Skip to content

Comments

Bump the npm_and_yarn group across 1 directory with 20 updates#1

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-15b867d44f
Open

Bump the npm_and_yarn group across 1 directory with 20 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-15b867d44f

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Dec 19, 2025

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package From To
mysql2 2.2.5 3.9.8
@babel/runtime 7.14.0 7.28.4
decode-uri-component 0.2.0 0.2.2
http-cache-semantics 4.1.0 4.2.0
jws 3.2.2 3.2.3
nanoid 3.1.23 3.3.11
postcss 8.2.15 8.5.6
tar-fs 2.1.1 2.1.4
word-wrap 1.2.3 1.2.5

Updates mysql2 from 2.2.5 to 3.9.8

Release notes

Sourced from mysql2's releases.

v3.9.8

3.9.8 (2024-05-26)

Bug Fixes

  • security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
  • support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
  • typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

v3.9.7

3.9.7 (2024-04-21)

Bug Fixes

  • security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)

v3.9.6

3.9.6 (2024-04-18)

Bug Fixes

  • binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

v3.9.5

3.9.5 (2024-04-17)

Bug Fixes

  • revert breaking change in results creation (#2591) (f7c60d0)

v3.9.4

3.9.4 (2024-04-09)

Bug Fixes

  • SSL: separate each certificate into an individual item #2542 (63f1055)
  • security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)
    • Fixes a potential RCE attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • security: improve results object creation (#2574) (4a964a3)
    • Fixes a potential Prototype Pollution attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • docs: improve the contribution guidelines (#2552) (8a818ce)

v3.9.3

3.9.3 (2024-03-26)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.9.8 (2024-05-26)

Bug Fixes

  • security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
  • support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
  • typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

3.9.7 (2024-04-21)

Bug Fixes

  • security: sanitize timezone parameter value to prevent code injection (#2608) (7d4b098)

3.9.6 (2024-04-18)

Bug Fixes

  • binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

3.9.5 (2024-04-17)

Bug Fixes

  • revert breaking change in results creation (#2591) (f7c60d0)

3.9.4 (2024-04-09)

Bug Fixes

  • docs: improve the contribution guidelines (#2552) (8a818ce)
  • security: improve results object creation (#2574) (4a964a3)
  • security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)

3.9.3 (2024-03-26)

Bug Fixes

  • security: improve cache key formation (#2424) (0d54b0c)
    • Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • update Amazon RDS SSL CA cert (#2131) (d9dccfd)

3.9.2 (2024-02-26)

... (truncated)

Commits
  • f637d3f chore(master): release 3.9.8 (#2700)
  • efe3db5 fix(security): sanitize fields and tables when using nestTables (#2702)
  • 2e03694 fix: support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2...
  • 8b5f691 fix(typings): typo from jonServerPublicKey to onServerPublicKey (#2699)
  • 5c75802 build(deps-dev): bump tsx from 4.10.5 to 4.11.0 in /website (#2695)
  • 179769f build(deps): bump @​easyops-cn/docusaurus-search-local in /website (#2696)
  • 56289e2 build(deps-dev): bump poku from 1.12.1 to 1.13.0 (#2698)
  • b029308 build(deps-dev): bump poku from 1.12.1 to 1.13.0 in /website (#2697)
  • 539acb8 build(deps): bump lucide-react from 0.378.0 to 0.379.0 in /website (#2693)
  • dc80580 build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.9.0 to 7.10.0 i...
  • Additional commits viewable in compare view

Updates @babel/runtime from 7.14.0 to 7.28.4

Release notes

Sourced from @​babel/runtime's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

... (truncated)

Changelog

Sourced from @​babel/runtime's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

🐛 Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

🐛 Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

📝 Documentation

... (truncated)

Commits

Updates @tryghost/members-csv from 1.0.0 to 1.1.8

Commits

Updates axios from 0.21.1 to 0.21.4

Release notes

Sourced from axios's releases.

v0.21.4

Fixes and Functionality:

  • Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

v0.21.3

Fixes and Functionality:

  • Fixing response interceptor not being called when request interceptor is attached (#4013)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

v0.21.2

Fixes and Functionality:

  • Updating axios requests to be delayed by pre-emptive promise creation (#2702)
  • Adding "synchronous" and "runWhen" options to interceptors api (#2702)
  • Updating of transformResponse (#3377)
  • Adding ability to omit User-Agent header (#3703)
  • Adding multiple JSON improvements (#3688, #3763)
  • Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
  • Adding parseInt to config.timeout (#3781)
  • Adding custom return type support to interceptor (#3783)
  • Adding security fix for ReDoS vulnerability (#3980)

Internal and Tests:

  • Updating build dev dependancies (#3401)
  • Fixing builds running on Travis CI (#3538)
  • Updating follow rediect version (#3694, #3771)
  • Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)
  • Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
  • Fixing tests by bumping karma-sauce-launcher version (#3813)
  • Changing testing process from Travis CI to GitHub Actions (#3938)

Documentation:

  • Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)
  • Remove duplication of item in changelog (#3523)
  • Fixing gramatical errors (#2642)
  • Fixing spelling error (#3567)
  • Moving gitpod metion (#2637)
  • Adding new axios documentation website link (#3681, #3707)
  • Updating documentation around dispatching requests (#3772)

... (truncated)

Changelog

Sourced from axios's changelog.

0.21.4 (September 6, 2021)

Fixes and Functionality:

  • Fixing JSON transform when data is stringified. Providing backward compatability and complying to the JSON RFC standard (#4020)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

0.21.3 (September 4, 2021)

Fixes and Functionality:

  • Fixing response interceptor not being called when request interceptor is attached (#4013)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

0.21.2 (September 4, 2021)

Fixes and Functionality:

  • Updating axios requests to be delayed by pre-emptive promise creation (#2702)
  • Adding "synchronous" and "runWhen" options to interceptors api (#2702)
  • Updating of transformResponse (#3377)
  • Adding ability to omit User-Agent header (#3703)
  • Adding multiple JSON improvements (#3688, #3763)
  • Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
  • Adding parseInt to config.timeout (#3781)
  • Adding custom return type support to interceptor (#3783)
  • Adding security fix for ReDoS vulnerability (#3980)

Internal and Tests:

  • Updating build dev dependancies (#3401)
  • Fixing builds running on Travis CI (#3538)
  • Updating follow rediect version (#3694, #3771)
  • Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)
  • Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
  • Fixing tests by bumping karma-sauce-launcher version (#3813)
  • Changing testing process from Travis CI to GitHub Actions (#3938)

Documentation:

  • Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)
  • Remove duplication of item in changelog (#3523)

... (truncated)

Commits
  • 66c4602 Merge branch 'master' into release/0.21.4
  • fc15665 [Releasing] v0.21.4
  • c2714f0 [Updating] incorrect JSON syntax in README.md
  • 0fc7248 fix json transform when data is pre-stringified (#4020)
  • 90205f8 Change headers type to string record (#3021)
  • 92b29d2 Make the default type of response data never (#3002)
  • 4eeb3b1 Improved type-safety for AxiosRequestConfig (#2995)
  • cd7ff04 Adding HTTP status code to error.toJSON (#2956)
  • b5a1a67 Adding nodejs http.request option: insecureHTTPParser (#2930)
  • 4f25380 Exposing the Axios constructor in index.d.ts (#2872)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.


Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

Updates follow-redirects from 0.0.3 to 1.15.11

Release notes

Sourced from follow-redirects's releases.

v1.15.11

No release notes provided.

v1.15.10

No release notes provided.

v1.15.9

No release notes provided.

v1.15.8

No release notes provided.

v1.15.7

No release notes provided.

v1.15.6

No release notes provided.

v1.15.5

No release notes provided.

v1.15.4

No release notes provided.

v1.15.3

No release notes provided.

v1.15.2

No release notes provided.

v1.15.1

No release notes provided.

v1.15.0

No release notes provided.

v1.14.9

No release notes provided.

v1.14.8

No release notes provided.

v1.14.7

No release notes provided.

v1.14.6

No release notes provided.

v1.14.5

No release notes provided.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by rubenverborgh, a new releaser for follow-redirects since your current version.


Updates ghost from 4.5.0 to 4.21.0

Commits
  • 46277b6 v4.21.0
  • 5b5240c Updated Admin to v4.21.0
  • 7f001a4 Replaced moment with luxon in amp helper (#13683)
  • 083b57a Update dependency @​tryghost/logging to v1
  • d0933c5 Revert "Switched AMP to be 'off' by default in all new Ghost instances"
  • 858a989 Update dependency @​tryghost/update-check-service to v0.2.5
  • 98fd48c Switched AMP to be 'off' by default in all new Ghost instances
  • e9afa6f Added metrics for test runs
  • d89b844 Added a not to the Images API ref field
  • ca2c9b9 Update dependency @​tryghost/email-analytics-provider-mailgun to v1.0.5
  • Additional commits viewable in compare view

Updates http-cache-semantics from 4.1.0 to 4.2.0

Commits

Updates jws from 3.2.2 to 3.2.3

Release notes

Sourced from jws's releases.

v3.2.3

Changed

  • Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
  • Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.
Changelog

Sourced from jws's changelog.

[3.2.3]

Changed

  • Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
  • Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.

[3.0.0]

Changed

2.0.0 - 2015-01-30

Changed

  • BREAKING: Default payload encoding changed from binary to utf8. utf8 is a is a more sensible default than binary because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (6b6de48)

  • Code reorganization, thanks @​fearphage! (7880050)

Added

  • Option in all relevant methods for encoding. For those few users that might be depending on a binary encoding of the messages, this is for them. (6b6de48)
Commits
  • 4f6e73f Merge commit from fork
  • bd0fea5 version 3.2.3
  • 7c3b4b4 Enhance tests for HMAC streaming sign and verify
  • a9b8ed9 Improve secretOrKey initialization in VerifyStream
  • 6707fde Improve secret handling in SignStream
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.


Updates multer from 1.4.2 to 1.4.3

Changelog

Sourced from multer's changelog.

1.4.3 - 2021-08-09

  • Bugfix: Avoid deprecated pseudoRandomBytes function (#774)
  • Docs: Add Português Brazil translation for README (#758)
  • Docs: Clarify the callback calling convention (#775)
  • Docs: Add example on how to link to html multipart form (#580)
  • Docs: Add Spanish translation for README (#838)
  • Docs: Add Math.random() to storage filename example (#841)
  • Docs: Fix mistakes in russian doc (#869)
  • Docs: Improve Português Brazil translation (#877)
  • Docs: Update var to const in all Readmes (#1024)
  • Internal: Bump mkdirp version (#862)
  • Internal: Bump Standard version (#878)
Commits

Updates nanoid from 3.1.23 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

  • Fixed React Native support.

3.3.10

3.3.9

  • Reduced npm package size.
Changelog

Sourced from nanoid's changelog.

3.3.11

  • Fixed React Native support.

3.3.10

3.3.9

  • Reduced npm package size.

3.3.8

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

3.3.7

  • Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

  • Fixed package.

3.3.5

  • Backport funding information.

3.3.4

3.3.3

  • Reduced size (by Anton Khlynovskiy).

3.3.2

  • Fixed enhanced-resolve support.

3.3.1

  • Reduced package size.

3.3

  • Added size argument to function from customAlphabet (by Stefan Sundin).

3.2

  • Added --size and --alphabet arguments to binary (by Vitaly Baev).

3.1.32

  • Reduced async exports size (by Artyom Arutyunyan).
  • Moved from Jest to uvu (by Vitaly Baev).

3.1.31

  • Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

3.1.30

  • Reduced size for project with brotli compression (by Anton Khlynovskiy).

3.1.29

... (truncated)

Commits

Updates nodemailer from 0.7.1 to 6.10.1

Release notes

Sourced from nodemailer's releases.

v6.10.1

6.10.1 (2025-02-06)

Bug Fixes

v6.10.0

6.10.0 (2025-01-23)

Features

  • services: add Seznam email service configuration (#1695) (d1ae0a8)

Bug Fixes

  • proxy: Set error and timeout errors for proxied sockets (aa0c99c)

v6.9.16

6.9.16 (2024-10-28)

Bug Fixes

  • addressparser: Correctly detect if user local part is attached to domain part (f2096c5)

v6.9.15

6.9.15 (2024-08-08)

Bug Fixes

v6.9.14

6.9.14 (2024-06-19)

Bug Fixes

  • api: Added support for Ethereal authentication (56b2205)
  • services.json: Add Email Services Provider Feishu Mail (CN) (#1648) (e9e9ecc)
  • services.json: update Mailtrap host and port in well known (#1652) (fc2c9ea)
  • well-known-services: Add Loopia in well known services (#1655) (21a28a1)

v6.9.13

... (truncated)

Changelog

Sourced from nodemailer's changelog.

6.10.1 (2025-02-06)

Bug Fixes

6.10.0 (2025-01-23)

Features

  • services: add Seznam email service configuration (#1695) (d1ae0a8)

Bug Fixes

  • proxy: Set error and timeout errors for proxied sockets (aa0c99c)

6.9.16 (2024-10-28)

Bug Fixes

  • addressparser: Correctly detect if user local part is attached to domain part (f2096c5)

6.9.15 (2024-08-08)

Bug Fixes

6.9.14 (2024-06-19)

Bug Fixes

  • api: Added support for Ethereal authentication (56b2205)
  • services.json: Add Email Services Provider Feishu Mail (CN) (#1648) (e9e9ecc)
  • services.json: update Mailtrap host and port in well known (#1652) (fc2c9ea)
  • well-known-services: Add Loopia in well known services (#1655) (21a28a1)

6.9.13 (2024-03-20)

Bug Fixes

  • tls: Ensure servername for SMTP (d66fdd3)

6.9.12 (2024-03-08)

Bug Fixes

  • message-generation: Escape single quote in address names (4ae5fad)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by andris, a new releaser for nodemailer since your current version.


Updates parse-uri from 1.0.3 to 2.0.4

Release notes

Sourced from parse-uri's releases.

v2.0.4

What's Changed

Full Changelog: Kikobeats/parse-uri@v2.0.3...v2.0.4

v2.0.3

What's ChangedDescription has been truncated

Bumps the npm_and_yarn group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [mysql2](https://github.com/sidorares/node-mysql2) | `2.2.5` | `3.9.8` |
| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.14.0` | `7.28.4` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.2.0` |
| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |
| [nanoid](https://github.com/ai/nanoid) | `3.1.23` | `3.3.11` |
| [postcss](https://github.com/postcss/postcss) | `8.2.15` | `8.5.6` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` |
| [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` |



Updates `mysql2` from 2.2.5 to 3.9.8
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v2.2.5...v3.9.8)

Updates `@babel/runtime` from 7.14.0 to 7.28.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime)

Updates `@tryghost/members-csv` from 1.0.0 to 1.1.8
- [Commits](https://github.com/TryGhost/SDK/commits/@tryghost/helpers@1.1.8/packages/members-csv)

Updates `axios` from 0.21.1 to 0.21.4
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v0.21.4/CHANGELOG.md)
- [Commits](axios/axios@v0.21.1...v0.21.4)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `follow-redirects` from 0.0.3 to 1.15.11
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/commits/v1.15.11)

Updates `ghost` from 4.5.0 to 4.21.0
- [Release notes](https://github.com/TryGhost/Ghost/releases)
- [Commits](https://github.com/TryGhost/Ghost/compare/@tryghost/members-api@4.5.0...v4.21.0)

Updates `http-cache-semantics` from 4.1.0 to 4.2.0
- [Commits](https://github.com/kornelski/http-cache-semantics/commits)

Updates `jws` from 3.2.2 to 3.2.3
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.2.2...v3.2.3)

Updates `multer` from 1.4.2 to 1.4.3
- [Release notes](https://github.com/expressjs/multer/releases)
- [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md)
- [Commits](expressjs/multer@v1.4.2...v1.4.3)

Updates `nanoid` from 3.1.23 to 3.3.11
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.1.23...3.3.11)

Updates `nodemailer` from 0.7.1 to 6.10.1
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v0.7.1...v6.10.1)

Updates `parse-uri` from 1.0.3 to 2.0.4
- [Release notes](https://github.com/kikobeats/parse-uri/releases)
- [Changelog](https://github.com/Kikobeats/parse-uri/blob/master/CHANGELOG.md)
- [Commits](Kikobeats/parse-uri@1.0.3...v2.0.4)

Updates `passport` from 0.4.1 to 0.5.0
- [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md)
- [Commits](jaredhanson/passport@v0.4.1...v0.5.0)

Updates `postcss` from 8.2.15 to 8.5.6
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.2.15...8.5.6)

Updates `sanitize-html` from 2.3.3 to 2.5.2
- [Changelog](https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md)
- [Commits](apostrophecms/sanitize-html@2.3.3...2.5.2)

Updates `sharp` from 0.28.2 to 0.29.3
- [Release notes](https://github.com/lovell/sharp/releases)
- [Changelog](https://github.com/lovell/sharp/blob/v0.29.3/docs/changelog.md)
- [Commits](lovell/sharp@v0.28.2...v0.29.3)

Updates `tar-fs` from 2.1.1 to 2.1.4
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4)

Updates `validator` from 6.3.0 to 7.2.0
- [Release notes](https://github.com/validatorjs/validator.js/releases)
- [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md)
- [Commits](validatorjs/validator.js@6.3.0...7.2.0)

Updates `word-wrap` from 1.2.3 to 1.2.5
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5)

---
updated-dependencies:
- dependency-name: mysql2
  dependency-version: 3.9.8
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/runtime"
  dependency-version: 7.28.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@tryghost/members-csv"
  dependency-version: 1.1.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 0.21.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: decode-uri-component
  dependency-version: 0.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.15.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ghost
  dependency-version: 4.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-cache-semantics
  dependency-version: 4.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: multer
  dependency-version: 1.4.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-version: 3.3.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nodemailer
  dependency-version: 6.10.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: parse-uri
  dependency-version: 2.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: passport
  dependency-version: 0.5.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sanitize-html
  dependency-version: 2.5.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sharp
  dependency-version: 0.29.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: validator
  dependency-version: 7.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: word-wrap
  dependency-version: 1.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants