fix(deps): update external major (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@redocly/cli	1.34.5 -> 2.0.3			devDependencies	major
actions/checkout	v4 -> v5			action	major
dotenv	16.6.1 -> 17.2.1			devDependencies	major
zod (source)	3.25.76 -> 4.0.17			dependencies	major

---

Release Notes

Redocly/redocly-cli (@​redocly/cli)

v2.0.3

Compare Source

Patch Changes

• Fixed type definitions for Respect input and server options to support both string and string[] values.
• Fixed binary response data in Respect results by properly encoding it as base64.
• Updated @​redocly/respect-core to v2.0.3.

v2.0.2

Compare Source

Patch Changes

• Made executionTimeout parameter optional in the run function exported from respect-core.
• Updated @​redocly/respect-core to v2.0.2.

v2.0.1

Compare Source

Patch Changes

• Fixed an issue where the no-required-schema-properties-undefined rule incorrectly resolved nested $refs relative to the file in which they were defined.
• Fixed an issue where multipart form-data parameters were not properly resolved and evaluated before sending requests.
• Updated @​redocly/openapi-core to v2.0.1.

v2.0.0

Compare Source

Major Changes

• Removed backward compatibility for the spec rule. Use struct instead.
• Removed support for the deprecated apiDefinitions option in the Redocly config. Use apis instead.
  Removed the labels field within the apis section, which was associated with the legacy Redocly API Registry product.
• Removed support for default config file names other than redocly.yaml.
• Removed support for the deprecated features.openapi and features.mockServer configuration options. Use openapi and mockServer directly instead.
• Removed backward compatibility for the deprecated lint and styleguide options in the Redocly config.
  Use rules, decorators and other related options on the root level instead.
• Removed the deprecated disallowAdditionalProperties option support in rules. Use allowAdditionalProperties instead.
• Removed support for the deprecated theme property of Redocly config.
  All the properties of theme are now available in the config root.
• Removed the deprecated path-excludes-patterns and info-license-url rules.
• Removed the deprecated undefined assertion. Use defined instead.
• Removed support for the legacy Redocly API Registry in favor of the new Reunite platform.
  Reunite provides improved API management capabilities and better integration with Redocly's tooling ecosystem.
  Migrated the login and push commands to work exclusively with Reunite.
  Removed the preview-docs command as part of platform modernization.
  Use the preview command instead.
• Removed support for the deprecated referenceDocs option, which was related to the legacy Reference docs product.
• Removed support for the deprecated assert/ prefix in configurable rules. Use rule/ prefix instead.
• Migrated the codebase to ES Modules from CommonJS, bringing improved code organization and better support for modern JavaScript features.
  Update to Node.js version 20.19.0+, 22.12.0+, or 23+.

Minor Changes

• Added x-security extension for Respect that enables secure handling of authentication in Arazzo workflows.
  Use this extension to:

  • Define security schemes at the step level using either predefined schemes or inline definitions
  • Pass values of secrets (passwords, tokens, API keys)
  • Support multiple authentication types including API Key (query, header, or cookie), Basic Authentication, Bearer Token, Digest Authentication, OAuth2, and OpenID Connect
  • Automatically transform security parameters into appropriate HTTP headers or query parameters

• Added environment variable support for CLI arguments using Yargs .env() method to parse environment variables with matching prefixes.

• Added validation for JSON Schema format.

• Extracted nullable validation from the struct rule into a new nullable-type-sibling rule for OpenAPI 3.0. This allows users to disable nullable validation separately from other structural checks.

• Configured the spec ruleset for OpenAPI, AsyncAPI, Arazzo, and Overlay specifications.
  This ruleset is designed to strictly follow the specifications.

• Added the no-duplicated-tag-names rule to check for duplications in the tags field in API descriptions.

• Enabled no-required-schema-properties-undefined, no-schema-type-mismatch, and no-enum-type-mismatch rules for AsyncAPI and Arazzo specifications.
  Adjusted the rules' severities in the recommended and minimal rulesets. Refer to the following table:

  Rule \ Ruleset	recommended	minimal
  no-required-schema-properties-undefined	off -> warn	off -> warn
  no-enum-type-mismatch	error	warn
  no-schema-type-mismatch	warn -> error	off -> warn

• Implemented automatic masking of sensitive fields (such as tokens and passwords) in response bodies to enhance security and prevent accidental exposure of secrets in logs and outputs.

• Added new CLI options for the respect command to improve test execution control.

Patch Changes

• Fixed plugins validation in config files referenced in the extends section.
• Fixed no-undefined-server-variable crash when encountering null values in the server list.
• Refactored @redocly/respect-core to eliminate Node.js-specific dependencies, improving cross-platform compatibility.
• Updated Redoc to v2.5.0.
• Fixed alias detection when using --config from a different folder than the current working directory.
• Resolved an issue where [email protected] injected an unintended message into the output.
• Fixed Redocly CLI to correctly read residency from the Redocly configuration file.
• Improved Respect's error handling when server URLs are missing from both OpenAPI descriptions and CLI options.
• Updated @​redocly/respect-core to v2.0.0.

actions/checkout (actions/checkout)

v5

Compare Source

motdotla/dotenv (dotenv)

v17.2.1

Compare Source

Changed

• Fix clickable tip links by removing parentheses (#​897)

v17.2.0

Compare Source

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#​889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

v17.1.0

Compare Source

Added

• Add additional security and configuration tips to the runtime log (#​884)
• Dim the tips text from the main injection information text

const TIPS = [
  '🔐 encrypt with dotenvx: https://dotenvx.com',
  '🔐 prevent committing .env to code: https://dotenvx.com/precommit',
  '🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
  '🛠️  run anywhere with `dotenvx run -- yourcommand`',
  '⚙️  specify custom .env file path with { path: \'/custom/path/.env\' }',
  '⚙️  enable debug logging with { debug: true }',
  '⚙️  override existing env vars with { override: true }',
  '⚙️  suppress all logs with { quiet: true }',
  '⚙️  write to custom object with { processEnv: myObject }',
  '⚙️  load multiple .env files with { path: [\'.env.local\', \'.env\'] }'
]

v17.0.1

Compare Source

Changed

• Patched injected log to count only populated/set keys to process.env (#​879)

v17.0.0

Compare Source

Changed

• Default quiet to false - informational (file and keys count) runtime log message shows by default (#​875)

colinhacks/zod (zod)

v4.0.17

Compare Source

v4.0.16

Compare Source

v4.0.15

Compare Source

Commits:

• 7e7e346 Clean up docs
• f2949a8 [docs] Fix migration guide upgrade command (#​5021)
• d43cf19 Fix recursive object initialization errors with check() and other methods (#​5018)
• 3de2b63 fix: remove redundant Required<> from input and output type definitions (#​5033)
• 93553bd Add needs info
• 03cfa8d 4.0.15

v4.0.14

Compare Source

Commits:

• 99391a8 Docs: Fix typo (#​5005)
• e25303e Docs: fix typo (#​5008)
• dbb05ef Add JSON Schema draft-04 output (#​4811)
• b8257d7 Improve tuple recursive inference.
• 9bdbc2f Avoid infinite loops in defineLazy. Fixes #​4994.
• af96ad4 4.0.14

v4.0.13

Compare Source

v4.0.12

Compare Source

Commits:

• ff83fc9 Add eslint-plugin-import-zod (#​4848)
• 7c9ce38 Update docs for z.property check (#​4863)
• c432577 docs: add jwt schema docs (#​4867)
• 35e6a6f Add llms.txt (#​4915)
• 3ac7bf0 Clean up Edit this Page
• 60a9372 Implement llms-full.txt (#​5004)
• 73a1970 4.0.12

v4.0.11

Compare Source

Commits:

• 8e6a5f8 Fix “Edit on Github” link (#​4997)
• 930a2f6 Fix number of errors in doc (#​4993)
• c762dbb feat(locale): Add Yoruba (yo) locale (#​4996)
• 9a34a3a Zod 4.0.11 (#​4981)

v4.0.10

Compare Source

v4.0.9

Compare Source

Commits:

• 4e7a3ef v4.0.9 (#​4970)

v4.0.8

Compare Source

Commits:

• 3048d14 Fix #​4961

v4.0.7

Compare Source

v4.0.6

Compare Source

v4.0.5

Compare Source

v4.0.4

Compare Source

v4.0.3

Compare Source

v4.0.2

Compare Source

v4.0.1

Compare Source

Commits:

• 91c9ca6 fix: cleanup _idmap of $ZodRegistry (#​4837)
• 9cce1c5 docs: fix typo in flattenError example on error-formatting page (#​4819) (#​4833)
• a3560ae v3.25.76 (#​4838)
• 5060661 Release 3.25.76
• 7baee4e Update index.mdx (#​4831)
• 06172bf docs: add zod2md to zodToXConverters (#​4835)
• 30e2f3e Update docs
• b748b91 Add zod-openapi libraries to v4 (#​4829)
• 990e03b Update core.mdx (#​4746)
• e7f20c2 Fix treeifyError type for branded primitives. Add test. Closes #​4840 (#​4843)
• 79d4d80 v4.0.0 (#​4844)
• 00a1708 Remove JSR from release.yml
• 7c4c83c Update mime docs
• a7bd58a Remove when from params
• e899016 Support format in z.templateLiteral
• b259211 4.0.1

v4.0.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - "after 2pm on Monday" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm warn ERESOLVE overriding peer dependency
npm warn While resolving: [email protected]
npm warn Found: [email protected]
npm warn node_modules/zod
npm warn   zod@"4.0.17" from the root project
npm warn
npm warn Could not resolve dependency:
npm warn peerOptional zod@"^3.23.8" from [email protected]
npm warn node_modules/openai
npm warn   openai@"^5.12.1" from @langchain/[email protected]
npm warn   node_modules/@langchain/openai
npm warn   1 more (langsmith)
npm warn
npm warn Conflicting peer dependency: [email protected]
npm warn node_modules/zod
npm warn   peerOptional zod@"^3.23.8" from [email protected]
npm warn   node_modules/openai
npm warn     openai@"^5.12.1" from @langchain/[email protected]
npm warn     node_modules/@langchain/openai
npm warn     1 more (langsmith)
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/zod
npm error   zod@"4.0.17" from the root project
npm error
npm error Could not resolve dependency:
npm error peer zod@"^3.24.1" from [email protected]
npm error node_modules/zod-to-json-schema
npm error   zod-to-json-schema@"^3.22.3" from @langchain/[email protected]
npm error   node_modules/@langchain/core
npm error     @langchain/core@"0.3.68" from the root project
npm error     4 more (@langchain/langgraph, ...)
npm error   peerOptional zod-to-json-schema@"^3.x" from @langchain/[email protected]
npm error   node_modules/@langchain/langgraph
npm error     @langchain/langgraph@"0.4.3" from the root project
npm error   1 more (@modelcontextprotocol/sdk)
npm error
npm error Conflicting peer dependency: [email protected]
npm error node_modules/zod
npm error   peer zod@"^3.24.1" from [email protected]
npm error   node_modules/zod-to-json-schema
npm error     zod-to-json-schema@"^3.22.3" from @langchain/[email protected]
npm error     node_modules/@langchain/core
npm error       @langchain/core@"0.3.68" from the root project
npm error       4 more (@langchain/langgraph, ...)
npm error     peerOptional zod-to-json-schema@"^3.x" from @langchain/[email protected]
npm error     node_modules/@langchain/langgraph
npm error       @langchain/langgraph@"0.4.3" from the root project
npm error     1 more (@modelcontextprotocol/sdk)
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2025-08-11T16_28_25_135Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2025-08-11T16_28_25_135Z-debug-0.log

[github-actions]

This PR will trigger a patch release when merged.