Skip to content

chore(deps): bump the production-dependencies group across 1 directory with 10 updates#34

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-75f130e50f
Open

chore(deps): bump the production-dependencies group across 1 directory with 10 updates#34
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-75f130e50f

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 22, 2026

Bumps the production-dependencies group with 10 updates in the / directory:

Package From To
better-sqlite3 11.10.0 12.8.0
express 4.22.1 5.2.1
jose 5.10.0 6.2.2
ws 8.19.0 8.20.0
@xterm/addon-fit 0.10.0 0.11.0
@xterm/addon-unicode11 0.8.0 0.9.0
@xterm/addon-webgl 0.18.0 0.19.0
@xterm/xterm 5.5.0 6.0.0
react 18.3.1 19.2.4
react-dom 18.3.1 19.2.4

Updates better-sqlite3 from 11.10.0 to 12.8.0

Release notes

Sourced from better-sqlite3's releases.

v12.8.0

What's Changed

New Contributors

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

Full Changelog: WiseLibs/better-sqlite3@v12.7.1...v12.8.0

v12.7.1

Also not a viable release

The V8 API change was more bonkers than expected. See v12.8.0.

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.7.0...v12.7.1

v12.7.0

CAUTION: NOT A VIABLE RELEASE

Two (!!) reasons:

  1. Electron v41 bit us and removed functions we were using, so a bunch of prebuilds are missing
  2. From the SQLite team:

    Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.6.2...v12.7.0

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for better-sqlite3 since your current version.


Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0

... (truncated)

Commits

Updates jose from 5.10.0 to 6.2.2

Release notes

Sourced from jose's releases.

v6.2.2

Fixes

  • reject failed decompression with JWEInvalid error (043b181)

v6.2.1

Refactor

  • reorganize internals, less files, smaller footprint (d4231f9)

v6.2.0

Features

  • re-introduce JWE "zip" (Compression Algorithm) Header Parameter support (b13b446)

Documentation

  • clarify return of general jws and jwe (56682b4)

v6.1.3

Refactor

  • avoid export * as for google closure's compiler sake (6303d98), closes #832

v6.1.2

Refactor

v6.1.1

Documentation

  • add link to RFC9864 (767edde)
  • link to ML-DSA for JOSE (ed4252c)
  • remove mention of Edge Runtime from the readme (94fdde7)
  • update README.md (25098ef)

Refactor

  • eliminate named exports in the source code (f6ae30d)
  • expose setKeyManagementParameters also on a GeneralEncrypt Recipient (16e6b23)
  • faster path for symmetric key checks (a44c2ec)
  • improve en/decoding overheads (daee426)

v6.1.0

Features

  • support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri (cf2092a)

... (truncated)

Changelog

Sourced from jose's changelog.

6.2.2 (2026-03-18)

Fixes

  • reject failed decompression with JWEInvalid error (043b181)

6.2.1 (2026-03-09)

Refactor

  • reorganize internals, less files, smaller footprint (d4231f9)

6.2.0 (2026-03-05)

Features

  • re-introduce JWE "zip" (Compression Algorithm) Header Parameter support (b13b446)

Documentation

  • clarify return of general jws and jwe (56682b4)

6.1.3 (2025-12-02)

Refactor

  • avoid export * as for google closure's compiler sake (6303d98), closes #832

6.1.2 (2025-11-15)

Refactor

6.1.1 (2025-11-09)

Documentation

  • add link to RFC9864 (767edde)
  • link to ML-DSA for JOSE (ed4252c)
  • remove mention of Edge Runtime from the readme (94fdde7)
  • update README.md (25098ef)

... (truncated)

Commits
  • 9c86586 chore(release): 6.2.2
  • 4984b5c chore(deps): bump the actions group with 4 updates
  • 043b181 fix: reject failed decompression with JWEInvalid error
  • 867cc2c chore(deps-dev): bump undici
  • f4e20e7 chore(deps-dev): bump tar in the npm_and_yarn group across 1 directory
  • d0505bf chore: cleanup after release
  • d491aa9 chore(release): 6.2.1
  • d4231f9 refactor: reorganize internals, less files, smaller footprint
  • 7b22ba8 test: use playwright instead of testcafe
  • 00965b4 chore: bump packages
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for jose since your current version.


Updates ws from 8.19.0 to 8.20.0

Release notes

Sourced from ws's releases.

8.20.0

Features

  • Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).
Commits
  • 8439255 [dist] 8.20.0
  • d3503c1 [minor] Export the PerMessageDeflate class and header utils
  • 3ee5349 [api] Convert the isServer and maxPayload parameters to options
  • 91707b4 [doc] Add missing space
  • 8b55319 [pkg] Update eslint to version 10.0.1
  • ca533a5 [pkg] Update globals to version 17.0.0
  • See full diff in compare view

Updates @xterm/addon-fit from 0.10.0 to 0.11.0

Commits

Updates @xterm/addon-unicode11 from 0.8.0 to 0.9.0

Commits

Updates @xterm/addon-webgl from 0.18.0 to 0.19.0

Commits
  • 670efc4 Bump Bower version to 0.19
  • 74f9526 [addon attach] Implement auto-detaching on socket close/error
  • See full diff in compare view

Updates @xterm/xterm from 5.5.0 to 6.0.0

Release notes

Sourced from @​xterm/xterm's releases.

6.0.0

Features

  • #5453 Add synchronized output support (DEC mode 2026)
  • #5436 add range to IHTMLSerializeOptions
  • #5334 Support shadow dom in webgl renderer
  • #5285 Support detailed ligatures and variants
  • #5251 progress-addon
  • #5234 Add reflowCursorLine option
  • #5224 putty-style ED2 sequence handling as terminal option
  • #5107 Add top/bottom border overview ruler options
    • ⚠️ This is a breaking change, ITerminalOptions.overviewRulerWidth is now a property of ITerminalOptions.overviewRuler
  • #5096 Integrate base/ platform from VS Code and adopt scroll bar
    • ⚠️ This is a potential breaking change, the viewport/scroll bar works very differently now
  • #5092 Add support for ESM via esbuild
  • #5034 Expose onWriteParsed on API
  • #4220 Add support to ANSI OSC52

Fixes

  • #5445 Prefer performance.now() over Date.now()
  • #5437 Prevent entire page from scrolling when scrolling in alt buffer with mouse event off
  • #5423 Clear selection on vertical resize
  • #5411 Fix teleport when exiting out of alt buffer. v2
  • #5391 Bring back partial wheel tracking
  • #5390 Fix scrollbar teleport after exiting alt buffer
  • #5386 fix: ensure that currentRow can not go out of the range
  • #5385 Fix terminal find when wrapped
  • #5355 Add note about reverse tabnapping
  • #5346 Remove alt -> ctrl+arrow hack in favor of embedder-specific solutions
    • ⚠️ This is a breaking change, you will need to add keybindings in your code if you want alt to map to ctrl still
  • #5337 Fix finding terms across wrapped lines
  • #5335 webgl: Ignore alpha channel when allowTransparency is false
  • #5328 Refresh viewport after clear or ED
  • #5305 Fix issue where listeners remain after WebglRenderer throws
  • #5291 Make ProgressAddon.onChange non undefined
  • #5282 Fixed CapsLock triggering input twice in MacOS.
  • #5279 Fixes: #5270 regex case-sensitive should behave like monaco
  • #5278 Handle glyph widths up to the maximum device texture size
  • #5277 Disable ligatures when cursor is in range
  • #5276 Fix selection rendering on ligatures in both renderers
  • #5265 Revert to cursor options after DECSCUSR 0
  • #5263 Make textarea readonly when disableStdin is set
  • #5262 Blend cursorAccent with background too
  • #5260 Blend cursor with background to support alpha in webgl
  • #5253 bug: properly render the terminal when open() is called again
  • #5249 Fix click event bug caused by DomRenderer replaceChildren behavior
  • #5209 Ensure last ligature cell is updated
  • #5208 Set liga font feature when ligatures is enabled
  • #5182 fix #5181

... (truncated)

Commits
  • f447274 Merge pull request #5463 from Tyriar/tyriar/v6
  • f68d1e5 Skip sync output tests for now
  • 30691e8 v6.0.0, bump addon versions, publish unicode graphemes
  • 5fa6325 Merge pull request #5462 from Tyriar/tyriar/deprecated
  • 3571d1f Remove windowsMode in favor of windowsPty
  • ebc0d83 Remove deprecated/unused fastScrollModifier
  • d1c50c1 Merge pull request #5461 from Tyriar/tyriar/glob
  • 92b43bd Remove only
  • a9d3ca1 Merge pull request #5449 from iSuslov/exports/esm-headless-node
  • cb4d1ef Merge pull request #5453 from chrislloyd/feat/synchronized-output
  • Additional commits viewable in compare view

Updates react from 18.3.1 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

... (truncated)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

... (truncated)

Commits

Updates react-dom from 18.3.1 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

... (truncated)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

  • <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
  • Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507)
  • Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198)
  • Fix infinite...

    Description has been truncated

@dependabot
chore(deps): bump the production-dependencies group across 1 director…
cac7812 
…y with 10 updates

Bumps the production-dependencies group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [better-sqlite3](https://github.com/WiseLibs/better-sqlite3) | `11.10.0` | `12.8.0` |
| [express](https://github.com/expressjs/express) | `4.22.1` | `5.2.1` |
| [jose](https://github.com/panva/jose) | `5.10.0` | `6.2.2` |
| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.20.0` |
| [@xterm/addon-fit](https://github.com/xtermjs/xterm.js) | `0.10.0` | `0.11.0` |
| [@xterm/addon-unicode11](https://github.com/xtermjs/xterm.js) | `0.8.0` | `0.9.0` |
| [@xterm/addon-webgl](https://github.com/xtermjs/xterm.js) | `0.18.0` | `0.19.0` |
| [@xterm/xterm](https://github.com/xtermjs/xterm.js) | `5.5.0` | `6.0.0` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `18.3.1` | `19.2.4` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `18.3.1` | `19.2.4` |



Updates `better-sqlite3` from 11.10.0 to 12.8.0
- [Release notes](https://github.com/WiseLibs/better-sqlite3/releases)
- [Commits](WiseLibs/better-sqlite3@v11.10.0...v12.8.0)

Updates `express` from 4.22.1 to 5.2.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@v4.22.1...v5.2.1)

Updates `jose` from 5.10.0 to 6.2.2
- [Release notes](https://github.com/panva/jose/releases)
- [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md)
- [Commits](panva/jose@v5.10.0...v6.2.2)

Updates `ws` from 8.19.0 to 8.20.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.19.0...8.20.0)

Updates `@xterm/addon-fit` from 0.10.0 to 0.11.0
- [Release notes](https://github.com/xtermjs/xterm.js/releases)
- [Commits](xtermjs/xterm.js@0.10...0.11)

Updates `@xterm/addon-unicode11` from 0.8.0 to 0.9.0
- [Release notes](https://github.com/xtermjs/xterm.js/releases)
- [Commits](xtermjs/xterm.js@0.8...0.9)

Updates `@xterm/addon-webgl` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/xtermjs/xterm.js/releases)
- [Commits](xtermjs/xterm.js@0.18...0.19)

Updates `@xterm/xterm` from 5.5.0 to 6.0.0
- [Release notes](https://github.com/xtermjs/xterm.js/releases)
- [Commits](xtermjs/xterm.js@5.5.0...6.0.0)

Updates `react` from 18.3.1 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react)

Updates `react-dom` from 18.3.1 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react-dom)

---
updated-dependencies:
- dependency-name: better-sqlite3
  dependency-version: 12.8.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: express
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: jose
  dependency-version: 6.2.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: ws
  dependency-version: 8.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@xterm/addon-fit"
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@xterm/addon-unicode11"
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@xterm/addon-webgl"
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@xterm/xterm"
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: react
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants