Skip to content

chore(deps)(deps): bump the production-dependencies group with 9 updates#85

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/production-dependencies-3d41aa65a6
Open

chore(deps)(deps): bump the production-dependencies group with 9 updates#85
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/production-dependencies-3d41aa65a6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Bumps the production-dependencies group with 9 updates:

Package From To
bullmq 5.77.1 5.77.2
cors 2.8.5 2.8.6
dotenv 17.2.3 17.4.2
express-validator 7.3.1 7.3.2
fs-extra 11.3.3 11.3.5
helmet 8.1.0 8.2.0
joi 18.0.2 18.2.1
mariadb 3.4.5 3.5.2
mysql2 3.16.0 3.22.3

Updates bullmq from 5.77.1 to 5.77.2

Release notes

Sourced from bullmq's releases.

v5.77.2

5.77.2 (2026-05-24)

Bug Fixes

  • connection: use more permissive typing on NodeRedisRawClient options (#4184) (#4187) (0feec14), closes #4170
Commits

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

  • Improve documentation (API, context, examples...)
  • Remove additional markdown files from tarball
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.


Updates dotenv from 17.2.3 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

  • Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.
Commits

Updates express-validator from 7.3.1 to 7.3.2

Release notes

Sourced from express-validator's releases.

v7.3.2

What's Changed

Plus several docs changes.

New Contributors

Full Changelog: express-validator/express-validator@v7.3.1...v7.3.2

Commits

Updates fs-extra from 11.3.3 to 11.3.5

Changelog

Sourced from fs-extra's changelog.

11.3.5 / 2026-05-06

  • Fix ensureLink*/ensureSymlink* identical file detection on Windows (#1068)
  • Fix error handling in timestamp preservation code (#1065, #1069)
  • Fix potential file descriptor leak on error in synchronous timestamp preservation code (#1066)

11.3.4 / 2026-03-03

  • Fix bug where calling ensureSymlink/ensureSymlinkSync with a relative srcPath would fail if the symlink already existed (#1038, #1064)
Commits

Updates helmet from 8.1.0 to 8.2.0

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

  • Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
  • Improve error message when passing duplicate options
Commits

Updates joi from 18.0.2 to 18.2.1

Commits
  • 048fe05 18.2.1
  • 2392713 Merge pull request #3113 from hapijs/fix/link-max-call-stack
  • fc146a6 fix: protect link recursion from max call stack
  • f4e97e0 18.2.0
  • 626893d Merge pull request #3111 from hapijs/feat/link-maxRecursion
  • 9c7a443 feat: add maxRecursion limit to links
  • 7d43b12 18.1.2
  • d98c802 Merge pull request #3107 from mahmoodhamdi/fix/json-schema-number-rules
  • 7edc591 fix: improve JSON Schema conversion for number.port() and number.sign()
  • 06afeb5 18.1.1
  • Additional commits viewable in compare view

Updates mariadb from 3.4.5 to 3.5.2

Release notes

Sourced from mariadb's releases.

MariaDB Connector/Node.js 3.5.2

3.5.2 (Mar 2026)

Full Changelog

Issues Fixed

  • CONJS-342 Resolved TypeScript compilation errors introduced in mariadb-connector-nodejs v3.5.1
  • CONJS-343 Fixed an issue where batch operations would hang when provided with empty array parameter values

MariaDB Connector/Node.js 3.5.1

3.5.1 (Feb 2026)

Full Changelog

Notable changes

  • CONJS-338 Add asyncDispose support for Connection, PoolConnection and Pool #250
  • CONJS-339 Add default type parameter to Prepare interface and fix executeStream generic #334
  • CONJS-339 Add wildcard for values params on Prepare

Issues Fixed

  • CONJS-331 Plugin authentication change correction
  • CONJS-335 Deno compatibility: send COM_QUIT synchronously to prevent socket cleanup race condition
  • CONJS-336 Connection attribute _server_host send host, but IP resulting of name resolution
  • CONJS-340 Fix pool connection event to emit wrapped connections and prevent user errors from breaking pool #342
  • CONJS-341 Support charset + collation combination in connection options #337

MariaDB Connector/Node.js 3.5.0 RC

3.5.0-rc.0 (Oct 2025)

Full Changelog

Notable changes

  • CONJS-326 migrate from commonJS to ESM
  • CONJS-325 deno compatibility

Issues Fixed

  • CONJS-328 Fix minimumIdle option to maintain baseline idle connections
  • CONJS-330 caching_sha2_password: avoid requiring RSA key pair when connecting via Unix socket
Changelog

Sourced from mariadb's changelog.

3.5.2 (Mar 2026)

Full Changelog

Issues Fixed

  • CONJS-342 Resolved TypeScript compilation errors introduced in mariadb-connector-nodejs v3.5.1
  • CONJS-343 Fixed an issue where batch operations would hang when provided with empty array parameter values

3.5.1 (Feb 2026)

Full Changelog

Notable changes

  • CONJS-338 Add asyncDispose support for Connection, PoolConnection and Pool #250
  • CONJS-339 Add default type parameter to Prepare interface and fix executeStream generic #334
  • CONJS-339 Add wildcard for values params on Prepare

Issues Fixed

  • CONJS-331 Plugin authentication change correction
  • CONJS-335 Deno compatibility: send COM_QUIT synchronously to prevent socket cleanup race condition
  • CONJS-336 Connection attribute _server_host send host, but IP resulting of name resolution
  • CONJS-340 Fix pool connection event to emit wrapped connections and prevent user errors from breaking pool #342
  • CONJS-341 Support charset + collation combination in connection options #337

3.5.0-rc.0 (Oct 2025)

Full Changelog

Notable changes

  • CONJS-326 migrate from commonJS to ESM
  • CONJS-325 deno compatibility

Issues Fixed

  • CONJS-328 Fix minimumIdle option to maintain baseline idle connections
  • CONJS-330 caching_sha2_password: avoid requiring RSA key pair when connecting via Unix socket
Commits
  • ca98915 bump 3.5.2 version
  • e721d70 [misc] code style correction
  • 87ca82e [CONJS-343] batch hangs when having an empty parameters values #343
  • e054849 [CONJS-342] Move TypeScript type dependencies from peer to regular dependenci...
  • be72ebf [perf] Optimize buffer copy in readBufferLengthEncodedCopy with subarray
  • dbd5472 [CONJS-333] Optimize column type checking with buffer comparisons and pre-com...
  • e71f849 [misc] Release version 3.5.1
  • 82b639c [misc] bump dependencies
  • a5ba902 [perf] Optimize execute command with bitwise operations and constant reuse
  • 65b9508 [perf] Optimize parameter type checking and remove unused pipe property
  • Additional commits viewable in compare view

Updates mysql2 from 3.16.0 to 3.22.3

Release notes

Sourced from mysql2's releases.

v3.22.3

3.22.3 (2026-04-24)

Bug Fixes

  • allow resetOnRelease in connection config validation (#4278) (e72f923)

v3.22.2

3.22.2 (2026-04-21)

Bug Fixes

  • promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

v3.22.1

3.22.1 (2026-04-17)

Bug Fixes

  • async stack traces not pointing to correct source, regression introduced by #4257 (#4265) (5b6206c)
  • packet: return INVALID_DATE for zero dates with numeric timezone offset (#1019) (#4258) (cb5adcc)

v3.22.0

3.22.0 (2026-04-10)

Features

  • disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
  • implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

Performance Improvements

  • defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

v3.21.1

3.21.1 (2026-04-09)

Bug Fixes

  • limit client flags to server capabilities (#4227) (e1930b8)
  • use Number.isSafeInteger for supportBigNumbers boundary check (#4225) (295264b)

v3.21.0

3.21.0 (2026-04-09)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.22.3 (2026-04-24)

Bug Fixes

  • allow resetOnRelease in connection config validation (#4278) (e72f923)

3.22.2 (2026-04-21)

Bug Fixes

  • promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

3.22.1 (2026-04-17)

Bug Fixes

  • async stack traces not pointing to correct source, regression introduced by #4257 (#4265) (5b6206c)
  • packet: return INVALID_DATE for zero dates with numeric timezone offset (#1019) (#4258) (cb5adcc)

3.22.0 (2026-04-10)

Features

  • disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
  • implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

Performance Improvements

  • defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

3.21.1 (2026-04-09)

Bug Fixes

  • limit client flags to server capabilities (#4227) (e1930b8)
  • use Number.isSafeInteger for supportBigNumbers boundary check (#4225) (295264b)

3.21.0 (2026-04-09)

Features

  • add support for query attributes (#4223) (d732f78)
  • types: export ExecuteValues and QueryValues from entry point (9fafd6f)

... (truncated)

Commits
  • 908402e chore(master): release 3.22.3 (#4279)
  • 8078ad0 build(deps): bump lucide-react from 1.8.0 to 1.9.0 in /website (#4280)
  • e72f923 fix: allow resetOnRelease in connection config validation (#4278)
  • 77afd80 build(deps-dev): bump the dev-dependencies group with 2 updates (#4274)
  • 77626a7 chore(master): release 3.22.2 (#4271)
  • d615967 build(deps-dev): bump the dev-dependencies group with 2 updates (#4272)
  • 9245c08 build(deps-dev): bump poku (#4273)
  • c79a3f3 fix(promise): point rejection stacks at caller for promise API (#4267)
  • fe5df8e cd: ensure settings are processed by release-please (#4270)
  • a65c706 ci(github-actions): upgrade workflows to Node 24 action runtimes (#4268)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for mysql2 since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps)(deps): bump the production-dependencies group with 9 updates
bc9c272 
Bumps the production-dependencies group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [bullmq](https://github.com/taskforcesh/bullmq) | `5.77.1` | `5.77.2` |
| [cors](https://github.com/expressjs/cors) | `2.8.5` | `2.8.6` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.2.3` | `17.4.2` |
| [express-validator](https://github.com/express-validator/express-validator) | `7.3.1` | `7.3.2` |
| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.3` | `11.3.5` |
| [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` |
| [joi](https://github.com/hapijs/joi) | `18.0.2` | `18.2.1` |
| [mariadb](https://github.com/mariadb-corporation/mariadb-connector-nodejs) | `3.4.5` | `3.5.2` |
| [mysql2](https://github.com/sidorares/node-mysql2) | `3.16.0` | `3.22.3` |


Updates `bullmq` from 5.77.1 to 5.77.2
- [Release notes](https://github.com/taskforcesh/bullmq/releases)
- [Commits](taskforcesh/bullmq@v5.77.1...v5.77.2)

Updates `cors` from 2.8.5 to 2.8.6
- [Release notes](https://github.com/expressjs/cors/releases)
- [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md)
- [Commits](expressjs/cors@v2.8.5...v2.8.6)

Updates `dotenv` from 17.2.3 to 17.4.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.2.3...v17.4.2)

Updates `express-validator` from 7.3.1 to 7.3.2
- [Release notes](https://github.com/express-validator/express-validator/releases)
- [Commits](express-validator/express-validator@v7.3.1...v7.3.2)

Updates `fs-extra` from 11.3.3 to 11.3.5
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md)
- [Commits](jprichardson/node-fs-extra@11.3.3...11.3.5)

Updates `helmet` from 8.1.0 to 8.2.0
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v8.1.0...v8.2.0)

Updates `joi` from 18.0.2 to 18.2.1
- [Commits](hapijs/joi@v18.0.2...v18.2.1)

Updates `mariadb` from 3.4.5 to 3.5.2
- [Release notes](https://github.com/mariadb-corporation/mariadb-connector-nodejs/releases)
- [Changelog](https://github.com/mariadb-corporation/mariadb-connector-nodejs/blob/main/CHANGELOG.md)
- [Commits](mariadb-corporation/mariadb-connector-nodejs@3.4.5...3.5.2)

Updates `mysql2` from 3.16.0 to 3.22.3
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v3.16.0...v3.22.3)

---
updated-dependencies:
- dependency-name: bullmq
  dependency-version: 5.77.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: cors
  dependency-version: 2.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: dotenv
  dependency-version: 17.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: express-validator
  dependency-version: 7.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: fs-extra
  dependency-version: 11.3.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: helmet
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: joi
  dependency-version: 18.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: mariadb
  dependency-version: 3.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: mysql2
  dependency-version: 3.22.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 25, 2026

Assignees

The following users could not be added as assignees: FutureSolutionDev. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 25, 2026
@github-actions github-actions Bot added the server Changes in server/src/ label May 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file server Changes in server/src/

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants