deps: bump the production-dependencies group with 4 updates

[dependabot]

Bumps the production-dependencies group with 4 updates: dotenv, pino, openid-client and undici.

Updates dotenv from 17.2.3 to 17.2.4

Changelog

Sourced from dotenv's changelog.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

• See full diff in compare view

Updates pino from 10.3.0 to 10.3.1

Release notes

Sourced from pino's releases.

v10.3.1

What's Changed

• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in pinojs/pino#2385
• build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 by @​dependabot[bot] in pinojs/pino#2386
• docs: clarify transport level filtering behavior by @​mcollina in pinojs/pino#2390
• fix(transport): sanitize invalid NODE_OPTIONS preloads for workers by @​mcollina in pinojs/pino#2391

Full Changelog: pinojs/pino@v10.3.0...v10.3.1

Commits

• 6b34498 Bumped v10.3.1
• f1203e6 fix(transport): sanitize invalid NODE_OPTIONS preloads for workers (#2391)
• 6a8e598 docs: clarify transport level filtering behavior (#2390)
• 49a4807 Merge branch 'main' of github.com:pinojs/pino
• 960bbbb build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 (#2386)
• e2a5b4a build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#2385)
• 04859e2 chore: update gitignore for ai assistant files
• See full diff in compare view

Updates openid-client from 6.8.1 to 6.8.2

Release notes

Sourced from openid-client's releases.

v6.8.2

Fixes

• use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Changelog

Sourced from openid-client's changelog.

6.8.2 (2026-02-07)

Fixes

• use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Commits

• b14e51c chore(release): 6.8.2
• f6f84e2 fix: use duplex: half for fetchProtectedResource with ReadableStream body input
• f879890 chore: bump packages
• b506e1a build(deps): bump the actions group with 4 updates (#853)
• 0baa958 chore: bump packages
• c5d4931 chore: bump packages
• 7cf3c12 test: revert undici for the time being
• 8b2e360 chore: bump packages
• 79386b7 build(deps): bump lodash from 4.17.21 to 4.17.23 (#849)
• 950e199 build(deps-dev): bump tar from 7.5.3 to 7.5.6 (#848)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openid-client since your current version.

Updates undici from 7.20.0 to 7.21.0

Release notes

Sourced from undici's releases.

v7.21.0

What's Changed

• build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by @​dependabot[bot] in nodejs/undici#4796
• test: restore global dispatcher after fetch tests by @​mcollina in nodejs/undici#4790
• Add missing close method to WebSocketStream interface by @​piotr-cz in nodejs/undici#4802
• fix: error stream instead of canceling by @​KhafraDev in nodejs/undici#4804
• Fix clientTtl cleanup race in Agent by @​mcollina in nodejs/undici#4807
• feat(#4230): Implement pingInterval for dispatching PING frames by @​metcoder95 in nodejs/undici#4296
• fix: handle undefined __filename in bundled environments by @​mcollina in nodejs/undici#4812
• fix: set finalizer only for fetch responses by @​tsctx in nodejs/undici#4803

New Contributors

• @​piotr-cz made their first contribution in nodejs/undici#4802

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

Commits

• 393c0da Bumped v7.21.0 (#4813)
• 47f9b96 fix: set finalizer only for fetch responses (#4803)
• 92e38fc fix: handle undefined __filename in bundled environments (#4812)
• 283f2aa feat(#4230): Implement pingInterval for dispatching PING frames (#4296)
• 9cc025b Fix clientTtl cleanup race (#4807)
• fc8bb75 fix: error stream instead of canceling (#4804)
• ff6bc5a Add close method to WebSocketStream interface (#4802)
• dae4d91 test: restore global dispatcher after fetch tests (#4790)
• 072c17a build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 (#4796)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.