Skip to content

Bump the production-dependencies group across 1 directory with 8 updates#173

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/backend/production-dependencies-c25d27f5a8
Closed

Bump the production-dependencies group across 1 directory with 8 updates#173
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/backend/production-dependencies-c25d27f5a8

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 24, 2025
edited
Loading

Bumps the production-dependencies group with 8 updates in the /backend directory:

Package From To
cron 3.3.2 4.1.0
eventsource 2.0.2 3.0.5
@types/eventsource 1.1.15 3.0.0
mongoose 8.9.7 8.13.0
mysql2 3.12.0 3.14.0
octokit 4.1.0 4.1.2
smee-client 2.0.4 3.1.1
validator 13.12.0 13.15.0

Updates cron from 3.3.2 to 4.1.0

Release notes

Sourced from cron's releases.

v4.1.0

4.1.0 (2025-02-24)

✨ Features

  • add isCronTimeValid function to validate cron expressions (#959) (cbd8106)

♻️ Chores

  • action: update actions/setup-node action to v4.2.0 (#950) (3a4a701)
  • action: update github/codeql-action action to v3.28.9 (#946) (84ebb32)
  • action: update marocchino/sticky-pull-request-comment action to v2.9.1 (#947) (7cdcbc2)
  • action: update step-security/harden-runner action to v2.11.0 (#948) (b7f9c79)
  • deps: lock file maintenance (fa08aa3)
  • deps: lock file maintenance (#944) (374ac42)
  • deps: update dependency @​types/node to v22.13.4 (#952) (05f1702)
  • deps: update dependency lint-staged to v15.4.3 (#953) (b99fc3b)
  • deps: update dependency typescript to v5.7.3 (#949) (5313b71)
  • deps: update linters (#954) (9159759)
  • deps: update semantic-release related packages (#951) (92d7ac3)
  • remove bower.json, which is unused (#955) (8e509f3)

v4.0.0

4.0.0 (2025-02-19)

⚠ Breaking changes

  • drop support for Node v16 and rename job.running to job.isActive (#957)

📦 Code Refactoring

  • drop support for Node v16 and rename job.running to job.isActive (#957) (605e94e), closes #902 #905

♻️ Chores

  • action: update actions/checkout action to v4.2.2 (#927) (ff1721e)
  • action: update actions/setup-node action to v4.1.0 (#928) (3e27773)
  • action: update actions/upload-artifact action to v4.6.0 (#931) (8283000)
  • action: update amannn/action-semantic-pull-request action to v5.5.3 (#929) (f1851d7)
  • action: update github/codeql-action action to v3.28.1 (#922) (eefd476)
  • deps: lock file maintenance (c3af5fc)
  • deps: lock file maintenance (d689a1c)
  • renovate: improve schedules & automerging to reduce noise (#942) (c253032)

v3.5.1-beta.1

3.5.1-beta.1 (2025-02-18)

🐛 Bug Fixes

... (truncated)

Changelog

Sourced from cron's changelog.

4.1.0 (2025-02-24)

✨ Features

  • add isCronTimeValid function to validate cron expressions (#959) (cbd8106)

♻️ Chores

  • action: update actions/setup-node action to v4.2.0 (#950) (3a4a701)
  • action: update github/codeql-action action to v3.28.9 (#946) (84ebb32)
  • action: update marocchino/sticky-pull-request-comment action to v2.9.1 (#947) (7cdcbc2)
  • action: update step-security/harden-runner action to v2.11.0 (#948) (b7f9c79)
  • deps: lock file maintenance (fa08aa3)
  • deps: lock file maintenance (#944) (374ac42)
  • deps: update dependency @​types/node to v22.13.4 (#952) (05f1702)
  • deps: update dependency lint-staged to v15.4.3 (#953) (b99fc3b)
  • deps: update dependency typescript to v5.7.3 (#949) (5313b71)
  • deps: update linters (#954) (9159759)
  • deps: update semantic-release related packages (#951) (92d7ac3)
  • remove bower.json, which is unused (#955) (8e509f3)

4.0.0 (2025-02-19)

⚠ Breaking changes

  • drop support for Node v16 and rename job.running to job.isActive (#957)

📦 Code Refactoring

  • drop support for Node v16 and rename job.running to job.isActive (#957) (605e94e), closes #902 #905

♻️ Chores

  • action: update actions/checkout action to v4.2.2 (#927) (ff1721e)
  • action: update actions/setup-node action to v4.1.0 (#928) (3e27773)
  • action: update actions/upload-artifact action to v4.6.0 (#931) (8283000)
  • action: update amannn/action-semantic-pull-request action to v5.5.3 (#929) (f1851d7)
  • action: update github/codeql-action action to v3.28.1 (#922) (eefd476)
  • deps: lock file maintenance (c3af5fc)
  • deps: lock file maintenance (d689a1c)
  • renovate: improve schedules & automerging to reduce noise (#942) (c253032)

3.5.0 (2025-01-10)

✨ Features

  • throw instead of silently rewriting invalid cron expressions (#937) (dcc5b93)

⚙️ Continuous Integrations

... (truncated)

Commits
  • 66df6f6 Release v4.1.0 [skip ci]
  • cbd8106 feat: add isCronTimeValid function to validate cron expressions (#959)
  • fa08aa3 chore(deps): lock file maintenance
  • 8e509f3 chore: remove bower.json, which is unused (#955)
  • 05f1702 chore(deps): update dependency @​types/node to v22.13.4 (#952)
  • 3a4a701 chore(action): update actions/setup-node action to v4.2.0 (#950)
  • b7f9c79 chore(action): update step-security/harden-runner action to v2.11.0 (#948)
  • b99fc3b chore(deps): update dependency lint-staged to v15.4.3 (#953)
  • 5313b71 chore(deps): update dependency typescript to v5.7.3 (#949)
  • 7cdcbc2 chore(action): update marocchino/sticky-pull-request-comment action to v2.9.1...
  • Additional commits viewable in compare view

Updates eventsource from 2.0.2 to 3.0.5

Release notes

Sourced from eventsource's releases.

v3.0.5

3.0.5 (2025-01-28)

Bug Fixes

  • include message and code on errors when logging in node.js and deno (f2596b3)

This release is also available on:

v3.0.4

3.0.4 (2025-01-28)

Bug Fixes

  • ensure message is set on ErrorEvent on network errors (d1dc711)

This release is also available on:

v3.0.3

3.0.3 (2025-01-27)

Bug Fixes

  • bundle event listener typings (2c51349)

This release is also available on:

v3.0.2

3.0.2 (2024-12-13)

Bug Fixes

  • reference possibly missing event typings (d3b6849)

This release is also available on:

v3.0.1

3.0.1 (2024-12-07)

Bug Fixes

  • run build prior to publishing (f86df19)

... (truncated)

Changelog

Sourced from eventsource's changelog.

3.0.5 (2025-01-28)

Bug Fixes

  • include message and code on errors when logging in node.js and deno (f2596b3)

3.0.4 (2025-01-28)

Bug Fixes

  • ensure message is set on ErrorEvent on network errors (d1dc711)

3.0.3 (2025-01-27)

Bug Fixes

  • bundle event listener typings (2c51349)

3.0.2 (2024-12-13)

Bug Fixes

  • reference possibly missing event typings (d3b6849)

3.0.1 (2024-12-07)

Bug Fixes

  • run build prior to publishing (f86df19)

3.0.0 (2024-12-07)

⚠ BREAKING CHANGES

  • Drop support for Node.js versions below v18
  • The module now uses a named export instead of a default export.
  • UMD bundle dropped. Use a bundler.
  • headers in init dict dropped, pass a custom fetch function instead.
  • HTTP/HTTPS proxy support dropped. Pass a custom fetch function instead.
  • https.* options dropped. Pass a custom fetch function that provides an agent/dispatcher instead.
  • New default reconnect delay: 3 seconds instead of 1 second.
  • Reconnecting after a redirect will now always use the original URL, even if the status code was HTTP 307.

Features

  • modernize - use fetch, WebStreams, TypeScript, ESM (#330) (40655f7)

Bug Fixes

  • dispatchEvent now emits entire event object (eb430c0)

... (truncated)

Commits
  • a983ccf chore(release): 3.0.5 [skip ci]
  • f2596b3 fix: include message and code on errors when logging in node.js and deno
  • 47a195d chore(release): 3.0.4 [skip ci]
  • d1dc711 fix: ensure message is set on ErrorEvent on network errors
  • 568f209 chore(release): 3.0.3 [skip ci]
  • 88b6a3d docs: include error messages for missing typings
  • 2c51349 fix: bundle event listener typings
  • 340ec41 chore: make build script node 18 compatible
  • 1c532a7 docs: fix formatting of old entries in changelog
  • 5e08e28 chore(release): 3.0.2 [skip ci]
  • Additional commits viewable in compare view

Updates @types/eventsource from 1.1.15 to 3.0.0

Commits

Updates mongoose from 8.9.7 to 8.13.0

Release notes

Sourced from mongoose's releases.

8.13.0 / 2025-03-24

  • feat: bump mongodb driver -> 6.15.0
  • feat: support custom types exported from driver #15321

8.12.2 / 2025-03-21

  • fix(document): avoid stripping out fields in discriminator schema after select: false field #15322 #15308
  • fix(AggregationCursor): make next() error if schema pre('aggregate') middleware throws error #15293 #15279
  • fix(populate): correctly get schematypes when deep populating under a map #15302 #9359
  • fix(model): avoid returning null from bulkSave() if error doesn't have writeErrors property #15323
  • types: add WithTimestamps utility type #15318 baruchiro
  • docs: update references to the ms module in date schema documentation #15319 baruchiro
  • docs: fix typo in schematypes.md #15305 skyran1278

8.12.1 / 2025-03-04

8.12.0 / 2025-03-03

  • feat: bump mongodb driver to 6.14
  • feat: expose "SchemaTypeOptions" in browser #15277 hasezoey
  • docs: update field-level-encryption.md #15272 dphrag

8.11.0 / 2025-02-26

  • feat(model): make bulkWrite results include MongoDB bulk write errors as well as validation errors #15271 #15265
  • feat(document): add schemaFieldsOnly option to toObject() and toJSON() #15259 #15218
  • feat: introduce populate ordered option for populating in series rather than in parallel for transactions #15239 #15231 #15210
  • fix(bigint): throw error when casting BigInt that's outside of the bounds of what MongoDB can safely store #15230 #15200

8.10.2 / 2025-02-25

  • fix(model+connection): return MongoDB BulkWriteResult instance even if no valid ops #15266 #15265
  • fix(debug): avoid printing trusted symbol in debug output #15267 #15263
  • types: make type inference logic resilient to no Buffer type due to missing @​types/node #15261

8.10.1 / 2025-02-14

  • perf(document): only call undoReset() 1x/document #15257 #15255
  • perf(schema): clear childSchemas when overwriting existing path to avoid performance degradations #15256 #15253
  • perf: some more micro optimizations for find() and findOne() #14906 #15250
  • fix(model): avoid adding timeout on Model.init() buffering to avoid unintentional dangling open handles #15251 #15241
  • fix: avoid connection buffering on init if autoCreate: false #15247 #15241
  • fix: infer discriminator key if set in $set with overwriteDiscriminatorKey #15243 #15218
  • types(middleware): make this in document middleware the hydrated doc type, not raw doc type #15246 #15242
  • types(schema): support options parameter to Schema.prototype.discriminator() #15249 #15244
  • types(schema): allow calling Schema.prototype.number() with no message arg #15237 #15236
  • docs(typescript): recommend using HydratedSingleSubdocument over Types.Subdocument #15240 #15211

... (truncated)

Changelog

Sourced from mongoose's changelog.

8.13.0 / 2025-03-24

  • feat: bump mongodb driver -> 6.15.0
  • feat: support custom types exported from driver #15321

8.12.2 / 2025-03-21

  • fix(document): avoid stripping out fields in discriminator schema after select: false field #15322 #15308
  • fix(AggregationCursor): make next() error if schema pre('aggregate') middleware throws error #15293 #15279
  • fix(populate): correctly get schematypes when deep populating under a map #15302 #9359
  • fix(model): avoid returning null from bulkSave() if error doesn't have writeErrors property #15323
  • types: add WithTimestamps utility type #15318 baruchiro
  • docs: update references to the ms module in date schema documentation #15319 baruchiro
  • docs: fix typo in schematypes.md #15305 skyran1278

8.12.1 / 2025-03-04

8.12.0 / 2025-03-03

  • feat: bump mongodb driver to 6.14
  • feat: expose "SchemaTypeOptions" in browser #15277 hasezoey
  • docs: update field-level-encryption.md #15272 dphrag

8.11.0 / 2025-02-26

  • feat(model): make bulkWrite results include MongoDB bulk write errors as well as validation errors #15271 #15265
  • feat(document): add schemaFieldsOnly option to toObject() and toJSON() #15259 #15218
  • feat: introduce populate ordered option for populating in series rather than in parallel for transactions #15239 #15231 #15210
  • fix(bigint): throw error when casting BigInt that's outside of the bounds of what MongoDB can safely store #15230 #15200

8.10.2 / 2025-02-25

  • fix(model+connection): return MongoDB BulkWriteResult instance even if no valid ops #15266 #15265
  • fix(debug): avoid printing trusted symbol in debug output #15267 #15263
  • types: make type inference logic resilient to no Buffer type due to missing @​types/node #15261

8.10.1 / 2025-02-14

  • perf(document): only call undoReset() 1x/document #15257 #15255
  • perf(schema): clear childSchemas when overwriting existing path to avoid performance degradations #15256 #15253
  • perf: some more micro optimizations for find() and findOne() #14906 #15250
  • fix(model): avoid adding timeout on Model.init() buffering to avoid unintentional dangling open handles #15251 #15241
  • fix: avoid connection buffering on init if autoCreate: false #15247 #15241
  • fix: infer discriminator key if set in $set with overwriteDiscriminatorKey #15243 #15218
  • types(middleware): make this in document middleware the hydrated doc type, not raw doc type #15246 #15242
  • types(schema): support options parameter to Schema.prototype.discriminator() #15249 #15244
  • types(schema): allow calling Schema.prototype.number() with no message arg #15237 #15236
  • docs(typescript): recommend using HydratedSingleSubdocument over Types.Subdocument #15240 #15211

... (truncated)

Commits

Updates mysql2 from 3.12.0 to 3.14.0

Release notes

Sourced from mysql2's releases.

v3.14.0

3.14.0 (2025-03-19)

Features

v3.13.0

3.13.0 (2025-03-06)

Features

Bug Fixes

  • query: support VECTOR packets in static parser (#3379) (603c246)
  • PromisePoolCluster.of returns PromisePoolCluster instead of PoolNamespace (#3261) (be22202)
Changelog

Sourced from mysql2's changelog.

3.14.0 (2025-03-19)

Features

3.13.0 (2025-03-06)

Features

Bug Fixes

  • PromisePoolCluster.of returns PromisePoolCluster instead of PoolNamespace (#3261) (be22202)
  • query: support VECTOR packets in static parser (#3379) (603c246)
Commits
  • 1fe1c9d chore(master): release 3.14.0 (#3473)
  • 67d18f9 build(deps-dev): bump poku from 3.0.1 to 3.0.2 in /website (#3488)
  • 65cc9cf build(deps-dev): bump poku from 3.0.1 to 3.0.2 (#3487)
  • 2e7f224 build(deps): bump lucide-react from 0.482.0 to 0.483.0 in /website (#3486)
  • d6d82ed build(deps): bump sass from 1.85.1 to 1.86.0 in /website (#3485)
  • a2a9804 build(deps): bump lucide-react from 0.479.0 to 0.482.0 in /website (#3484)
  • 2670f32 build(deps-dev): bump portfinder from 1.0.34 to 1.0.35 (#3483)
  • ec4a2d7 build(deps): bump @​easyops-cn/docusaurus-search-local in /website (#3482)
  • 6ac4646 build(deps): bump @​babel/helpers from 7.26.9 to 7.26.10 in /website (#3480)
  • c504675 build(deps): bump @​babel/runtime from 7.26.9 to 7.26.10 in /website (#3479)
  • Additional commits viewable in compare view

Updates octokit from 4.1.0 to 4.1.2

Release notes

Sourced from octokit's releases.

v4.1.2

4.1.2 (2025-02-15)

Bug Fixes

  • deps: update Octokit dependencies to mitigate ReDos vulnerabilities [security] (#2816) (28ff745)

v4.1.1

4.1.1 (2025-02-07)

Bug Fixes

  • deps: bump @octokit/app to fix web users (#2806) (137de2d)
Commits
  • 28ff745 fix(deps): update Octokit dependencies to mitigate ReDos vulnerabilities [sec...
  • ba84495 chore(deps): update dependency prettier to v3.5.1 (#2808)
  • 45fe984 chore(deps): update dependency esbuild to ^0.25.0 (#2807)
  • 137de2d fix(deps): bump @octokit/app to fix web users (#2806)
  • 5d0caa7 build(deps-dev): bump vitest and @​vitest/coverage-v8 (#2804)
  • 1103fbb build(deps): lock file maintenance (#2802)
  • ddf9b14 build(deps): lock file maintenance (#2799)
  • 9011d38 build(deps): lock file maintenance (#2794)
  • d20c577 chore(deps): update vitest monorepo to v3 (major) (#2792)
  • See full diff in compare view

Updates smee-client from 2.0.4 to 3.1.1

Release notes

Sourced from smee-client's releases.

v3.1.1

3.1.1 (2025-03-03)

Bug Fixes

v3.1.0

3.1.0 (2025-03-03)

Features

v3.0.0

3.0.0 (2025-02-19)

Features

BREAKING CHANGES

  • This package has now migrated to ESM only
  • The properties of the Client class are now private

Co-authored-by: Aras Abbasi aras.abbasi@googlemail.com

v3.0.0-beta.5

3.0.0-beta.5 (2024-11-16)

Bug Fixes

v3.0.0-beta.4

3.0.0-beta.4 (2024-09-24)

Bug Fixes

v3.0.0-beta.3

... (truncated)

Commits

Updates validator from 13.12.0 to 13.15.0

Release notes

Sourced from validator's releases.

13.15.0

Thanks to @​WikiRik for prepping the release <3

New Features / Validators

Fixes, New Locales and Enhancements

@dependabot
Bump the production-dependencies group across 1 directory with 8 updates
136ef38 
Bumps the production-dependencies group with 8 updates in the /backend directory:

| Package | From | To |
| --- | --- | --- |
| [cron](https://github.com/kelektiv/node-cron) | `3.3.2` | `4.1.0` |
| [eventsource](https://github.com/EventSource/eventsource) | `2.0.2` | `3.0.5` |
| [@types/eventsource](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/eventsource) | `1.1.15` | `3.0.0` |
| [mongoose](https://github.com/Automattic/mongoose) | `8.9.7` | `8.13.0` |
| [mysql2](https://github.com/sidorares/node-mysql2) | `3.12.0` | `3.14.0` |
| [octokit](https://github.com/octokit/octokit.js) | `4.1.0` | `4.1.2` |
| [smee-client](https://github.com/probot/smee-client) | `2.0.4` | `3.1.1` |
| [validator](https://github.com/validatorjs/validator.js) | `13.12.0` | `13.15.0` |



Updates `cron` from 3.3.2 to 4.1.0
- [Release notes](https://github.com/kelektiv/node-cron/releases)
- [Changelog](https://github.com/kelektiv/node-cron/blob/main/CHANGELOG.md)
- [Commits](kelektiv/node-cron@v3.3.2...v4.1.0)

Updates `eventsource` from 2.0.2 to 3.0.5
- [Release notes](https://github.com/EventSource/eventsource/releases)
- [Changelog](https://github.com/EventSource/eventsource/blob/main/CHANGELOG.md)
- [Commits](EventSource/eventsource@v2.0.2...v3.0.5)

Updates `@types/eventsource` from 1.1.15 to 3.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/eventsource)

Updates `mongoose` from 8.9.7 to 8.13.0
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](Automattic/mongoose@8.9.7...8.13.0)

Updates `mysql2` from 3.12.0 to 3.14.0
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v3.12.0...v3.14.0)

Updates `octokit` from 4.1.0 to 4.1.2
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](octokit/octokit.js@v4.1.0...v4.1.2)

Updates `smee-client` from 2.0.4 to 3.1.1
- [Release notes](https://github.com/probot/smee-client/releases)
- [Commits](probot/smee-client@v2.0.4...v3.1.1)

Updates `validator` from 13.12.0 to 13.15.0
- [Release notes](https://github.com/validatorjs/validator.js/releases)
- [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md)
- [Commits](validatorjs/validator.js@13.12.0...13.15.0)

---
updated-dependencies:
- dependency-name: cron
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: eventsource
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: "@types/eventsource"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: mongoose
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: mysql2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: smee-client
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: validator
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 24, 2025
@github-actions
Copy link

github-actions bot commented Mar 24, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 31, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 31, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/backend/production-dependencies-c25d27f5a8 branch March 31, 2025 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants