Skip to content

Bump the api-deps group across 1 directory with 6 updates#38

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/api/api-deps-e51f1f6933
Open

Bump the api-deps group across 1 directory with 6 updates#38
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/api/api-deps-e51f1f6933

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 22, 2026
edited
Loading

Bumps the api-deps group with 6 updates in the /api directory:

Package From To
helmet 8.1.0 8.2.0
knex 3.1.0 3.2.10
mysql2 3.16.1 3.22.3
otplib 13.1.1 13.4.0
@eslint/js 9.39.2 10.0.1
eslint 9.39.2 10.4.0

Updates helmet from 8.1.0 to 8.2.0

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

  • Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
  • Improve error message when passing duplicate options
Commits

Updates knex from 3.1.0 to 3.2.10

Release notes

Sourced from knex's releases.

3.2.10

Bug fixes

Misc

Full Changelog: knex/knex@3.2.9...3.2.10

3.2.9

What's Changed

New Contributors

Full Changelog: knex/knex@3.2.8...3.2.9

3.2.8

What's Changed

Full Changelog: knex/knex@3.2.7...3.2.8

3.2.7

What's Changed

... (truncated)

Changelog

Sourced from knex's changelog.

3.2.10 - 2 May, 2026

Bug fixes

  • fix: bump lodash to ^4.18.1, close #6433 #6446
  • Fix: Properly Escape Aliases in Analytic Functions #6392

Misc

  • chore: auto-update the docs' knex version on publish #6447
  • chore: skip re-running tests on automated release commit #6443
  • chore: sync docker images we use to ghcr #6445
  • chore: fixes for release-drafter workflow #6442
  • chore: new publish/release workflow #6441
  • docs: Update changelog for version 3.2.9 #6440
  • docs: sync website changelog from 3.0.0 to 3.2.8 #6426

3.2.9 - 3 April, 2026

Bug fixes

  • fix: support DELETE... LIMIT in dialects that support it (mysql), but continue to disallow ones that don't #6429
  • fix(postgres): escape double quotes in searchPath to prevent SQL injection #6411
  • fix(sqlite): append RETURNING statement when insert empty row #5471
  • fix: add type support for Array<Buffer> #6428

3.2.8 - 30 March, 2026

Bug fixes

  • Reverts the breaking changes added in #6227. This means that the ESM import of Knex is reverted to import { knex } from 'knex/knex.mjs #6422
  • fix(types): allow a QueryBuilder type as a value in an update #6419

3.2.7 - 27 March, 2026

Bug fixes

  • fix sqlite DDL operations failing inside transactions #6408
  • fix: handle lowercase INFORMATION_SCHEMA keys in MySQL renameColumn #6407
  • fix: clone config in client constructor #5633
  • fix: remove __knexTxId from transaction connection on release #5288
  • fix: correct binding order in delete with subquery join #6412
  • chore: omit ./scripts from published package #6356

3.2.6 - 24 March, 2026

Bug fixes

  • Fix module exports #6406

... (truncated)

Commits
  • f4cc164 release 3.2.10
  • ada9b3c remove tsconfig.json change from last commit
  • 79a0318 fixes for deploy workflow
  • b9fffa8 additional release-drafter formatting fixes
  • c76f0fe additional release-drafter formatting fixes
  • 7d2964f cleanup release-drafter tag generation
  • 8c693c8 chore: auto-update the docs' knex version on publish (#6447)
  • 9280352 fix: bump lodash to ^4.18.1, close #6433 (#6446)
  • 32b4e85 chore: skip re-running tests on automated release commit (#6443)
  • d2d1574 chore: sync docker images we use to ghcr (#6445)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for knex since your current version.


Updates mysql2 from 3.16.1 to 3.22.3

Release notes

Sourced from mysql2's releases.

v3.22.3

3.22.3 (2026-04-24)

Bug Fixes

  • allow resetOnRelease in connection config validation (#4278) (e72f923)

v3.22.2

3.22.2 (2026-04-21)

Bug Fixes

  • promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

v3.22.1

3.22.1 (2026-04-17)

Bug Fixes

  • async stack traces not pointing to correct source, regression introduced by #4257 (#4265) (5b6206c)
  • packet: return INVALID_DATE for zero dates with numeric timezone offset (#1019) (#4258) (cb5adcc)

v3.22.0

3.22.0 (2026-04-10)

Features

  • disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
  • implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

Performance Improvements

  • defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

v3.21.1

3.21.1 (2026-04-09)

Bug Fixes

  • limit client flags to server capabilities (#4227) (e1930b8)
  • use Number.isSafeInteger for supportBigNumbers boundary check (#4225) (295264b)

v3.21.0

3.21.0 (2026-04-09)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.22.3 (2026-04-24)

Bug Fixes

  • allow resetOnRelease in connection config validation (#4278) (e72f923)

3.22.2 (2026-04-21)

Bug Fixes

  • promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

3.22.1 (2026-04-17)

Bug Fixes

  • async stack traces not pointing to correct source, regression introduced by #4257 (#4265) (5b6206c)
  • packet: return INVALID_DATE for zero dates with numeric timezone offset (#1019) (#4258) (cb5adcc)

3.22.0 (2026-04-10)

Features

  • disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
  • implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

Performance Improvements

  • defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

3.21.1 (2026-04-09)

Bug Fixes

  • limit client flags to server capabilities (#4227) (e1930b8)
  • use Number.isSafeInteger for supportBigNumbers boundary check (#4225) (295264b)

3.21.0 (2026-04-09)

Features

  • add support for query attributes (#4223) (d732f78)
  • types: export ExecuteValues and QueryValues from entry point (9fafd6f)

... (truncated)

Commits
  • 908402e chore(master): release 3.22.3 (#4279)
  • 8078ad0 build(deps): bump lucide-react from 1.8.0 to 1.9.0 in /website (#4280)
  • e72f923 fix: allow resetOnRelease in connection config validation (#4278)
  • 77afd80 build(deps-dev): bump the dev-dependencies group with 2 updates (#4274)
  • 77626a7 chore(master): release 3.22.2 (#4271)
  • d615967 build(deps-dev): bump the dev-dependencies group with 2 updates (#4272)
  • 9245c08 build(deps-dev): bump poku (#4273)
  • c79a3f3 fix(promise): point rejection stacks at caller for promise API (#4267)
  • fe5df8e cd: ensure settings are processed by release-please (#4270)
  • a65c706 ci(github-actions): upgrade workflows to Node 24 action runtimes (#4268)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for mysql2 since your current version.


Updates otplib from 13.1.1 to 13.4.0

Release notes

Sourced from otplib's releases.

v13.4.0

What's Changed

New Contributors

Full Changelog: yeojz/otplib@v13.3.0...v13.4.0

v13.3.0

What's Changed

... (truncated)

Commits
  • e5490bb release(packages): v13.4.0 (#819)
  • 3352eeb docs(totp): add string secrets and authenticator compatibility notes to READM...
  • 9038272 feat: add IIFE/CDN build support to otplib (#810)
  • 4fd86b5 chore: update readme tip/important blocks
  • 6c9ed1c docs: improve package READMEs with accurate API context and usage examples (#...
  • fe462ac release(packages): v13.3.0 (#796)
  • 09f301f feat: add OTPHooks for custom token encoding and validation (#790)
  • 476f345 fix: harden OTP validation and URI parsing; bubble up TOTP replay controls th...
  • 972d355 Pin GitHub Actions to commit SHAs and update dependencies (#787)
  • ada9445 feat(test): add distribution tests package for cross-runtime testing (#778)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for otplib since your current version.


Updates @eslint/js from 9.39.2 to 10.0.1

Release notes

Sourced from @​eslint/js's releases.

v10.0.1

Bug Fixes

  • c87d5bd fix: update eslint (#20531) (renovate[bot])
  • d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
  • 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
  • 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

  • 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
  • 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
  • b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

  • e5c281f chore: updates for v9.39.3 release (Jenkins)
  • 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
  • 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
  • 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
  • da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
  • 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
  • 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

  • f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
  • a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
  • c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
  • fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
  • 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
  • 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
  • ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
  • 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
  • c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
  • 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
  • a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
  • a89059d feat!: Program range span entire source text (#20133) (Pixel998)
  • 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
  • f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)
  • aa3fb2b fix!: tighten func-names schema (#20119) (Pixel998)
  • f6c0ed0 feat!: report eslint-env comments as errors (#20128) (Francesco Trotta)
  • 4bf739f fix!: remove deprecated LintMessage#nodeType and TestCaseError#type (#20096) (Pixel998)
  • 523c076 feat!: drop support for jiti < 2.2.0 (#20016) (michael faith)
  • 454a292 feat!: update eslint:recommended configuration (#20210) (Pixel998)
  • 4f880ee feat!: remove v10_* and inactive unstable_* flags (#20225) (sethamus)
  • f18115c feat!: no-shadow-restricted-names report globalThis by default (#20027) (sethamus)
  • c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160) (Milos Djermanovic)

Features

  • bff9091 feat: handle Array.fromAsync in array-callback-return (#20457) (Francesco Trotta)
  • 290c594 feat: add self to no-implied-eval rule (#20468) (sethamus)
  • 43677de feat: fix handling of function and class expression names in no-shadow (#20432) (Milos Djermanovic)

... (truncated)

Commits
  • 84fb885 chore: package.json update for @​eslint/js release
  • 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467)
  • f3fbc2f chore: set @eslint/js version to 10.0.0 to skip releasing it (#20466)
  • b4b3127 chore: package.json update for @​eslint/js release
  • 0b14059 chore: package.json update for @​eslint/js release
  • fa31a60 feat!: add name to configs (#20015)
  • 1e2cad5 chore: package.json update for @​eslint/js release
  • 454a292 feat!: update eslint:recommended configuration (#20210)
  • c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160)
  • See full diff in compare view

Updates eslint from 9.39.2 to 10.4.0

Release notes

Sourced from eslint's releases.

v10.4.0

Features

  • 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
  • 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

  • 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
  • 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
  • f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

  • 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
  • db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
  • 9084664 docs: Update README (GitHub Actions Bot)
  • 9cc7387 docs: Update README (GitHub Actions Bot)
  • 3d7b548 docs: Update README (GitHub Actions Bot)
  • 191ec3c docs: Update README (GitHub Actions Bot)

Chores

  • 6616856 chore: upgrade knip to v6 (#20875) (Pixel998)
  • d13b084 ci: ensure auto-created PRs run CI (#20860) (lumir)
  • e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862) (dependabot[bot])
  • d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863) (kuldeep kumar)
  • 24db8cb test: add tests for SuppressionsService.save() (#20802) (kuldeep kumar)
  • 2ef0549 chore: update ecosystem plugins (#20857) (github-actions[bot])
  • a429791 ci: remove eslint-webpack-plugin types integration test (#20668) (Milos Djermanovic)
  • 9e37386 chore: replace recast with range approach in code-sample-minimizer (#20682) (Copilot)
  • 0dd1f9f test: disable warning for vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER (#20845) (Francesco Trotta)
  • 9da3c7b refactor: remove deprecated meta.language and migrate meta.dialects (#20716) (Pixel998)
  • 2099ed1 refactor: add meta.defaultOptions to more rules, enable linting (#20800) (xbinaryx)
  • f1dfbc9 chore: update ecosystem plugins (#20836) (github-actions[bot])
  • c759413 ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (#20843) (dependabot[bot])
  • 5b817d6 test: add unit tests for lib/shared/ast-utils (#20838) (kuldeep kumar)
  • 1c13ae3 test: add unit tests for lib/shared/severity (#20835) (kuldeep kumar)

v10.3.0

Features

  • 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

  • b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
  • 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

  • 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
  • 7f47937 docs: Update README (GitHub Actions Bot)

Chores

  • d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
  • 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and st...

Description has been truncated

@dependabot
Bump the api-deps group across 1 directory with 6 updates
4afa38d 
Bumps the api-deps group with 6 updates in the /api directory:

| Package | From | To |
| --- | --- | --- |
| [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` |
| [knex](https://github.com/knex/knex) | `3.1.0` | `3.2.10` |
| [mysql2](https://github.com/sidorares/node-mysql2) | `3.16.1` | `3.22.3` |
| [otplib](https://github.com/yeojz/otplib/tree/HEAD/packages/otplib) | `13.1.1` | `13.4.0` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.39.2` | `10.0.1` |
| [eslint](https://github.com/eslint/eslint) | `9.39.2` | `10.4.0` |



Updates `helmet` from 8.1.0 to 8.2.0
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v8.1.0...v8.2.0)

Updates `knex` from 3.1.0 to 3.2.10
- [Release notes](https://github.com/knex/knex/releases)
- [Changelog](https://github.com/knex/knex/blob/master/CHANGELOG.md)
- [Commits](knex/knex@3.1.0...3.2.10)

Updates `mysql2` from 3.16.1 to 3.22.3
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v3.16.1...v3.22.3)

Updates `otplib` from 13.1.1 to 13.4.0
- [Release notes](https://github.com/yeojz/otplib/releases)
- [Commits](https://github.com/yeojz/otplib/commits/v13.4.0/packages/otplib)

Updates `@eslint/js` from 9.39.2 to 10.0.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v10.0.1/packages/js)

Updates `eslint` from 9.39.2 to 10.4.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.2...v10.4.0)

---
updated-dependencies:
- dependency-name: helmet
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: api-deps
- dependency-name: knex
  dependency-version: 3.2.10
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: api-deps
- dependency-name: mysql2
  dependency-version: 3.22.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: api-deps
- dependency-name: otplib
  dependency-version: 13.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: api-deps
- dependency-name: "@eslint/js"
  dependency-version: 10.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: api-deps
- dependency-name: eslint
  dependency-version: 10.4.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: api-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants