build(deps): bump the dependencies group across 1 directory with 12 updates by dependabot[bot] · Pull Request #3264 · streamr-dev/network

dependabot · 2025-12-08T12:24:20Z

Bumps the dependencies group with 12 updates in the / directory:

Package	From	To
lerna	`9.0.1`	`9.0.3`
ts-jest	`29.4.5`	`29.4.6`
typescript-eslint	`8.47.0`	`8.48.1`
node-forge	`1.3.1`	`1.3.3`
@aws-sdk/client-route-53	`3.936.0`	`3.946.0`
body-parser	`2.2.0`	`2.2.1`
express	`5.1.0`	`5.2.1`
@types/express	`5.0.1`	`5.0.6`
ipaddr.js	`2.2.0`	`2.3.0`
lru-cache	`11.2.2`	`11.2.4`
terser-webpack-plugin	`5.3.14`	`5.3.15`
pino-pretty	`13.1.2`	`13.1.3`

Updates lerna from 9.0.1 to 9.0.3

Release notes

Sourced from lerna's releases.

v9.0.3

9.0.3 (2025-11-27)

Bumped some dependencies to reduce audit warning noise.

NOTE: 9.0.2 does not exist because of a failed release

Changelog

Sourced from lerna's changelog.

9.0.3 (2025-11-27)

Note: Version bump only for package lerna

9.0.2 (2025-11-27)

Note: Version bump only for package lerna

Commits

215ff00 chore(misc): publish 9.0.3
b1b2166 chore(misc): publish 9.0.2
6c1ea96 chore(deps): bump js-yaml from 4.1.0 to 4.1.1 (#4245)
See full diff in compare view

Updates ts-jest from 29.4.5 to 29.4.6

Release notes

Sourced from ts-jest's releases.

v29.4.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.6 (2025-12-01)

Bug Fixes

log hybrid module as warning instead of failing tests (#5144) (528d37c), closes #5130

Commits

202bde5 chore(release): 29.4.6 (#5146)
528d37c fix: log hybrid module as warning instead of failing tests (#5144)
141e5af build(deps): update github/codeql-action digest to 497990d
d281cce build(deps): update google/osv-scanner-action action to v2.3.0
0d20322 build(deps): update dependency memfs to ^4.51.0
455dde2 build(deps): update dependency js-yaml to ^4.1.1
d579480 build(deps): update dependency @types/node to v20.19.25
f6859d0 build(deps): update dependency @types/yargs to ^17.0.35
4d7e432 build(deps): update github/codeql-action digest to d3ced5c
4ea70c9 build(deps): update actions/checkout digest to 34e1148
Additional commits viewable in compare view

Updates typescript-eslint from 8.47.0 to 8.48.1

Release notes

Sourced from typescript-eslint's releases.

v8.48.1

8.48.1 (2025-12-02)

⏪ Reverts

eslint-plugin: revert "[no-redundant-type-constituents] use assignability checking for redundancy checks (#10744)" (#11812)

🩹 Fixes

eslint-plugin: [consistent-type-exports] check value flag before resolving alias (#11769)

eslint-plugin: honor ignored base types on generic classes (#11767)

eslint-plugin: [restrict-template-expressions] check base types in allow list (#11764, #11759)

❤️ Thank You

Josh Goldberg

OleksandraKordonets

SangheeSon @Higangssh

tao

You can read about our versioning strategy and releases on our website.

v8.48.0

8.48.0 (2025-11-24)

🚀 Features

eslint-plugin: [no-redundant-type-constituents] use assignability checking for redundancy checks (#10744)

rule-tester: remove workaround for jest circular structure error (#11772)

typescript-estree: gate all errors behind allowInvalidAST (#11693)

typescript-estree: replace fast-glob with tinyglobby (#11740)

🩹 Fixes

eslint-plugin: [consistent-generic-constructors] ignore when constructor is typed array (#10477)

scope-manager: change unhelpful aaa error message and change analyze to expects Program (#11747)

typescript-estree: infers singleRun as true for project service (#11327)

typescript-estree: disallow binding patterns in parameter properties (#11760)

❤️ Thank You

Ben McCann @benmccann

Dima Barabash @dbarabashh

fisker Cheung @fisker

James Henry @JamesHenry

JamesHenry @JamesHenry

Josh Goldberg

Josh Goldberg ✨

Kirk Waiblinger @kirkwaiblinger

mdm317 @gen-ip-1

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.48.1 (2025-12-02)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.48.0 (2025-11-24)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

8fe3445 chore(release): publish 8.48.1
6fb1551 chore(release): publish 8.48.0
a4dc42a chore: migrate to nx 22 (#11780)
See full diff in compare view

Updates node-forge from 1.3.1 to 1.3.3

Changelog

Sourced from node-forge's changelog.

1.3.3 - 2025-12-02

Fixed

[pkcs12] Make digestAlgorithm parameters optional to fix PKCS#12/PFX issues introduced in 1.3.2.

1.3.2 - 2025-11-25

Security

HIGH: ASN.1 Validator Desynchronization

An Interpretation Conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.

Reported by Hunter Wodzenski.

CVE ID: CVE-2025-12816

GHSA ID: GHSA-5gfm-wpxj-wjgq

HIGH: ASN.1 Unbounded Recursion

An Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.

Reported by Hunter Wodzenski.

CVE ID: CVE-2025-66031

GHSA ID: GHSA-554w-wpv2-vw27

MODERATE: ASN.1 OID Integer Truncation

An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions.

Reported by Hunter Wodzenski.

CVE ID: CVE-2025-66030

GHSA ID: GHSA-65ch-62r8-g69g

Fixed

[asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12 MAC verification bypass due to missing macData enforcement and improper asn1.validate routine.

[asn1] Add fromDer() max recursion depth check.

Add a asn1.maxDepth global configurable maximum depth of 256.

Add a asn1.fromDer() per-call maxDepth option.

NOTE: The default maximum is assumed to be higher than needed for valid data. If this assumption is false then this could be a breaking change. Please file an issue if there are use cases that need a higher maximum.

NOTE: The per-call maxDepth parameter has not been exposed up through all of the API stack due to the complexities involved. Please file an issue if there are use cases that require this instead of changing the default

... (truncated)

Commits

1cea0af Release 1.3.3.
5265989 Update changelog.
e4f3961 Fix changelog for release.
503979b Update changelog.
c3b3b32 Make digestAlgorithm parameters optional
6f70043 Update CVE details.
f547b0d Start 1.3.3-0.
235ad3e Release 1.3.2.
2598244 Update changelog.
0032dd0 Fix typos.
Additional commits viewable in compare view

Updates @aws-sdk/client-route-53 from 3.936.0 to 3.946.0

Release notes

Sourced from @aws-sdk/client-route-53's releases.

v3.946.0

3.946.0(2025-12-05)

Chores

codegen:

release smithy-aws-typescript-codegen 0.39.0 (#7548) (abaca492)

sync for typescript formatting (#7546) (da6eee73)

type imports and index tests (#7545) (eb4e29bd)

deps: bump jws from 3.2.2 to 3.2.3 (#7544) (a934dcb7)

Documentation Changes

client-ecs: Updating stop-task API to encapsulate containers with custom stop signal (d7a58e20)

New Features

client-iam: Adding the ExpirationTime attribute to the delegation request resource. (2de73924)

client-inspector2: This release adds a new ScanStatus called "Unsupported Code Artifacts". This ScanStatus will be returned when a Lambda function was not code scanned because it has unsupported code artifacts. (30b100c9)

client-partnercentral-account: Adding Verification API's to Partner Central Account SDK. (b9bad198)

client-sesv2: Updating the desired url for PutEmailIdentityDkimSigningAttributes from v1 to v2 (4e8746ff)

Bug Fixes

core/protocols:

conditionally append xml declaration (#7551) (f9245def)

awsQueryCompatibility error structuring (#7541) (ab683956)

ec2-metadata-service: discard response body stream on failed request (#7543) (2dc10c6f)

For list of updated packages, view updated-packages.md in assets-3.946.0.zip

v3.945.0

3.945.0(2025-12-04)

New Features

client-lambda: Add DisallowedByVpcEncryptionControl to the LastUpdateStatusReasonCode and StateReasonCode enums to represent failures caused by VPC Encryption Controls. (cc1ebe72)

For list of updated packages, view updated-packages.md in assets-3.945.0.zip

v3.944.0

3.944.0(2025-12-03)

New Features

... (truncated)

Changelog

Sourced from @aws-sdk/client-route-53's changelog.

3.946.0 (2025-12-05)

Note: Version bump only for package @aws-sdk/client-route-53

3.943.0 (2025-12-02)

Note: Version bump only for package @aws-sdk/client-route-53

3.940.0 (2025-11-25)

Features

client-route-53: Adds support for new route53 feature: accelerated recovery. (dbe0a58)

3.939.0 (2025-11-24)

Note: Version bump only for package @aws-sdk/client-route-53

Commits

309a20f Publish v3.946.0
da6eee7 chore(codegen): sync for typescript formatting (#7546)
eb4e29b chore(codegen): type imports and index tests (#7545)
6900953 Publish v3.943.0
e9962f1 Publish v3.940.0
dbe0a58 feat(client-route-53): Adds support for new route53 feature: accelerated reco...
1592379 Publish v3.939.0
See full diff in compare view

Updates body-parser from 2.2.0 to 2.2.1

Release notes

Sourced from body-parser's releases.

v2.2.1

Important: Security

Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

ci: add dependabot by @Phillip9587 in expressjs/body-parser#593

ci: use full SHAs for github action versions by @Phillip9587 in expressjs/body-parser#594

deps: type-is@^2.0.1 by @Phillip9587 in expressjs/body-parser#599

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/body-parser#609

build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in expressjs/body-parser#610

build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in expressjs/body-parser#611

build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in expressjs/body-parser#613

build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in expressjs/body-parser#612

ci: add codeql github workflows scanning by @Phillip9587 in expressjs/body-parser#614

ci: update CodeQL config to ignore the test directory by @Phillip9587 in expressjs/body-parser#615

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/body-parser#620

build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in expressjs/body-parser#619

chore(deps): unpin devDependencies by @Phillip9587 in expressjs/body-parser#616

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/body-parser#621

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/body-parser#623

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/body-parser#624

chore: add funding to package.json by @Phillip9587 in expressjs/body-parser#617

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/body-parser#625

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/body-parser#630

refactor: move common request validation to read function by @Phillip9587 in expressjs/body-parser#600

deps: bump iconv-lite by @bjohansebas in expressjs/body-parser#631

doc: pull beta changelog forward into 2.0.0 by @jonchurch in expressjs/body-parser#629

refactor: optimize raw and text parsers with shared passthrough function by @Phillip9587 in expressjs/body-parser#634

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#640

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in expressjs/body-parser#639

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#636

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#637

build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in expressjs/body-parser#638

deps: raw-body@^3.0.1 by @Phillip9587 in expressjs/body-parser#641

deps: debug@^4.4.3 by @Phillip9587 in expressjs/body-parser#642

docs: add iconv-lite 0.7.0 changes to history entry by @Phillip9587 in expressjs/body-parser#645

ci: add node.js 25 to test matrix by @Phillip9587 in expressjs/body-parser#650

perf: move read options outside parser middlewares by @Phillip9587 in expressjs/body-parser#648

test(json): add RFC 7159 whitespace edge cases by @Ayoub-Mabrouk in expressjs/body-parser#653

test: add test for urlencoded invalid defaultCharset by @Phillip9587 in expressjs/body-parser#643

build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in expressjs/body-parser#657

build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by @dependabot[bot] in expressjs/body-parser#656

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#655

build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @dependabot[bot] in expressjs/body-parser#654

ci: also test on first supported node.js version by @Phillip9587 in expressjs/body-parser#646

chore: switch badges from badgen.net to shields.io by @Phillip9587 in expressjs/body-parser#661

Remove history.md from being packaged on publish by @bjohansebas in expressjs/body-parser#660

Release: 2.2.1 by @UlisesGascon in expressjs/body-parser#659

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.1 / 2025-11-24

Security fix for GHSA-wqch-xfxh-vrr4

deps:

type-is@^2.0.1

iconv-lite@^0.7.0

Handle split surrogate pairs when encoding UTF-8

Avoid false positives in encodingExists by using prototype-less objects

raw-body@^3.0.1

debug@^4.4.3

Commits

d96b63d 2.2.1 (#659)
b204886 sec: security patch for CVE-2025-13466
e20e351 feat: remove history.md from being packaged on publish (#660)
0d7ce71 docs: switch badges from badgen.net to shields.io (#661)
168afff ci: also test on first supported node.js version (#646)
e539a71 build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#654)
9391612 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#655)
57baafb build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (#656)
a6a088e build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#657)
10a114d test: add test for urlencoded invalid defaultCharset (#643)
Additional commits viewable in compare view

Updates express from 5.1.0 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 5.2.1 by @UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in expressjs/express#6429

Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in expressjs/express#6137

increased code coverage of utils.js file by @ashish3011 in expressjs/express#6386

chore: remove duplicate word by @dufucun in expressjs/express#6456

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in expressjs/express#6498

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/express#6497

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/express#6496

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6504

ci: update codeql config by @Phillip9587 in expressjs/express#6488

chore: wider range for query test skip by @jonchurch in expressjs/express#6512

chore: fix typos in test by @noritaka1166 in expressjs/express#6535

ci: disable credential persistence for checkout actions by @mertssmnoglu in expressjs/express#6522

ci: allow manual triggering of workflow by @shivarm in expressjs/express#6515

test: add coverage for app.listen() variants by @kgarg1 in expressjs/express#6476

docs: move documentation and charters to the discussions and .github … by @bjohansebas in expressjs/express#6427

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/express#6549

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/express#6548

chore: enforce explicit Buffer import and add lint rule by @shivarm in expressjs/express#6525

chore: use node protocol for querystring by @shivarm in expressjs/express#6520

chore: fix typo by @mountdisk in expressjs/express#6609

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/express#6618

add deprecation warnings for redirect arguments undefined by @bjohansebas in expressjs/express#6405

ci: run CI when the markdown changes by @bjohansebas in expressjs/express#6632

doc: fix CONTRIBUTING link by @jonchurch in expressjs/express#6653

doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in expressjs/express#6601

build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in expressjs/express#6679

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in expressjs/express#6678

lint: add --fix flag to automatic fix linting issue by @shivarm in expressjs/express#6644

chore: ignore yarn.lock file and update example by @shivarm in expressjs/express#6588

lib: use req.socket over deprecated req.connection by @bjohansebas in expressjs/express#6705

doc: update express app example by @shivarm in expressjs/express#6718

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/express#6675

Remove history.md from being packaged on publish by @sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

5.2.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: body-parser@^2.2.1

A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

Commits

dbac741 5.2.1
697547c Revert "sec: security patch for CVE-2024-51999"
4007ad1 Release: 5.2.0 (#6920)
2f64f68 sec: security patch for CVE-2024-51999
ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
758d435 deps: body-parser@^2.2.1 (#6922)
77bcd52 docs: update emeritus triagers (#6890)
f33caf1 Nominate to @efekrskl for triage team (#6888)
Additional commits viewable in compare view

Updates @types/express from 5.0.1 to 5.0.6

Commits

See full diff in compare view

Updates @types/express from 5.0.1 to 5.0.6

Commits

See full diff in compare view

Updates ipaddr.js from 2.2.0 to 2.3.0

Changelog

Sourced from ipaddr.js's changelog.

2.3.0 - 2025-11-27

add isValidCIDRFourPartDecimal helper for IPv4 CIDR in four-part decimal form

upgrade eslint dev dependency to v9

remove duplicated LICENSE entry from published files list

Commits

e373b4e Bump version to 2.3.0
d564b1d Add IPv4 CIDR four-part decimal validator
08c2cd4 dep(eslint): upgrade to v9
e6438fe remove LICENSE from files, redundant, always included
See full diff in compare view

Updates lru-cache from 11.2.2 to 11.2.4

Commits

e4ea6c8 11.2.4
4c6930e consistent prettier setting
f29fceb autopurge: also clear timers for eviction, clear()
05d673b 11.2.3
49b3fbe clean up Timer objects when using ttlAutopurge
b7b7c4e BlueOak-1.0.0
e5df0bb ci: get rid of tests for dead node versions
See full diff in compare view

Updates terser-webpack-plugin from 5.3.14 to 5.3.15

Release notes

Sourced from terser-webpack-plugin's releases.

v5.3.15

5.3.15 (2025-12-05)

Bug Fixes

catch error when loading minimizers (#639) (586af0a)

respect errors and warnings from minimizer without code (8607f79)

Changelog

Sourced from terser-webpack-plugin's changelog.

5.3.15 (2025-12-05)

Bug Fixes

catch error when loading minimizers (#639) (586af0a)

respect errors and warnings from minimizer without code (8607f79)

Commits

f337cee chore(release): 5.3.15
8607f79 fix: respect errors and warnings from minimizer without code
30182a3 chore(deps): bump js-yaml (#640)
db35463 docs: update contributing
586af0a fix: catch error when loading minimizers (#639)
15ccc60 chore: migrate from contrib (#638)
17bb741 chore: update github actions/checkout from v4 to v5 (#637)
00c75dc chore: eslint migration (#636)
c46400a chore(deps-dev): bump form-data from 3.0.1 to 3.0.4 (#635)
b3c9d33 docs: improving typos in ISSUE_TEMPLATE files (#633)
Additional commits viewable in compare view

Updates pino-pretty from 13.1.2 to 13.1.3

Release notes

Sourced from pino-pretty's releases.

v13.1.3

What's Changed

Add in the README file a snippet to use pino-pretty only for dev by @himito in pinojs/pino-pretty#623

build(deps): bump actions/setup-node from 4 to 6 by @dependabot[bot] in pinojs/pino-pretty#626

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in pinojs/pino-pretty#627

build(deps-dev): bump pino from 9.14.0 to 10.1.0 by @dependabot[bot] in pinojs/pino-pretty#628

build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 by @dependabot[bot] in pinojs/pino-pretty#629

Update format-time.js documentation to match functionality by @g-sanner in pinojs/pino-pretty#632

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in pinojs/pino-pretty#636

build(deps): bump fast-copy from 3.0.2 to 4.0.0 by @dependabot[bot] in pinojs/pino-pretty#637

fix: messageFormat print 0 value by @gutenye in pinojs/pino-pretty#635

New Contributors

@himito made their first contribution in pinojs/pino-pretty#623

@g-sanner made their first contribution in pinojs/pino-pretty#632

@gutenye made their first contribution in pinojs/pino-pretty#635

Full Changelog: pinojs/pino-pretty@v13.1.2...v13.1.3

Commits

08425cd v13.1.3
6afb524 fix: messageFormat print 0 value (#635)
70c73ea build(deps): bump fast-copy from 3.0.2 to 4.0.0 (#637)
2cd9794 build(deps): bump actions/checkout from 5 to 6 (#636)
c06e276 Update format-time.js documentation to match functionality (#632)
47ffb45 build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 (#629)
932af85 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#628)
6d48318 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#627)
3b89a0c build(deps): bump actions/setup-node from 4 to 6 (#626)
ab0ccab Add in the README file a snippet to use pino-pretty only for dev (#623)
See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
@types/express	[>= 5.a, < 6]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
`@...

Description has been truncated

[!NOTE]
Bumps Express/body-parser, AWS Route 53 SDK, TypeScript tooling, and several utility/libs across the monorepo with lockfile refresh.

Runtime/Server deps:

Update express to ^5.2.1 and body-parser to ^2.2.1 across packages/node, packages/sdk (dev), packages/test-utils, packages/geoip-location (dev), and packages/autocertifier-server; bump @types/express to ^5.0.6.

Bump node-forge to ^1.3.3 in packages/autocertifier-client.

Networking/utilities: ipaddr.js to ^2.3.0, lru-cache to ^11.2.4 in packages/dht and packages/sdk.

Logging: pino-pretty to ^13.1.3 in packages/utils.

Cloud SDK:

@aws-sdk/client-route-53 to ^3.946.0 in packages/autocertifier-server.

Build/Test tooling:

Root dev deps: lerna ^9.0.3, ts-jest ^29.4.6, typescript-eslint ^8.48.1.

Frontend build: terser-webpack-plugin to ^5.3.15 in packages/sdk.

Lockfile:

Refresh package-lock.json with transitive updates (AWS Smithy, debug, iconv-lite, etc.).

^{Written by Cursor Bugbot for commit 58a0b97. This will update automatically on new commits. Configure here.}

…pdates Bumps the dependencies group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [lerna](https://github.com/lerna/lerna/tree/HEAD/packages/lerna) | `9.0.1` | `9.0.3` | | [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.5` | `29.4.6` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.47.0` | `8.48.1` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.3.3` | | [@aws-sdk/client-route-53](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-route-53) | `3.936.0` | `3.946.0` | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.1` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` | | [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `5.0.1` | `5.0.6` | | [ipaddr.js](https://github.com/whitequark/ipaddr.js) | `2.2.0` | `2.3.0` | | [lru-cache](https://github.com/isaacs/node-lru-cache) | `11.2.2` | `11.2.4` | | [terser-webpack-plugin](https://github.com/webpack/terser-webpack-plugin) | `5.3.14` | `5.3.15` | | [pino-pretty](https://github.com/pinojs/pino-pretty) | `13.1.2` | `13.1.3` | Updates `lerna` from 9.0.1 to 9.0.3 - [Release notes](https://github.com/lerna/lerna/releases) - [Changelog](https://github.com/lerna/lerna/blob/main/packages/lerna/CHANGELOG.md) - [Commits](https://github.com/lerna/lerna/commits/v9.0.3/packages/lerna) Updates `ts-jest` from 29.4.5 to 29.4.6 - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md) - [Commits](kulshekhar/ts-jest@v29.4.5...v29.4.6) Updates `typescript-eslint` from 8.47.0 to 8.48.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.1/packages/typescript-eslint) Updates `node-forge` from 1.3.1 to 1.3.3 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.3) Updates `@aws-sdk/client-route-53` from 3.936.0 to 3.946.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-route-53/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.946.0/clients/client-route-53) Updates `body-parser` from 2.2.0 to 2.2.1 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.1) Updates `express` from 5.1.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v5.1.0...v5.2.1) Updates `@types/express` from 5.0.1 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `@types/express` from 5.0.1 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `ipaddr.js` from 2.2.0 to 2.3.0 - [Changelog](https://github.com/whitequark/ipaddr.js/blob/main/Changes.md) - [Commits](whitequark/ipaddr.js@v2.2.0...v2.3.0) Updates `lru-cache` from 11.2.2 to 11.2.4 - [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md) - [Commits](isaacs/node-lru-cache@v11.2.2...v11.2.4) Updates `terser-webpack-plugin` from 5.3.14 to 5.3.15 - [Release notes](https://github.com/webpack/terser-webpack-plugin/releases) - [Changelog](https://github.com/webpack/terser-webpack-plugin/blob/main/CHANGELOG.md) - [Commits](webpack/minimizer-webpack-plugin@v5.3.14...v5.3.15) Updates `pino-pretty` from 13.1.2 to 13.1.3 - [Release notes](https://github.com/pinojs/pino-pretty/releases) - [Commits](pinojs/pino-pretty@v13.1.2...v13.1.3) --- updated-dependencies: - dependency-name: lerna dependency-version: 9.0.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: ts-jest dependency-version: 29.4.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: typescript-eslint dependency-version: 8.48.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: node-forge dependency-version: 1.3.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: "@aws-sdk/client-route-53" dependency-version: 3.946.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: body-parser dependency-version: 2.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: ipaddr.js dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: lru-cache dependency-version: 11.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: terser-webpack-plugin dependency-version: 5.3.15 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: pino-pretty dependency-version: 13.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-12-15T12:24:39Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 8, 2025

github-actions Bot added test-utils Related to Test Utils Package dht Related to DHT package utils sdk node labels Dec 8, 2025

dependabot Bot force-pushed the dependabot/npm_and_yarn/dependencies-85c7c76ce8 branch from 8d87237 to af2c845 Compare December 8, 2025 15:20

dependabot Bot force-pushed the dependabot/npm_and_yarn/dependencies-85c7c76ce8 branch from af2c845 to 58a0b97 Compare December 8, 2025 15:39

dependabot Bot closed this Dec 15, 2025

dependabot Bot deleted the dependabot/npm_and_yarn/dependencies-85c7c76ce8 branch December 15, 2025 12:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the dependencies group across 1 directory with 12 updates#3264

build(deps): bump the dependencies group across 1 directory with 12 updates#3264
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dependencies-85c7c76ce8

dependabot Bot commented on behalf of github Dec 8, 2025 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Dec 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Dec 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v9.0.3

9.0.3 (2025-11-27)

9.0.3 (2025-11-27)

9.0.2 (2025-11-27)

v29.4.6

29.4.6 (2025-12-01)

Bug Fixes

v8.48.1

8.48.1 (2025-12-02)

⏪ Reverts

🩹 Fixes

❤️ Thank You

v8.48.0

8.48.0 (2025-11-24)

🚀 Features

🩹 Fixes

❤️ Thank You

8.48.1 (2025-12-02)

8.48.0 (2025-11-24)

1.3.3 - 2025-12-02

Fixed

1.3.2 - 2025-11-25

Security

Fixed

v3.946.0

3.946.0(2025-12-05)

Chores

Documentation Changes

New Features

Bug Fixes

v3.945.0

3.945.0(2025-12-04)

New Features

v3.944.0

3.944.0(2025-12-03)

New Features

3.946.0 (2025-12-05)

3.943.0 (2025-12-02)

3.940.0 (2025-11-25)

Features

3.939.0 (2025-11-24)

v2.2.1

Important: Security

What's Changed

2.2.1 / 2025-11-24

v5.2.1

What's Changed

v5.2.0

Important: Security

What's Changed

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

2.3.0 - 2025-11-27

v5.3.15

5.3.15 (2025-12-05)

Bug Fixes

5.3.15 (2025-12-05)

Bug Fixes

v13.1.3

What's Changed

New Contributors

Uh oh!

dependabot Bot commented on behalf of github Dec 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Dec 8, 2025 •

edited

Loading