Skip to content

chore(deps)(deps): bump the production-dependencies group across 1 directory with 9 updates#71

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/production-dependencies-b5d373af91
Open

chore(deps)(deps): bump the production-dependencies group across 1 directory with 9 updates#71
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/production-dependencies-b5d373af91

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026

Bumps the production-dependencies group with 9 updates in the / directory:

Package From To
axios 1.13.2 1.14.0
cors 2.8.5 2.8.6
dotenv 17.2.3 17.3.1
express-rate-limit 8.2.1 8.3.1
fs-extra 11.3.3 11.3.4
joi 18.0.2 18.1.1
mariadb 3.4.5 3.5.2
mysql2 3.16.0 3.20.0
sequelize 6.37.7 6.37.8

Updates axios from 1.13.2 to 1.14.0

Release notes

Sourced from axios's releases.

v1.14.0

This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.

⚠️ Important Changes

  • Breaking Changes: None identified in this release.
  • Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably proxy-from-env v2 alignment and main entry compatibility fix).

🚀 New Features

  • Runtime Features: No new end-user features were introduced in this release.
  • Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)

🐛 Bug Fixes

  • Headers: Trim trailing CRLF in normalised header values. (#7456)
  • HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)
  • Fetch Adapter: Cancel ReadableStream created during request-stream capability probing to prevent async resource leaks. (#7515)
  • Proxy Handling: Fixed env proxy behavior with proxy-from-env v2 usage. (#7499)
  • CommonJS Compatibility: Fixed package main entry regression affecting CJS consumers. (#7532)

🔧 Maintenance & Chores

  • Security/Dependencies: Updated formidable and refreshed package set to newer versions. (#7533, #10556)
  • Tooling: Continued migration to Vitest and modernised CI/test harnesses. (#7484, #7489, #7498)
  • Build/Lint Stack: Rollup, ESLint, TypeScript, and related dev-dependency updates. (#7508, #7509, #7522)
  • Documentation: Clarified JSON parsing and adapter-related docs/comments. (#7398, #7460, #7478)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

Full Changelog: v1.13.6...v1.14.0

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

  • Breaking Changes: None identified in this release.
  • Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

  • React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#5764)
  • Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

  • Environment Compatibility:
    • Fixed module exports for React Native and Browserify environments. (#7386)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

  • Improve documentation (API, context, examples...)
  • Remove additional markdown files from tarball
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.


Updates dotenv from 17.2.3 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.
Commits

Updates express-rate-limit from 8.2.1 to 8.3.1

Release notes

Sourced from express-rate-limit's releases.

v8.3.1

You can view the changelog here.

v8.3.0

You can view the changelog here.

Commits
  • 47e5b29 8.3.1
  • eb61179 v8.3.1 changelog
  • a17377d Fix broken link for contributing guide
  • 5aa3f6c fix: revert the dts-bundle-generator update
  • 06dea83 ci: run test on node 20, 22, 24, 25 and drop 18 as it reached eol
  • c86a27d chore: update dependencies
  • 8898ffa chore: migrate biome schema and run formatter
  • dd544fd docs: update changelog with backported releases
  • 9c90752 ci: setup oidc connect with npm for automatatic publish
  • e4477fa 8.3.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for express-rate-limit since your current version.


Updates fs-extra from 11.3.3 to 11.3.4

Changelog

Sourced from fs-extra's changelog.

11.3.4 / 2026-03-03

  • Fix bug where calling ensureSymlink/ensureSymlinkSync with a relative srcPath would fail if the symlink already existed (#1038, #1064)
Commits

Updates joi from 18.0.2 to 18.1.1

Commits
  • 06afeb5 18.1.1
  • 407ed75 chore: apply npm pkg fix
  • 4323588 Merge pull request #3099 from poupounetjoyeux/master
  • 8607f5c Merge pull request #3103 from ordinary9843/fix/describe-nan-allow
  • 384c5cd Merge pull request #3097 from iamnivekx/feat/standard-validate-options
  • 3e6d6cd 18.1.0
  • b366678 Merge pull request #3102 from hapijs/feat/standard-json-schema
  • f9f9c32 feat: add Standard JSON Schema
  • d7994c8 fix: allow NaN in schema describe() output validation
  • a454c18 Fix braces escaping when template doesn't contains any variable
  • Additional commits viewable in compare view

Updates mariadb from 3.4.5 to 3.5.2

Release notes

Sourced from mariadb's releases.

MariaDB Connector/Node.js 3.5.2

3.5.2 (Mar 2026)

Full Changelog

Issues Fixed

  • CONJS-342 Resolved TypeScript compilation errors introduced in mariadb-connector-nodejs v3.5.1
  • CONJS-343 Fixed an issue where batch operations would hang when provided with empty array parameter values

MariaDB Connector/Node.js 3.5.1

3.5.1 (Feb 2026)

Full Changelog

Notable changes

  • CONJS-338 Add asyncDispose support for Connection, PoolConnection and Pool #250
  • CONJS-339 Add default type parameter to Prepare interface and fix executeStream generic #334
  • CONJS-339 Add wildcard for values params on Prepare

Issues Fixed

  • CONJS-331 Plugin authentication change correction
  • CONJS-335 Deno compatibility: send COM_QUIT synchronously to prevent socket cleanup race condition
  • CONJS-336 Connection attribute _server_host send host, but IP resulting of name resolution
  • CONJS-340 Fix pool connection event to emit wrapped connections and prevent user errors from breaking pool #342
  • CONJS-341 Support charset + collation combination in connection options #337

MariaDB Connector/Node.js 3.5.0 RC

3.5.0-rc.0 (Oct 2025)

Full Changelog

Notable changes

  • CONJS-326 migrate from commonJS to ESM
  • CONJS-325 deno compatibility

Issues Fixed

  • CONJS-328 Fix minimumIdle option to maintain baseline idle connections
  • CONJS-330 caching_sha2_password: avoid requiring RSA key pair when connecting via Unix socket
Changelog

Sourced from mariadb's changelog.

3.5.2 (Mar 2026)

Full Changelog

Issues Fixed

  • CONJS-342 Resolved TypeScript compilation errors introduced in mariadb-connector-nodejs v3.5.1
  • CONJS-343 Fixed an issue where batch operations would hang when provided with empty array parameter values

3.5.1 (Feb 2026)

Full Changelog

Notable changes

  • CONJS-338 Add asyncDispose support for Connection, PoolConnection and Pool #250
  • CONJS-339 Add default type parameter to Prepare interface and fix executeStream generic #334
  • CONJS-339 Add wildcard for values params on Prepare

Issues Fixed

  • CONJS-331 Plugin authentication change correction
  • CONJS-335 Deno compatibility: send COM_QUIT synchronously to prevent socket cleanup race condition
  • CONJS-336 Connection attribute _server_host send host, but IP resulting of name resolution
  • CONJS-340 Fix pool connection event to emit wrapped connections and prevent user errors from breaking pool #342
  • CONJS-341 Support charset + collation combination in connection options #337

3.5.0-rc.0 (Oct 2025)

Full Changelog

Notable changes

  • CONJS-326 migrate from commonJS to ESM
  • CONJS-325 deno compatibility

Issues Fixed

  • CONJS-328 Fix minimumIdle option to maintain baseline idle connections
  • CONJS-330 caching_sha2_password: avoid requiring RSA key pair when connecting via Unix socket
Commits
  • ca98915 bump 3.5.2 version
  • e721d70 [misc] code style correction
  • 87ca82e [CONJS-343] batch hangs when having an empty parameters values #343
  • e054849 [CONJS-342] Move TypeScript type dependencies from peer to regular dependenci...
  • be72ebf [perf] Optimize buffer copy in readBufferLengthEncodedCopy with subarray
  • dbd5472 [CONJS-333] Optimize column type checking with buffer comparisons and pre-com...
  • e71f849 [misc] Release version 3.5.1
  • 82b639c [misc] bump dependencies
  • a5ba902 [perf] Optimize execute command with bitwise operations and constant reuse
  • 65b9508 [perf] Optimize parameter type checking and remove unused pipe property
  • Additional commits viewable in compare view

Updates mysql2 from 3.16.0 to 3.20.0

Release notes

Sourced from mysql2's releases.

v3.20.0

3.20.0 (2026-03-15)

Features

  • add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

  • explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
  • prevent double release from corrupting the connection pool (#4186) (7e57db6)
  • restore PoolConnection as subclass of Connection (#4183) (97855a6)

v3.19.1

3.19.1 (2026-03-09)

Security Bug Fixes

  • bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
  • handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
  • prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
  • validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

v3.19.0

3.19.0 (2026-03-05)

Features

  • use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

  • fix precision loss for large decimal values (#4135) (099beea)

v3.18.2

3.18.2 (2026-02-26)

Bug Fixes

  • types: add supportBigNumbers, bigNumberStrings, dateStrings, and timezone options to QueryOptions (#4127) (b274e72)
  • types: extend QueryValues to callback-based methods (#4129) (2ad5f0b)
  • types: improve ExecuteValues "nested" params (#4133) (3f94950)
  • types: support Raw and Uint8Array params (#4132) (bde9aec)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.20.0 (2026-03-15)

Features

  • add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

  • explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
  • prevent double release from corrupting the connection pool (#4186) (7e57db6)
  • restore PoolConnection as subclass of Connection (#4183) (97855a6)

3.19.1 (2026-03-09)

Bug Fixes

  • bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
  • handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
  • prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
  • validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

3.19.0 (2026-03-05)

Features

  • use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

  • fix precision loss for large decimal values (#4135) (099beea)

3.18.2 (2026-02-26)

Bug Fixes

  • types: add supportBigNumbers, bigNumberStrings, dateStrings, and timezone options to QueryOptions (#4127) (b274e72)
  • types: extend QueryValues to callback-based methods (#4129) (2ad5f0b)
  • types: improve ExecuteValues "nested" params (#4133) (3f94950)
  • types: support Raw and Uint8Array params (#4132) (bde9aec)

3.18.1 (2026-02-25)

Bug Fixes

... (truncated)

Commits

Updates sequelize from 6.37.7 to 6.37.8

Release notes

Sourced from sequelize's releases.

v6.37.8

6.37.8 (2026-03-07)

Security improvements

Commits
Maintainer changes

This version was pushed to npm by wikirik, a new releaser for sequelize since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you uni...

Description has been truncated

@dependabot
chore(deps)(deps): bump the production-dependencies group across 1 di…
ee9de8f 
…rectory with 9 updates

Bumps the production-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.13.2` | `1.14.0` |
| [cors](https://github.com/expressjs/cors) | `2.8.5` | `2.8.6` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.2.3` | `17.3.1` |
| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.3.1` |
| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.3` | `11.3.4` |
| [joi](https://github.com/hapijs/joi) | `18.0.2` | `18.1.1` |
| [mariadb](https://github.com/mariadb-corporation/mariadb-connector-nodejs) | `3.4.5` | `3.5.2` |
| [mysql2](https://github.com/sidorares/node-mysql2) | `3.16.0` | `3.20.0` |
| [sequelize](https://github.com/sequelize/sequelize) | `6.37.7` | `6.37.8` |



Updates `axios` from 1.13.2 to 1.14.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.2...v1.14.0)

Updates `cors` from 2.8.5 to 2.8.6
- [Release notes](https://github.com/expressjs/cors/releases)
- [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md)
- [Commits](expressjs/cors@v2.8.5...v2.8.6)

Updates `dotenv` from 17.2.3 to 17.3.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.2.3...v17.3.1)

Updates `express-rate-limit` from 8.2.1 to 8.3.1
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Commits](express-rate-limit/express-rate-limit@v8.2.1...v8.3.1)

Updates `fs-extra` from 11.3.3 to 11.3.4
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md)
- [Commits](jprichardson/node-fs-extra@11.3.3...11.3.4)

Updates `joi` from 18.0.2 to 18.1.1
- [Commits](hapijs/joi@v18.0.2...v18.1.1)

Updates `mariadb` from 3.4.5 to 3.5.2
- [Release notes](https://github.com/mariadb-corporation/mariadb-connector-nodejs/releases)
- [Changelog](https://github.com/mariadb-corporation/mariadb-connector-nodejs/blob/main/CHANGELOG.md)
- [Commits](mariadb-corporation/mariadb-connector-nodejs@3.4.5...3.5.2)

Updates `mysql2` from 3.16.0 to 3.20.0
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v3.16.0...v3.20.0)

Updates `sequelize` from 6.37.7 to 6.37.8
- [Release notes](https://github.com/sequelize/sequelize/releases)
- [Changelog](https://github.com/sequelize/sequelize/blob/main/CHANGELOG.md)
- [Commits](sequelize/sequelize@v6.37.7...v6.37.8)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: cors
  dependency-version: 2.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: dotenv
  dependency-version: 17.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: express-rate-limit
  dependency-version: 8.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: fs-extra
  dependency-version: 11.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: joi
  dependency-version: 18.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: mariadb
  dependency-version: 3.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: mysql2
  dependency-version: 3.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: sequelize
  dependency-version: 6.37.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 30, 2026

Assignees

The following users could not be added as assignees: FutureSolutionDev. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants