Skip to content

Bump the api-deps group across 1 directory with 7 updates#42

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/api/api-deps-be1d98f2bb
Open

Bump the api-deps group across 1 directory with 7 updates#42
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/api/api-deps-be1d98f2bb

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Jun 5, 2026

Bumps the api-deps group with 7 updates in the /api directory:

Package From To
helmet 8.1.0 8.2.0
js-yaml 4.1.1 4.2.0
knex 3.1.0 3.2.10
mysql2 3.16.1 3.22.4
otplib 13.1.1 13.4.1
@eslint/js 9.39.2 10.0.1
eslint 9.39.2 10.4.1

Updates helmet from 8.1.0 to 8.2.0

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

  • Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
  • Improve error message when passing duplicate options
Commits

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates knex from 3.1.0 to 3.2.10

Release notes

Sourced from knex's releases.

3.2.10

Bug fixes

Misc

Full Changelog: knex/knex@3.2.9...3.2.10

3.2.9

What's Changed

New Contributors

Full Changelog: knex/knex@3.2.8...3.2.9

3.2.8

What's Changed

Full Changelog: knex/knex@3.2.7...3.2.8

3.2.7

What's Changed

... (truncated)

Changelog

Sourced from knex's changelog.

3.2.10 - 2 May, 2026

Bug fixes

  • fix: bump lodash to ^4.18.1, close #6433 #6446
  • Fix: Properly Escape Aliases in Analytic Functions #6392

Misc

  • chore: auto-update the docs' knex version on publish #6447
  • chore: skip re-running tests on automated release commit #6443
  • chore: sync docker images we use to ghcr #6445
  • chore: fixes for release-drafter workflow #6442
  • chore: new publish/release workflow #6441
  • docs: Update changelog for version 3.2.9 #6440
  • docs: sync website changelog from 3.0.0 to 3.2.8 #6426

3.2.9 - 3 April, 2026

Bug fixes

  • fix: support DELETE... LIMIT in dialects that support it (mysql), but continue to disallow ones that don't #6429
  • fix(postgres): escape double quotes in searchPath to prevent SQL injection #6411
  • fix(sqlite): append RETURNING statement when insert empty row #5471
  • fix: add type support for Array<Buffer> #6428

3.2.8 - 30 March, 2026

Bug fixes

  • Reverts the breaking changes added in #6227. This means that the ESM import of Knex is reverted to import { knex } from 'knex/knex.mjs #6422
  • fix(types): allow a QueryBuilder type as a value in an update #6419

3.2.7 - 27 March, 2026

Bug fixes

  • fix sqlite DDL operations failing inside transactions #6408
  • fix: handle lowercase INFORMATION_SCHEMA keys in MySQL renameColumn #6407
  • fix: clone config in client constructor #5633
  • fix: remove __knexTxId from transaction connection on release #5288
  • fix: correct binding order in delete with subquery join #6412
  • chore: omit ./scripts from published package #6356

3.2.6 - 24 March, 2026

Bug fixes

  • Fix module exports #6406

... (truncated)

Commits
  • f4cc164 release 3.2.10
  • ada9b3c remove tsconfig.json change from last commit
  • 79a0318 fixes for deploy workflow
  • b9fffa8 additional release-drafter formatting fixes
  • c76f0fe additional release-drafter formatting fixes
  • 7d2964f cleanup release-drafter tag generation
  • 8c693c8 chore: auto-update the docs' knex version on publish (#6447)
  • 9280352 fix: bump lodash to ^4.18.1, close #6433 (#6446)
  • 32b4e85 chore: skip re-running tests on automated release commit (#6443)
  • d2d1574 chore: sync docker images we use to ghcr (#6445)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for knex since your current version.


Updates mysql2 from 3.16.1 to 3.22.4

Release notes

Sourced from mysql2's releases.

v3.22.4

3.22.4 (2026-05-24)

Bug Fixes

v3.22.3

3.22.3 (2026-04-24)

Bug Fixes

  • allow resetOnRelease in connection config validation (#4278) (e72f923)

v3.22.2

3.22.2 (2026-04-21)

Bug Fixes

  • promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

v3.22.1

3.22.1 (2026-04-17)

Bug Fixes

  • async stack traces not pointing to correct source, regression introduced by #4257 (#4265) (5b6206c)
  • packet: return INVALID_DATE for zero dates with numeric timezone offset (#1019) (#4258) (cb5adcc)

v3.22.0

3.22.0 (2026-04-10)

Features

  • disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
  • implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

Performance Improvements

  • defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

v3.21.1

3.21.1 (2026-04-09)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.22.4 (2026-05-26)

Bug Fixes

3.22.3 (2026-04-24)

Bug Fixes

  • allow resetOnRelease in connection config validation (#4278) (e72f923)

3.22.2 (2026-04-21)

Bug Fixes

  • promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

3.22.1 (2026-04-17)

Bug Fixes

  • async stack traces not pointing to correct source, regression introduced by #4257 (#4265) (5b6206c)
  • packet: return INVALID_DATE for zero dates with numeric timezone offset (#1019) (#4258) (cb5adcc)

3.22.0 (2026-04-10)

Features

  • disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
  • implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

Performance Improvements

  • defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

3.21.1 (2026-04-09)

Bug Fixes

  • limit client flags to server capabilities (#4227) (e1930b8)
  • use Number.isSafeInteger for supportBigNumbers boundary check (#4225) (295264b)

... (truncated)

Commits
  • e2a7cbc chore(master): release 3.22.4 (#4314)
  • 4e5462a build(deps-dev): bump the dev-dependencies group with 3 updates (#4316)
  • b841220 build(deps-dev): bump poku (#4317)
  • a72a479 cd: merge release process (#4315)
  • fbff09c fix(pool): reject queued requests on end (#4291)
  • 432cee2 build(deps): bump sass from 1.99.0 to 1.100.0 in /website (#4312)
  • 36c6de2 build(deps): bump qs and express in /website (#4313)
  • 5cc75c3 build(deps-dev): bump @​eslint/markdown in the dev-dependencies group (#4311)
  • 3016597 build(deps-dev): bump the website-dev-dependencies group (#4310)
  • 86a38f7 build(deps-dev): bump the dev-dependencies group with 2 updates (#4309)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for mysql2 since your current version.


Updates otplib from 13.1.1 to 13.4.1

Release notes

Sourced from otplib's releases.

v13.4.1

What's Changed

New Contributors

Full Changelog: yeojz/otplib@v13.4.0...v13.4.1

v13.4.0

What's Changed

... (truncated)

Commits
  • 1d997b0 release(packages): v13.4.1 (#854)
  • 0e9566f docs(otplib): note 16-byte minimum and fix broken secret-handling link (#851)
  • e01b4f1 chore(deps-dev): bump the dev-dependencies-patch group across 1 directory wit...
  • 212534b chore(deps-dev): bump the dev-dependencies-minor group with 4 updates (#828)
  • b54adad refactor(testing): rename test secret constants for semantic clarity (#832)
  • 4898252 refactor(testing): centralize test secrets and normalize naming (#831)
  • e5490bb release(packages): v13.4.0 (#819)
  • 3352eeb docs(totp): add string secrets and authenticator compatibility notes to READM...
  • 9038272 feat: add IIFE/CDN build support to otplib (#810)
  • 4fd86b5 chore: update readme tip/important blocks
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for otplib since your current version.


Updates @eslint/js from 9.39.2 to 10.0.1

Release notes

Sourced from @​eslint/js's releases.

v10.0.1

Bug Fixes

  • c87d5bd fix: update eslint (#20531) (renovate[bot])
  • d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
  • 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
  • 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

  • 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
  • 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
  • b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

  • e5c281f chore: updates for v9.39.3 release (Jenkins)
  • 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
  • 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
  • 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
  • da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
  • 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
  • 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

  • f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
  • a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
  • c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
  • fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
  • 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
  • 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
  • ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
  • 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
  • c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
  • 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
  • a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
  • a89059d feat!: Program range span entire source text (#20133) (Pixel998)
  • 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
  • f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)
  • aa3fb2b fix!: tighten func-names schema (#20119) (Pixel998)
  • f6c0ed0 feat!: report eslint-env comments as errors (#20128) (Francesco Trotta)
  • 4bf739f fix!: remove deprecated LintMessage#nodeType and TestCaseError#type (#20096) (Pixel998)
  • 523c076 feat!: drop support for jiti < 2.2.0 (#20016) (michael faith)
  • 454a292 feat!: update eslint:recommended configuration (#20210) (Pixel998)
  • 4f880ee feat!: remove v10_* and inactive unstable_* flags (#20225) (sethamus)
  • f18115c feat!: no-shadow-restricted-names report globalThis by default (#20027) (sethamus)
  • c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160) (Milos Djermanovic)

Features

  • bff9091 feat: handle Array.fromAsync in array-callback-return (#20457) (Francesco Trotta)
  • 290c594 feat: add self to no-implied-eval rule (#20468) (sethamus)
  • 43677de feat: fix handling of function and class expression names in no-shadow (#20432) (Milos Djermanovic)

... (truncated)

Commits
  • 84fb885 chore: package.json update for @​eslint/js release
  • 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467)
  • f3fbc2f chore: set @eslint/js version to 10.0.0 to skip releasing it (#20466)
  • b4b3127 chore: package.json update for @​eslint/js release
  • 0b14059 chore: package.json update for @​eslint/js release
  • fa31a60 feat!: add name to configs (#20015)
  • 1e2cad5 chore: package.json update for @​eslint/js release
  • 454a292 feat!: update eslint:recommended configuration (#20210)
  • c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160)
  • See full diff in compare view

Updates eslint from 9.39.2 to 10.4.1

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

  • e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
  • d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
  • f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
  • c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
  • 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

  • 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
  • 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
  • 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
  • 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
  • c91b041 docs: Update README (GitHub Actions Bot)
  • e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

  • b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
  • f78838b test: add CodePath type coverage (#20904) (Pixel998)
  • 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
  • 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
  • 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)
  • 6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)
  • b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])
  • a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)
  • b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)
  • 507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)
  • 92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)
  • df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)
  • 327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)
  • f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)
  • 0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)

v10.4.0

Features

  • 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
  • 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

  • 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
  • 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
  • f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

  • 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
  • db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
  • 9084664 docs: Update README (GitHub Actions Bot)
  • 9cc7387 docs: Update README (GitHub Actions Bot)
  • 3d7b548 docs: Update README (GitHub Actions Bot)
  • 191ec3c docs: Update README (GitHub Actions Bot)

... (truncated)

Commits
  • 4a3d15a 10.4.1
  • 43e7e2b Build: changelog update for 10.4.1
  • e557467 fix: update @eslint/plugin-kitDescription has been truncated

@dependabot
Bump the api-deps group across 1 directory with 7 updates
37373db 
Bumps the api-deps group with 7 updates in the /api directory:

| Package | From | To |
| --- | --- | --- |
| [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` |
| [knex](https://github.com/knex/knex) | `3.1.0` | `3.2.10` |
| [mysql2](https://github.com/sidorares/node-mysql2) | `3.16.1` | `3.22.4` |
| [otplib](https://github.com/yeojz/otplib/tree/HEAD/packages/otplib) | `13.1.1` | `13.4.1` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.39.2` | `10.0.1` |
| [eslint](https://github.com/eslint/eslint) | `9.39.2` | `10.4.1` |



Updates `helmet` from 8.1.0 to 8.2.0
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v8.1.0...v8.2.0)

Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

Updates `knex` from 3.1.0 to 3.2.10
- [Release notes](https://github.com/knex/knex/releases)
- [Changelog](https://github.com/knex/knex/blob/master/CHANGELOG.md)
- [Commits](knex/knex@3.1.0...3.2.10)

Updates `mysql2` from 3.16.1 to 3.22.4
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v3.16.1...v3.22.4)

Updates `otplib` from 13.1.1 to 13.4.1
- [Release notes](https://github.com/yeojz/otplib/releases)
- [Commits](https://github.com/yeojz/otplib/commits/v13.4.1/packages/otplib)

Updates `@eslint/js` from 9.39.2 to 10.0.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v10.0.1/packages/js)

Updates `eslint` from 9.39.2 to 10.4.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.2...v10.4.1)

---
updated-dependencies:
- dependency-name: helmet
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: api-deps
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: api-deps
- dependency-name: knex
  dependency-version: 3.2.10
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: api-deps
- dependency-name: mysql2
  dependency-version: 3.22.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: api-deps
- dependency-name: otplib
  dependency-version: 13.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: api-deps
- dependency-name: "@eslint/js"
  dependency-version: 10.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: api-deps
- dependency-name: eslint
  dependency-version: 10.4.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: api-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants