network icon indicating copy to clipboard operation
network copied to clipboard
verified publisher icon streamr-dev

build(deps): bump the dependencies group across 1 directory with 21 updates

Open dependabot[bot] opened this issue 2 months ago • 0 comments

Bumps the dependencies group with 20 updates in the / directory:

Package From To
@eslint/js 9.39.1 9.39.2
@types/node 24.10.1 25.0.3
eslint-plugin-jest 29.2.1 29.5.0
lerna 9.0.1 9.0.3
ts-jest 29.4.5 29.4.6
typescript-eslint 8.47.0 8.50.0
node-forge 1.3.2 1.3.3
@aws-sdk/client-route-53 3.936.0 3.955.0
express 5.2.0 5.2.1
@types/express 5.0.1 5.0.6
@electron/rebuild 4.0.1 4.0.2
webpack 5.103.0 5.104.1
ipaddr.js 2.2.0 2.3.0
lru-cache 11.2.2 11.2.4
bufferutil 4.0.9 4.1.0
utf-8-validate 6.0.5 6.0.6
zod 4.1.13 4.2.1
nightwatch 3.12.3 3.13.0
webpack-bundle-analyzer 5.0.1 5.1.0
pino-pretty 13.1.2 13.1.3

Updates @eslint/js from 9.39.1 to 9.39.2

Release notes

Sourced from @​eslint/js's releases.

v9.39.2

Bug Fixes

  • 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

  • 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

Commits

Updates @types/node from 24.10.1 to 25.0.3

Commits

Updates eslint-plugin-jest from 29.2.1 to 29.5.0

Release notes

Sourced from eslint-plugin-jest's releases.

v29.5.0

29.5.0 (2025-12-14)

Features

  • create new no-unneeded-async-expect-function rule (#1863) (6b8182d)

v29.4.1

29.4.1 (2025-12-14)

Bug Fixes

  • prefer-to-have-been-called-times: actually check that current matcher is toHaveLength (#1878) (3415744)

v29.4.0

29.4.0 (2025-12-13)

Features

  • create new prefer-to-have-been-called-times rule (281085a)
  • create new prefer-to-have-been-called rule (24e2acd)

v29.3.0

29.3.0 (2025-12-13)

Features

  • prefer-expect-assertions: support basic uses of hasAssertions in beforeEach and afterEach hooks (#1871) (eed9acb)

v29.2.3

29.2.3 (2025-12-13)

Bug Fixes

  • prefer-expect-assertions: use correct word in error message (#1873) (c48c48c)

v29.2.2

29.2.2 (2025-12-12)

Bug Fixes

Changelog

Sourced from eslint-plugin-jest's changelog.

29.5.0 (2025-12-14)

Features

  • create new no-unneeded-async-expect-function rule (#1863) (6b8182d)

29.4.1 (2025-12-14)

Bug Fixes

  • prefer-to-have-been-called-times: actually check that current matcher is toHaveLength (#1878) (3415744)

29.4.0 (2025-12-13)

Features

  • create new prefer-to-have-been-called-times rule (281085a)
  • create new prefer-to-have-been-called rule (24e2acd)

29.3.0 (2025-12-13)

Features

  • prefer-expect-assertions: support basic uses of hasAssertions in beforeEach and afterEach hooks (#1871) (eed9acb)

29.2.3 (2025-12-13)

Bug Fixes

  • prefer-expect-assertions: use correct word in error message (#1873) (c48c48c)

29.2.2 (2025-12-12)

Bug Fixes

Commits
  • 4297d50 chore(release): 29.5.0 [skip ci]
  • 6b8182d feat: create new no-unneeded-async-expect-function rule (#1863)
  • 48e78fc chore(release): 29.4.1 [skip ci]
  • 3415744 fix(prefer-to-have-been-called-times): actually check that current matcher is...
  • 45b4b11 test: always alias FlatCompatRuleTester as RuleTester (#1876)
  • 4a900e3 chore(release): 29.4.0 [skip ci]
  • 24e2acd feat: create new prefer-to-have-been-called rule
  • 281085a feat: create new prefer-to-have-been-called-times rule
  • 2646599 docs(prefer-called-with): remove references to toBeCalled matcher (#1874)
  • a12bc33 chore(release): 29.3.0 [skip ci]
  • Additional commits viewable in compare view

Updates lerna from 9.0.1 to 9.0.3

Release notes

Sourced from lerna's releases.

v9.0.3

9.0.3 (2025-11-27)

Bumped some dependencies to reduce audit warning noise.

NOTE: 9.0.2 does not exist because of a failed release

Changelog

Sourced from lerna's changelog.

9.0.3 (2025-11-27)

Note: Version bump only for package lerna

9.0.2 (2025-11-27)

Note: Version bump only for package lerna

Commits

Updates ts-jest from 29.4.5 to 29.4.6

Release notes

Sourced from ts-jest's releases.

v29.4.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.6 (2025-12-01)

Bug Fixes

  • log hybrid module as warning instead of failing tests (#5144) (528d37c), closes #5130
Commits
  • 202bde5 chore(release): 29.4.6 (#5146)
  • 528d37c fix: log hybrid module as warning instead of failing tests (#5144)
  • 141e5af build(deps): update github/codeql-action digest to 497990d
  • d281cce build(deps): update google/osv-scanner-action action to v2.3.0
  • 0d20322 build(deps): update dependency memfs to ^4.51.0
  • 455dde2 build(deps): update dependency js-yaml to ^4.1.1
  • d579480 build(deps): update dependency @​types/node to v20.19.25
  • f6859d0 build(deps): update dependency @​types/yargs to ^17.0.35
  • 4d7e432 build(deps): update github/codeql-action digest to d3ced5c
  • 4ea70c9 build(deps): update actions/checkout digest to 34e1148
  • Additional commits viewable in compare view

Updates typescript-eslint from 8.47.0 to 8.50.0

Release notes

Sourced from typescript-eslint's releases.

v8.50.0

8.50.0 (2025-12-15)

🚀 Features

  • eslint-plugin: [no-useless-default-assignment] add rule (#11720)

❤️ Thank You

  • Josh Goldberg ✨
  • Ulrich Stark

You can read about our versioning strategy and releases on our website.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

v8.48.1

8.48.1 (2025-12-02)

⏪ Reverts

  • eslint-plugin: revert "[no-redundant-type-constituents] use assignability checking for redundancy checks (#10744)" (#11812)

🩹 Fixes

  • eslint-plugin: [consistent-type-exports] check value flag before resolving alias (#11769)
  • eslint-plugin: honor ignored base types on generic classes (#11767)
  • eslint-plugin: [restrict-template-expressions] check base types in allow list (#11764, #11759)

❤️ Thank You

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.50.0 (2025-12-15)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.49.0 (2025-12-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.48.1 (2025-12-02)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.48.0 (2025-11-24)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates node-forge from 1.3.2 to 1.3.3

Changelog

Sourced from node-forge's changelog.

1.3.3 - 2025-12-02

Fixed

  • [pkcs12] Make digestAlgorithm parameters optional to fix PKCS#12/PFX issues introduced in 1.3.2.
Commits

Updates @aws-sdk/client-route-53 from 3.936.0 to 3.955.0

Release notes

Sourced from @​aws-sdk/client-route-53's releases.

v3.955.0

3.955.0(2025-12-18)

Chores
New Features
  • clients: update client endpoints as of 2025-12-18 (11335218)
  • client-ec2: This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet, DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs. (4d1a66b9)
  • client-ecs: Adding support for Event Windows via a new ECS account setting "fargateEventWindows". When enabled, ECS Fargate will use the configured event window for patching tasks. Introducing "CapacityOptionType" for CreateCapacityProvider API, allowing support for Spot capacity for ECS Managed Instances. (751c797f)
  • client-arc-region-switch: New API to list Route 53 health checks created by ARC region switch for a plan in a specific AWS Region using the Region switch Regional data plane. (406035c4)
  • client-bedrock-agentcore-control: Feature to support header exchanges between Bedrock AgentCore Gateway Targets and client, along with propagating query parameter to the configured targets. (800275ca)
  • client-appstream: Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets (a94e6d55)
  • client-cleanrooms: Adding support for collaboration change requests requiring an approval workflow. Adding support for change requests that grant or revoke results receiver ability and modifying auto approved change types in an existing collaboration. (26987932)
  • client-artifact: Add support for ListReportVersions API for the calling AWS account. (8247b183)
  • client-iot: This release adds message batching for the IoT Rules Engine HTTP action. (aa2dc069)
  • client-sesv2: Amazon SES introduces Email Validation feature which checks email addresses for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and CustomVerificationEmailTemplates. (7412e741)
  • client-bedrock-data-automation: Blueprint Optimization (BPO) is a new Amazon Bedrock Data Automation (BDA) capability that improves blueprint inference accuracy using example content assets and ground truth data. BPO works by generating better instructions for fields in the Blueprint using provided data. (3f901e7c)
  • client-ecr: Adds support for ECR Create On Push (620e820d)
  • client-opensearch: Amazon OpenSearch Service adds support for warm nodes, enabling new multi-tier architecture. (e574a591)
  • client-ssm-sap: Added "Stopping" for the HANA Database Status. (393a8516)

For list of updated packages, view updated-packages.md in assets-3.955.0.zip

v3.954.0

3.954.0(2025-12-17)

Chores
Documentation Changes
  • core/protocols: add docs for schemas and protocols (#7583) (16628667)
New Features
  • clients: update client endpoints as of 2025-12-17 (cf14f274)
  • client-mediapackagev2: This release adds support for SPEKE V2 content key encryption in MediaPackage v2 Origin Endpoints. (988aac9d)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-route-53's changelog.

3.955.0 (2025-12-18)

Note: Version bump only for package @​aws-sdk/client-route-53

3.954.0 (2025-12-17)

Note: Version bump only for package @​aws-sdk/client-route-53

3.953.0 (2025-12-16)

Features

  • clients: allow protocol selection by class constructor (#7568) (5c5fd2e)

3.952.0 (2025-12-15)

Note: Version bump only for package @​aws-sdk/client-route-53

3.948.0 (2025-12-09)

Features

  • client-route-53: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region (c21e90b)

3.947.0 (2025-12-08)

Note: Version bump only for package @​aws-sdk/client-route-53

... (truncated)

Commits
  • 821ba3b Publish v3.955.0
  • e9b7f20 chore(clients): export star from models_N (#7586)
  • 0bfc110 Publish v3.954.0
  • b654d97 chore(clients): bump '@smithy/*' versions (#7582)
  • 09e0721 Publish v3.953.0
  • 5c5fd2e feat(clients): allow protocol selection by class constructor (#7568)
  • 4359e40 chore: build cjs rollup without typescript (#7580)
  • 3870229 Publish v3.952.0
  • c6e71bf Publish v3.948.0
  • c21e90b feat(client-route-53): Amazon Route 53 now supports the EU (Germany) Region (...
  • Additional commits viewable in compare view

Updates express from 5.2.0 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: https://github.com/expressjs/express/compare/v5.2.0...v5.2.1

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.
Commits

Updates @types/express from 5.0.1 to 5.0.6

Commits

Updates @types/express from 5.0.1 to 5.0.6

Commits

Updates @electron/rebuild from 4.0.1 to 4.0.2

Release notes

Sourced from @​electron/rebuild's releases.

v4.0.2

4.0.2 (2025-12-09)

Bug Fixes

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​electron/rebuild since your current version.


Updates webpack from 5.103.0 to 5.104.1

Release notes

Sourced from webpack's releases.

v5.104.1

5.104.1

Patch Changes

  • 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
  • c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

5.104.0

Minor Changes

  • d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
  • d3dd841: Enhance import.meta.env to support object access.
  • 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
  • 04cd530: Handle more at-rules for CSS modules.
  • cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
  • d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
  • 5983843: Provide a stable runtime function variable __webpack_global__.
  • d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

  • 22c48fb: Added module existence check for informative error message in development mode.
  • 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
  • d3dd841: Support universal lazy compilation.
  • d3dd841: Fixed module library export definitions when multiple runtimes.
  • d3dd841: Fixed CSS nesting and CSS custom properties parsing.
  • d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
  • aab1da9: Fixed bugs for css/global type.
  • d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
  • d3dd841: Handle nested __webpack_require__.
  • 728ddb7: The speed of identifier parsing has been improved.
  • 0f8b31b: Improve types.
  • d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
  • 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
  • d3dd841: Serialize HookWebpackError.
  • d3dd841: Added ability to use built-in properties in dotenv and define plugin.
  • 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
  • d3dd841: Reduce collision for local indent name in CSS.
  • d3dd841: Remove CSS link tags when CSS imports are removed.
Changelog

Sourced from webpack's changelog.

5.104.1

Patch Changes

  • 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
  • c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

5.104.0

Minor Changes

  • d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
  • d3dd841: Enhance import.meta.env to support object access.
  • 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
  • 04cd530: Handle more at-rules for CSS modules.
  • cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
  • d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
  • 5983843: Provide a stable runtime function variable __webpack_global__.
  • d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

  • 22c48fb: Added module existence check for informative error message in development mode.
  • 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
  • d3dd841: Support universal lazy compilation.
  • d3dd841: Fixed module library export definitions when multiple runtimes.
  • d3dd841: Fixed CSS nesting and CSS custom properties parsing.
  • d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
  • aab1da9: Fixed bugs for css/global type.
  • d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
  • d3dd841: Handle nested __webpack_require__.
  • 728ddb7: The speed of identifier parsing has been improved.
  • 0f8b31b: Improve types.
  • d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
  • 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
  • d3dd841: Serialize HookWebpackError.
  • d3dd841: Added ability to use built-in properties in dotenv and define plugin.
  • 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
  • d3dd841: Reduce collision for local indent name in CSS.
  • d3dd841: Remove CSS link tags when CSS imports are removed.
Commits
  • 24e3c2d chore(release): new release (#20253)
  • 2efd21b fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...
  • c510070 fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris
  • 4b0501c ci: fix release (#20252)
  • 0c213ce ci: use \<@&1450591255485743204> over @here for discord notificationw
  • 5bf8bc5 refactor: types for benchmarks and tests
  • 505a5e7 chore(release): new release (#20188)
  • 0c06680 refactor: update eslint configuration
  • 2eb0d6a ci: release announcement (#20238)
  • b2b2459 ci: cancel in progress (#20239)
  • Additional commits viewable in compare view

Updates ipaddr.js from 2.2.0 to 2.3.0

Changelog

Sourced from ipaddr.js's changelog.

2.3.0 - 2025-11-27

  • add isValidCIDRFourPartDecimal helper for IPv4 CIDR in four-part decimal form
  • upgrade eslint dev dependency to v9
  • remove duplicated LICENSE entry from published files list
Commits
  • e373b4e Bump version to 2.3.0
  • d564b1d Add IPv4 CIDR four-part decimal validator
  • 08c2cd4 dep(eslint): upgrade to v9
  • e6438fe remove LICENSE from files, redundant, always included
  • See full diff in compare view

Updates lru-cache from 11.2.2 to 11.2.4

Commits

Updates bufferutil from 4.0.9 to 4.1.0

Commits
  • 580a8a9 [dist] 4.1.0
  • b4cd4cd [lint] Fix prettier error
  • 2a16fa9 [pkg] Update node-gyp to version 12.1.0
  • 18f122a [minor] Support buffers greater than 2^32 bytes in length
  • 321fbe4 [perf] Do not make compiler life harder (#164)
  • 557a7af [ci] Build and deploy two platform-specific binaries for macOS
  • 33932c1 [build] Do not build a universal binary for macOS (#167)
  • ca57ce2 [ci] Build the prebuilt binary for macOS with the Intel runner image
  • 1b9081d [ci] Update actions/checkout action to v6
  • 31eb0ad [ci] Update actions/upload-artifact action to v5
  • Additional commits viewable in compare view

Updates utf-8-validate from 6.0.5 to 6.0.6

Commits
  • e8f7d2f [dist] 6.0.6
  • 161245d [pkg] Update node-gyp to version 12.1.0
  • 3da9111 [ci] Build and deploy two platform-specific binaries for macOS
  • e7f69ef [build] Do not build a universal binary for macOS
  • 14f0473 [ci] Build the prebuilt binary for macOS with the Intel runner image
  • 259b31a [ci] Update actions/checkout action to v6
  • e75d610 [ci] Update actions/upload-artifact action to v5
  • 8f00081 [ci] Update actions/download-artifact action to v6
  • 0ef0738 [ci] Update actions/setup-node action to v6
  • 9b4784f [ci] Update actions/download-artifact action to v5
  • Additional commits viewable in compare view

Updates zod from 4.1.13 to 4.2.1

Release notes

Sourced from zod's releases.

v4.2.1

Commits:

  • 5b5b129315fbc94a3b0d6244185eaeefcbe438d1 4.2.1

v4.2.0

Features

Implement Standard JSON Schema

standard-schema/standard-schema#134

Implement z.fromJSONSchema()

const jsonSchema = {
  type: "object",
  properties: {
    name: { type: "string" },
    age: { type: "number" }
  },
  required: ["name"]
};

const schema = z.fromJSONSchema(jsonSchema);

Implement z.xor()

const schema = z.xor(
  z.object({ type: "user", name: z.string() }),
  z.object({ type: "admin", role: z.string() })
);
// Exactly one of the schemas must match

Implement z.looseRecord()

const schema = z.looseRecord(z.string(), z.number());
// Allows additional properties beyond those defined

Commits:

  • af49c084f66339110d00e37ff71dc7b3b9f2b7ef Update docs for JSON Schema conversion of z.undefined() (#5504)
  • 767f320318986e422f524b939f1a7174544fda2e Add .toJSONSchema() method (#5477)
  • e17dcb63573397063e87d7c7fe10a5a78968181a Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)
Commits

Updates nightwatch from 3.12.3 to 3.13.0

Release notes

Sourced from nightwatch's releases.

v3.13.0

What's Changed

New Contributors

Full Changelog: https://github.com/nightwatchjs/nightwatch/compare/v3.12.3...v3.13.0

Commits

dependabot[bot] avatar Dec 18 '25 22:12 dependabot[bot]