Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump the production-dependencies group across 1 directory with 12 updates

Closed
Number: #219
Type: Pull Request
State: Closed
Author: dependabot[bot] dependabot[bot]
Association: Contributor
Comments: 2
Created: June 02, 2025 at 08:34 PM UTC
(5 months ago)
Updated: June 23, 2025 at 08:46 PM UTC
(4 months ago)
Closed: June 23, 2025 at 08:46 PM UTC
(4 months ago)
Time to Close: 21 days
Labels:
dependencies javascript
Description:

Bumps the production-dependencies group with 12 updates in the /backend directory:

Package From To
@octokit/core 6.1.4 7.0.2
cron 4.1.3 4.3.1
dotenv 16.4.7 16.5.0
eventsource 3.0.6 4.0.0
express 4.21.2 5.1.0
@types/express 4.17.21 5.0.2
mongoose 8.13.2 8.15.1
mysql2 3.14.0 3.14.1
octokit 4.1.2 5.0.3
smee-client 3.1.1 4.2.0
validator 13.15.0 13.15.15
@types/validator 13.15.0 13.15.1

Updates @octokit/core from 6.1.4 to 7.0.2

Release notes

Sourced from @​octokit/core's releases.

v7.0.2

7.0.2 (2025-05-20)

Bug Fixes

  • deps: update octokit monorepo (major) (#742) (629fa4e)

v7.0.1

7.0.1 (2025-05-20)

Bug Fixes

  • deps: update dependency before-after-hook to v4 (#739) (2abf89e)

v7.0.0

7.0.0 (2025-05-20)

Continuous Integration

BREAKING CHANGES

  • Drop support for NodeJS v18

  • build: set minimal node version in build script to v20

  • ci: stop testing against NodeJS v18

v6.1.5

6.1.5 (2025-04-10)

Bug Fixes

  • deps: update dependency @​octokit/types to v14 (#731) (3700c41)
Commits
  • 629fa4e fix(deps): update octokit monorepo (major) (#742)
  • 1aba598 chore(deps): update dependency undici to v7 (#711)
  • 2abf89e fix(deps): update dependency before-after-hook to v4 (#739)
  • 78747bf ci: stop testing against NodeJS v18 (#738)
  • 38dd554 chore(deps): update dependency undici to v6.21.2 [security] (#741)
  • f7cb18f build: remove glob (#737)
  • 22243bd chore(deps): bump vite from 6.2.6 to 6.3.4 (#735)
  • e0d36c5 ci: replace OCTOKITBOT_PROJECT_ACTION_TOKEN and OCTOKITBOT_PAT with a tok...
  • e72addd chore(deps): bump vite from 6.2.5 to 6.2.6 (#733)
  • 3700c41 fix(deps): update dependency @​octokit/types to v14 (#731)
  • Additional commits viewable in compare view

Updates cron from 4.1.3 to 4.3.1

Release notes

Sourced from cron's releases.

v4.3.1

4.3.1 (2025-05-29)

🐛 Bug Fixes

♻️ Chores

  • action: update actions/setup-node action to v4.4.0 (86f8cec)
  • action: update github/codeql-action action to v3.28.16 (33d396f)
  • action: update github/codeql-action action to v3.28.17 (97a9185)
  • action: update github/codeql-action action to v3.28.18 (6a72709)
  • action: update step-security/harden-runner action to v2.12.0 (c0ad19d)
  • deps: lock file maintenance (784bc9c)
  • deps: lock file maintenance (7a97350)
  • deps: lock file maintenance (40163b4)
  • deps: lock file maintenance (9bcb7e3)
  • deps: lock file maintenance (#983) (3df1cf6)
  • deps: update dependency @​eslint/js to v9.25.1 (162008f)
  • deps: update dependency @​eslint/js to v9.27.0 (5c1161c)
  • deps: update dependency @​semantic-release/github to v11.0.2 (d27afcd)
  • deps: update dependency @​swc/core to v1.11.21 (a195b0f)
  • deps: update dependency @​swc/core to v1.11.29 (edd52d4)
  • deps: update dependency @​types/node to v22.14.1 (f24a7cb)
  • deps: update dependency @​types/node to v22.15.15 (#984) (bfb12a7)
  • deps: update dependency @​types/node to v22.15.21 (86b539a)
  • deps: update dependency lint-staged to v15.5.1 (25a3659)
  • deps: update dependency lint-staged to v15.5.2 (be017c5)
  • deps: update linters (6ed6fdb)
  • deps: update semantic-release related packages (555bba9)
  • deps: update swc monorepo (edd3284)

v4.3.0

4.3.0 (2025-04-15)

✨ Features

v4.2.1-beta.1

4.2.1-beta.1 (2025-04-15)

🐛 Bug Fixes

  • prevent jobs from stopping unexpectedly (#963) (69d2ef5)

v4.2.0

4.2.0 (2025-04-14)

... (truncated)

Changelog

Sourced from cron's changelog.

4.3.1 (2025-05-29)

🐛 Bug Fixes

♻️ Chores

  • action: update actions/setup-node action to v4.4.0 (86f8cec)
  • action: update github/codeql-action action to v3.28.16 (33d396f)
  • action: update github/codeql-action action to v3.28.17 (97a9185)
  • action: update github/codeql-action action to v3.28.18 (6a72709)
  • action: update step-security/harden-runner action to v2.12.0 (c0ad19d)
  • deps: lock file maintenance (784bc9c)
  • deps: lock file maintenance (7a97350)
  • deps: lock file maintenance (40163b4)
  • deps: lock file maintenance (9bcb7e3)
  • deps: lock file maintenance (#983) (3df1cf6)
  • deps: update dependency @​eslint/js to v9.25.1 (162008f)
  • deps: update dependency @​eslint/js to v9.27.0 (5c1161c)
  • deps: update dependency @​semantic-release/github to v11.0.2 (d27afcd)
  • deps: update dependency @​swc/core to v1.11.21 (a195b0f)
  • deps: update dependency @​swc/core to v1.11.29 (edd52d4)
  • deps: update dependency @​types/node to v22.14.1 (f24a7cb)
  • deps: update dependency @​types/node to v22.15.15 (#984) (bfb12a7)
  • deps: update dependency @​types/node to v22.15.21 (86b539a)
  • deps: update dependency lint-staged to v15.5.1 (25a3659)
  • deps: update dependency lint-staged to v15.5.2 (be017c5)
  • deps: update linters (6ed6fdb)
  • deps: update semantic-release related packages (555bba9)
  • deps: update swc monorepo (edd3284)

4.3.0 (2025-04-15)

✨ Features

4.2.1-beta.1 (2025-04-15)

🐛 Bug Fixes

  • prevent jobs from stopping unexpectedly (#963) (69d2ef5)

4.2.0 (2025-04-14)

✨ Features

... (truncated)

Commits
  • 7b4cf13 Release v4.3.1 [skip ci]
  • 0db2c2d fix: prevent sourcemap error in IDEs (#988)
  • 784bc9c chore(deps): lock file maintenance
  • 5c1161c chore(deps): update dependency @​eslint/js to v9.27.0
  • 555bba9 chore(deps): update semantic-release related packages
  • 86b539a chore(deps): update dependency @​types/node to v22.15.21
  • edd52d4 chore(deps): update dependency @​swc/core to v1.11.29
  • 6a72709 chore(action): update github/codeql-action action to v3.28.18
  • 7a97350 chore(deps): lock file maintenance
  • 40163b4 chore(deps): lock file maintenance
  • Additional commits viewable in compare view

Updates dotenv from 16.4.7 to 16.5.0

Changelog

Sourced from dotenv's changelog.

16.5.0 (2025-04-07)

Added

  • 🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP] Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM. Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

  • Remove _log method. Use _debug #862
Commits

Updates eventsource from 3.0.6 to 4.0.0

Release notes

Sourced from eventsource's releases.

v4.0.0

4.0.0 (2025-05-13)

⚠ BREAKING CHANGES

  • FetchLikeInit is now removed. Use EventSourceFetchInit.
  • Drop support for Node.js v18, as it is end-of-life.

Features

  • require node.js v20 or higher (91a3a48)

Bug Fixes

  • drop FetchLikeInit type. Use EventSourceFetchInit instead. (6786e46)

This release is also available on:

v3.0.7

3.0.7 (2025-05-09)

Bug Fixes

  • mark fetch init properties required in typings (1282872)

This release is also available on:

Changelog

Sourced from eventsource's changelog.

4.0.0 (2025-05-13)

⚠ BREAKING CHANGES

  • FetchLikeInit is now removed. Use EventSourceFetchInit.
  • Drop support for Node.js v18, as it is end-of-life.

Features

  • require node.js v20 or higher (91a3a48)

Bug Fixes

  • drop FetchLikeInit type. Use EventSourceFetchInit instead. (6786e46)

3.0.7 (2025-05-09)

Bug Fixes

  • mark fetch init properties required in typings (1282872)
Commits
  • d4385cb chore(release): 4.0.0 [skip ci]
  • 3057f3a docs: update migration guide
  • 6786e46 fix!: drop FetchLikeInit type. Use EventSourceFetchInit instead.
  • 91a3a48 feat!: require node.js v20 or higher
  • 54fbb3e chore(deps): upgrade dev dependencies to latest versions
  • 270e7f2 chore(release): 3.0.7 [skip ci]
  • 1282872 fix: mark fetch init properties required in typings
  • See full diff in compare view

Updates express from 4.21.2 to 5.1.0

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
  • change:
    • res.clearCookie will ignore user provided maxAge and expires options
  • deps: cookie-signature@^1.2.1
  • deps: debug@4.3.6
  • deps: merge-descriptors@^2.0.0
  • deps: serve-static@^2.1.0
  • deps: qs@6.13.0
  • deps: accepts@^2.0.0
  • deps: mime-types@^3.0.0
    • application/javascript => text/javascript
  • deps: type-is@^2.0.0
  • deps: content-disposition@^1.0.0

... (truncated)

Commits

Updates @types/express from 4.17.21 to 5.0.2

Commits

Updates mongoose from 8.13.2 to 8.15.1

Release notes

Sourced from mongoose's releases.

8.15.1 / 2025-05-26

8.15.0 / 2025-05-16

  • feat: CSFLE support #15390 baileympearson
  • feat: add strictFilter option to findOneAndUpdate (#14913) #15402 #14913 muazahmed-dev
  • feat(error): set cause to MongoDB error reason on ServerSelection errors #15420 #15416
  • fix(model): make bulkSave() rely on document.validateSync() to validate docs and skip bulkWrite casting #15415 #15410
  • types: stricter projection typing with 1-level deep nesting #15418 #15327 #13840 pshaddel
  • docs: emphasize automatic type inference in TypeScript intro and statics/methods, remove duplicated statics.md #15421

8.14.3 / 2025-05-13

8.14.2 / 2025-05-08

  • fix(query): handle casting array filter paths underneath array filter paths with embedded discriminators #15388 #15386
  • docs(typescript): correct schema and model generic params in TS virtuals docs #15391
  • docs+types(schema): add alternative optimisticConcurrency syntaxes to docs + types #15405 #10591
  • chore: add Node 24 to CI matrix #15408 stscoundrel

8.14.1 / 2025-04-29

  • fix: correct change tracking with maps of arrays of primitives and maps of maps #15374 #15350
  • fix(populate): consistently convert Buffer representation of UUID to hex string to avoid confusing populate assignment #15383 #15382
  • docs: add TypeScript Query guide with info on lean() + transform() #15377 #15311

8.14.0 / 2025-04-25

  • feat: upgrade MongoDB driver -> 6.16 #15371
  • feat: implement Query findById methods #15337 sderrow
  • feat(subdocument): support schematype-level minimize option to disable minimizing empty subdocuments #15336 #15313
  • feat: add skipOriginalStackTraces option to avoid stack trace performance overhead #15345 #15194
  • fix(model): disallow Model.findOneAndUpdate(update) and fix TypeScript types re: findOneAndUpdate #15365 #15363
  • types: correctly recurse in InferRawDocType #15357 #14954 JavaScriptBach
  • types: include virtuals in toJSON and toObject output if virtuals: true set #15346 #15316
  • types: make init hooks types accurately reflect runtime behavior #15331 #15301

8.13.3 / 2025-04-24

  • fix: export MongooseBulkSaveIncompleteError #15370 #15369
  • fix: clone POJOs and arrays when casting query filter to avoid mutating objects #15367 #15364
  • types(connection): add Connection.prototype.bulkWrite() to types #15368 #15359

... (truncated)

Changelog

Sourced from mongoose's changelog.

8.15.1 / 2025-05-26

8.15.0 / 2025-05-16

  • feat: CSFLE support #15390 baileympearson
  • feat: add strictFilter option to findOneAndUpdate (#14913) #15402 #14913 muazahmed-dev
  • feat(error): set cause to MongoDB error reason on ServerSelection errors #15420 #15416
  • fix(model): make bulkSave() rely on document.validateSync() to validate docs and skip bulkWrite casting #15415 #15410
  • types: stricter projection typing with 1-level deep nesting #15418 #15327 #13840 pshaddel
  • docs: emphasize automatic type inference in TypeScript intro and statics/methods, remove duplicated statics.md #15421

8.14.3 / 2025-05-13

8.14.2 / 2025-05-08

  • fix(query): handle casting array filter paths underneath array filter paths with embedded discriminators #15388 #15386
  • docs(typescript): correct schema and model generic params in TS virtuals docs #15391
  • docs+types(schema): add alternative optimisticConcurrency syntaxes to docs + types #15405 #10591
  • chore: add Node 24 to CI matrix #15408 stscoundrel

7.8.7 / 2025-04-30

8.14.1 / 2025-04-29

  • fix: correct change tracking with maps of arrays of primitives and maps of maps #15374 #15350
  • fix(populate): consistently convert Buffer representation of UUID to hex string to avoid confusing populate assignment #15383 #15382
  • docs: add TypeScript Query guide with info on lean() + transform() #15377 #15311

8.14.0 / 2025-04-25

  • feat: upgrade MongoDB driver -> 6.16 #15371
  • feat: implement Query findById methods #15337 sderrow
  • feat(subdocument): support schematype-level minimize option to disable minimizing empty subdocuments #15336 #15313
  • feat: add skipOriginalStackTraces option to avoid stack trace performance overhead #15345 #15194
  • fix(model): disallow Model.findOneAndUpdate(update) and fix TypeScript types re: findOneAndUpdate #15365 #15363
  • types: correctly recurse in InferRawDocType #15357 #14954 JavaScriptBach
  • types: include virtuals in toJSON and toObject output if virtuals: true set #15346 #15316
  • types: make init hooks types accurately reflect runtime behavior #15331 #15301

... (truncated)

Commits
  • 0c5f56f chore: release 8.15.1
  • 7f00685 Merge branch '7.x'
  • 15e7743 chore: bump tsd
  • a45ed3e Merge branch '6.x' into 7.x
  • b331eac Merge pull request #15434 from Automattic/vkarpov15/gh-15427
  • 2097837 chore: remove upload-artifact
  • 8045783 chore: bump ubuntu versions in GitHub actions
  • 5235028 docs(compatibility): add note that Mongoose ^6.5 works with MongoDB server 7.x
  • 49bad32 Merge pull request #15430 from Automattic/vkarpov15/mongoose-lean-getters-44
  • 37134b0 Merge pull request #15433 from SethFalco/patch-1
  • Additional commits viewable in compare view

Updates mysql2 from 3.14.0 to 3.14.1

Release notes

Sourced from mysql2's releases.

v3.14.1

3.14.1 (2025-04-27)

Bug Fixes

  • Fix for SET NAMES utf8 causing an unknown encoding error (#3551) 0617813d21cf9de5fcbd4dd283eafc6d090eeeaf
Changelog

Sourced from mysql2's changelog.

3.14.1 (2025-04-27)

Miscellaneous Chores

Commits
Pull Request Statistics
Commits:
1
Files Changed:
2
Additions:
+400
Deletions:
-1079
Package Dependencies
Package:
 mysql2
Ecosystem:
npm
Version Change:
3.14.0 → 3.14.1
Update Type:
Patch
Package:
express
Ecosystem:
npm
Version Change:
4.21.2 → 5.1.0
Update Type:
Major
Package:
eventsource
Ecosystem:
npm
Version Change:
3.0.6 → 4.0.0
Update Type:
Major
Package:
mongoose
Ecosystem:
npm
Version Change:
8.13.2 → 8.15.1
Update Type:
Minor
Package:
@types/express
Ecosystem:
npm
Version Change:
4.17.21 → 5.0.2
Update Type:
Major
Package:
validator
Ecosystem:
npm
Version Change:
13.15.0 → 13.15.15
Update Type:
Patch
Package:
dotenv
Ecosystem:
npm
Version Change:
16.4.7 → 16.5.0
Update Type:
Minor
Package:
octokit
Ecosystem:
npm
Version Change:
4.1.2 → 5.0.3
Update Type:
Major
Package:
@octokit/core
Ecosystem:
npm
Version Change:
6.1.4 → 7.0.2
Update Type:
Major
Package:
@types/validator
Ecosystem:
npm
Version Change:
13.15.0 → 13.15.1
Update Type:
Patch
Package:
cron
Ecosystem:
npm
Version Change:
4.1.3 → 4.3.1
Update Type:
Minor
Package:
smee-client
Ecosystem:
npm
Version Change:
3.1.1 → 4.2.0
Update Type:
Major
Security Advisories
cookie accepts cookie name, path, and domain with out of bounds characters
GHSA-pxg6-pf52-xh8x CVE-2024-47764 LOW
### Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize("userName=<script>alert('XSS3')</script>; Max-Age=25920...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 1245385
UUID: 2561866862
Node ID: PR_kwDONBIPLs6Ysvxu
Host: GitHub
Repository: austenstone/github-value
Mergeable: Yes
Merge State: Unstable