabot]

Labels

The following labels could not be found: backend, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.