parasitepool/parastats
2
0
Fork 0
Code Issues 9 Pull requests 2 Projects Releases Activity Actions

Bump the minor-and-patch group across 1 directory with 7 updates #192

Merged
dependabot[bot] merged 2 commits from dependabot/npm_and_yarn/minor-and-patch-0632d8a636 into master 2026-03-16 18:09:59 +00:00
Conversation 0 Commits 2 Files changed 2 +103 -94
dependabot[bot] commented 2026-03-16 07:28:07 +00:00 (Migrated from github.com)
Copy link

Bumps the minor-and-patch group with 7 updates in the / directory:

Package From To
@sats-connect/core 0.17.1 0.17.3
better-sqlite3 12.6.2 12.8.0
framer-motion 12.34.4 12.36.0
pg 8.19.0 8.20.0
undici 7.22.0 7.24.3
@eslint/eslintrc 3.3.4 3.3.5
@types/node 25.3.3 25.5.0

Updates @sats-connect/core from 0.17.1 to 0.17.3

Commits

Updates better-sqlite3 from 12.6.2 to 12.8.0

Release notes

Sourced from better-sqlite3's releases.

v12.8.0

What's Changed

New Contributors

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

Full Changelog: https://github.com/WiseLibs/better-sqlite3/compare/v12.7.1...v12.8.0

v12.7.1

Also not a viable release

The V8 API change was more bonkers than expected. See v12.8.0.

What's Changed

Full Changelog: https://github.com/WiseLibs/better-sqlite3/compare/v12.7.0...v12.7.1

v12.7.0

CAUTION: NOT A VIABLE RELEASE

Two (!!) reasons:

  1. Electron v41 bit us and removed functions we were using, so a bunch of prebuilds are missing
  2. From the SQLite team:

    Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

What's Changed

Full Changelog: https://github.com/WiseLibs/better-sqlite3/compare/v12.6.2...v12.7.0

... (truncated)

Commits

Updates framer-motion from 12.34.4 to 12.36.0

Changelog

Sourced from framer-motion's changelog.

[12.36.0] 2026-03-09

Added

  • Allow dragSnapToOrigin to accept "x" or "y" for per-axis snapping.
  • Added axis-locked layout animations with layout="x" and layout="y".
  • Added skipInitialAnimation to useSpring.

Fixed

  • Fixed height and width: auto animations with box-sizing: border-box.
  • Reset component values when exit animation finishes.
  • Ensure anticipate easing returns 1 at p === 1.
  • Fix @emotion/is-prop-valid resolve error in Storybook.
  • Remove data-pop-layout-id from exiting elements when animation interrupted.
  • Ensure we skip WAAPI for non-animatable keyframes.
  • Ensure we skip WAAPI for SVG transforms.
  • Ensure MotionValue props are not passed to SVG.
  • AnimatePresence: Prevent mode="wait" elements from getting stuck when switched rapidly.

[12.35.2] 2026-03-09

Fixed

  • Reduced filesize of styleEffect.
  • Fix rounding from popLayout.
  • opacity animations in React Strict Mode in development.
  • Ensure useSpring is not affected by monitor framerate.
  • Updating animations sequence segment types to exclude lifecycle handlers.
  • Fix layout animations with parents offset by a %-based translation.
  • Fix autoplay: false with WAAPI animations.
  • Fix layout jump in React Strict Mode in development.
  • Detect divide-by-zero in CSS calc() values before making animatable templates.

[12.35.1] 2026-03-06

Fixed

  • Fixing combination of string keyframes, spring and delay.
  • Gracefully handle negative scroll values.
  • Fix one-frame visual gap when rapidly switching WAAPI animations.
  • animation.time = 0 on a finished animation sets the playhead in a paused state.

[12.35.0] 2026-03-03

Added

  • ViewTimeline support for scroll and useScroll.

[12.34.6] 2026-03-03

... (truncated)

Commits
  • ea66e17 v12.36.0
  • db5726d Adding tests for exit animations
  • 5ccc21a Updating changelog
  • 06159b3 Latest
  • ed64e5f Merge pull request #3625 from motiondivision/worktree-fix-issue-3141
  • 5fad98c Merge pull request #3627 from motiondivision/worktree-fix-issue-3103
  • f084bb2 Simplify axis-snap logic: use copyAxisInto, remove redundant isShared block
  • 3204711 Merge pull request #3626 from motiondivision/audit/motion-dom-frameloop
  • 25bf593 Merge pull request #3629 from motiondivision/worktree-fix-issue-3082
  • 0dad36b Merge pull request #3634 from motiondivision/worktree-fix-issue-3102
  • Additional commits viewable in compare view

Updates pg from 8.19.0 to 8.20.0

Changelog

Sourced from pg's changelog.

pg@8.20.0

  • Add onConnect callback to pg.Pool constructor options allowing for async initialization of newly created & connected pooled clients.
Commits

Updates undici from 7.22.0 to 7.24.3

Release notes

Sourced from undici's releases.

v7.24.3

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.24.2...v7.24.3

v7.24.2

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2

v7.24.1

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

  • GHSA-2mjp-6q6p-2qxm / CVE-2026-1525 (Medium)
    Inconsistent interpretation of HTTP requests (request/response smuggling class issue).

  • GHSA-f269-vfmq-vjvj / CVE-2026-1528 (High)
    Malicious WebSocket 64-bit frame length handling could crash the client.

  • GHSA-phc3-fgpg-7m6h / CVE-2026-2581 (Medium)
    Unbounded memory consumption in deduplication interceptor response buffering (DoS risk).

  • GHSA-4992-7rv2-5pvq / CVE-2026-1527 (Medium)
    CRLF injection via the upgrade option.

  • GHSA-v9p9-hfj2-hcw8 / CVE-2026-2229 (High)
    Unhandled exception from invalid server_max_window_bits in WebSocket permessage-deflate negotiation.

  • GHSA-vrm6-8vpv-qv8q / CVE-2026-1526 (High)
    Unbounded memory consumption in WebSocket permessage-deflate decompression.

... (truncated)

Commits

Updates @eslint/eslintrc from 3.3.4 to 3.3.5

Release notes

Sourced from @​eslint/eslintrc's releases.

eslintrc: v3.3.5

3.3.5 (2026-03-04)

Bug Fixes

  • update dependency minimatch to ^3.1.5 (#227) (3dc2381)
Changelog

Sourced from @​eslint/eslintrc's changelog.

3.3.5 (2026-03-04)

Bug Fixes

  • update dependency minimatch to ^3.1.5 (#227) (3dc2381)
Commits

Updates @types/node from 25.3.3 to 25.5.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
Bumps the minor-and-patch group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@sats-connect/core](https://github.com/secretkeylabs/sats-connect-core) | `0.17.1` | `0.17.3` | | [better-sqlite3](https://github.com/WiseLibs/better-sqlite3) | `12.6.2` | `12.8.0` | | [framer-motion](https://github.com/motiondivision/motion) | `12.34.4` | `12.36.0` | | [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.19.0` | `8.20.0` | | [undici](https://github.com/nodejs/undici) | `7.22.0` | `7.24.3` | | [@eslint/eslintrc](https://github.com/eslint/eslintrc) | `3.3.4` | `3.3.5` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.3.3` | `25.5.0` | Updates `@sats-connect/core` from 0.17.1 to 0.17.3 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/secretkeylabs/sats-connect-core/commits">compare view</a></li> </ul> </details> <br /> Updates `better-sqlite3` from 12.6.2 to 12.8.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/WiseLibs/better-sqlite3/releases">better-sqlite3's releases</a>.</em></p> <blockquote> <h2>v12.8.0</h2> <h2>What's Changed</h2> <ul> <li>Readme: requires Node.js v20 or later by <a href="https://github.com/Prinzhorn"><code>@​Prinzhorn</code></a> in <a href="https://redirect.github.com/WiseLibs/better-sqlite3/pull/1443">WiseLibs/better-sqlite3#1443</a></li> <li>Update SQLite to version 3.51.3 in <a href="https://redirect.github.com/WiseLibs/better-sqlite3/pull/1460">WiseLibs/better-sqlite3#1460</a></li> <li>fix: use HolderV2() for PropertyCallbackInfo on V8 &gt;= 12.5 by <a href="https://github.com/tstone-1"><code>@​tstone-1</code></a> in <a href="https://redirect.github.com/WiseLibs/better-sqlite3/pull/1459">WiseLibs/better-sqlite3#1459</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/tstone-1"><code>@​tstone-1</code></a> made their first contribution in <a href="https://redirect.github.com/WiseLibs/better-sqlite3/pull/1459">WiseLibs/better-sqlite3#1459</a></li> </ul> <h2>Why SQLite v3.51.3 instead of v3.52.0</h2> <p>From the SQLite team:</p> <blockquote> <p>Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.</p> <p>Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.</p> <p>At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.</p> </blockquote> <p><strong>Full Changelog</strong>: <a href="https://github.com/WiseLibs/better-sqlite3/compare/v12.7.1...v12.8.0">https://github.com/WiseLibs/better-sqlite3/compare/v12.7.1...v12.8.0</a></p> <h2>v12.7.1</h2> <h2>Also not a viable release</h2> <p>The V8 API change was more bonkers than expected. See v12.8.0.</p> <h2>What's Changed</h2> <ul> <li>fix: use Holder() instead of This() for Electron 41 compatibility by <a href="https://github.com/mceachen"><code>@​mceachen</code></a> in <a href="https://redirect.github.com/WiseLibs/better-sqlite3/pull/1456">WiseLibs/better-sqlite3#1456</a></li> <li>Roll back to SQLite to version 3.51.2 in <a href="https://redirect.github.com/WiseLibs/better-sqlite3/pull/1457">WiseLibs/better-sqlite3#1457</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/WiseLibs/better-sqlite3/compare/v12.7.0...v12.7.1">https://github.com/WiseLibs/better-sqlite3/compare/v12.7.0...v12.7.1</a></p> <h2>v12.7.0</h2> <h2>CAUTION: NOT A VIABLE RELEASE</h2> <p>Two (!!) reasons:</p> <ol> <li>Electron v41 bit us and removed functions we were using, so a bunch of prebuilds are missing</li> <li>From the SQLite team: <blockquote> <p><strong>Some important issues have been found with version 3.52.0.</strong> In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.</p> </blockquote> </li> </ol> <h2>What's Changed</h2> <ul> <li>chore(build.yml): update Electron version support to include v41 by <a href="https://github.com/mceachen"><code>@​mceachen</code></a> in <a href="https://redirect.github.com/WiseLibs/better-sqlite3/pull/1452">WiseLibs/better-sqlite3#1452</a></li> <li>Fix Node v25 test errors by <a href="https://github.com/m4heshd"><code>@​m4heshd</code></a> in <a href="https://redirect.github.com/WiseLibs/better-sqlite3/pull/1454">WiseLibs/better-sqlite3#1454</a></li> <li>Update SQLite to version 3.52.0 in <a href="https://redirect.github.com/WiseLibs/better-sqlite3/pull/1449">WiseLibs/better-sqlite3#1449</a></li> <li>Revert &quot;Fix Node v25 test errors&quot; by <a href="https://github.com/mceachen"><code>@​mceachen</code></a> in <a href="https://redirect.github.com/WiseLibs/better-sqlite3/pull/1455">WiseLibs/better-sqlite3#1455</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/WiseLibs/better-sqlite3/compare/v12.6.2...v12.7.0">https://github.com/WiseLibs/better-sqlite3/compare/v12.6.2...v12.7.0</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/WiseLibs/better-sqlite3/commit/fe774f578dde9e40d160fe7d4fa9f4148da8ffc8"><code>fe774f5</code></a> 12.8.0</li> <li><a href="https://github.com/WiseLibs/better-sqlite3/commit/8617ed645e7717710f83faad90b3eb6a4e5a6e95"><code>8617ed6</code></a> fix: use HolderV2() for PropertyCallbackInfo on V8 &gt;= 12.5 (<a href="https://redirect.github.com/WiseLibs/better-sqlite3/issues/1459">#1459</a>)</li> <li><a href="https://github.com/WiseLibs/better-sqlite3/commit/959a01885c747964ed9d659b9f152ec52d458499"><code>959a018</code></a> Update SQLite to version 3.51.3 (<a href="https://redirect.github.com/WiseLibs/better-sqlite3/issues/1460">#1460</a>)</li> <li><a href="https://github.com/WiseLibs/better-sqlite3/commit/43729c0af497ca4d4bda8a1422f941cba607e780"><code>43729c0</code></a> Readme: requires Node.js v20 or later (<a href="https://redirect.github.com/WiseLibs/better-sqlite3/issues/1443">#1443</a>)</li> <li><a href="https://github.com/WiseLibs/better-sqlite3/commit/27dc75112435a079bcf9be81c40b1549cc3630d8"><code>27dc751</code></a> 12.7.1</li> <li><a href="https://github.com/WiseLibs/better-sqlite3/commit/db1119c64e58c935f34f075c8362d141e24a57df"><code>db1119c</code></a> Update SQLite to version 3.51.2 (<a href="https://redirect.github.com/WiseLibs/better-sqlite3/issues/1457">#1457</a>)</li> <li><a href="https://github.com/WiseLibs/better-sqlite3/commit/d2c481596d6f5bbe2fe351ac9d186a931d216325"><code>d2c4815</code></a> fix: use Holder() instead of This() for Electron 41 compatibility (<a href="https://redirect.github.com/WiseLibs/better-sqlite3/issues/1456">#1456</a>)</li> <li><a href="https://github.com/WiseLibs/better-sqlite3/commit/ef9ffce2cdd6a2defaf162185335cd248feb3ad0"><code>ef9ffce</code></a> 12.7.0</li> <li><a href="https://github.com/WiseLibs/better-sqlite3/commit/3be46ffb058bb653c385d2435e073881d7cfdaca"><code>3be46ff</code></a> Revert &quot;Fix Node v25 test errors&quot; (<a href="https://redirect.github.com/WiseLibs/better-sqlite3/issues/1455">#1455</a>)</li> <li><a href="https://github.com/WiseLibs/better-sqlite3/commit/f3a44a43f0fcb86d40866793786d72da453e7ed3"><code>f3a44a4</code></a> Update SQLite to version 3.52.0 (<a href="https://redirect.github.com/WiseLibs/better-sqlite3/issues/1449">#1449</a>)</li> <li>Additional commits viewable in <a href="https://github.com/WiseLibs/better-sqlite3/compare/v12.6.2...v12.8.0">compare view</a></li> </ul> </details> <br /> Updates `framer-motion` from 12.34.4 to 12.36.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's changelog</a>.</em></p> <blockquote> <h2>[12.36.0] 2026-03-09</h2> <h3>Added</h3> <ul> <li>Allow <code>dragSnapToOrigin</code> to accept <code>&quot;x&quot;</code> or <code>&quot;y&quot;</code> for per-axis snapping.</li> <li>Added axis-locked layout animations with <code>layout=&quot;x&quot;</code> and <code>layout=&quot;y&quot;</code>.</li> <li>Added <code>skipInitialAnimation</code> to <code>useSpring</code>.</li> </ul> <h3>Fixed</h3> <ul> <li>Fixed <code>height</code> and <code>width: auto</code> animations with <code>box-sizing: border-box</code>.</li> <li>Reset component values when exit animation finishes.</li> <li>Ensure <code>anticipate</code> easing returns <code>1</code> at <code>p === 1</code>.</li> <li>Fix <code>@emotion/is-prop-valid</code> resolve error in Storybook.</li> <li>Remove <code>data-pop-layout-id</code> from exiting elements when animation interrupted.</li> <li>Ensure we skip WAAPI for non-animatable keyframes.</li> <li>Ensure we skip WAAPI for SVG transforms.</li> <li>Ensure <code>MotionValue</code> props are not passed to SVG.</li> <li><code>AnimatePresence</code>: Prevent <code>mode=&quot;wait&quot;</code> elements from getting stuck when switched rapidly.</li> </ul> <h2>[12.35.2] 2026-03-09</h2> <h3>Fixed</h3> <ul> <li>Reduced filesize of <code>styleEffect</code>.</li> <li>Fix rounding from <code>popLayout</code>.</li> <li><code>opacity</code> animations in React Strict Mode in development.</li> <li>Ensure <code>useSpring</code> is not affected by monitor framerate.</li> <li>Updating animations sequence segment types to exclude lifecycle handlers.</li> <li>Fix layout animations with parents offset by a <code>%</code>-based translation.</li> <li>Fix <code>autoplay: false</code> with WAAPI animations.</li> <li>Fix layout jump in React Strict Mode in development.</li> <li>Detect divide-by-zero in CSS <code>calc()</code> values before making animatable templates.</li> </ul> <h2>[12.35.1] 2026-03-06</h2> <h3>Fixed</h3> <ul> <li>Fixing combination of string keyframes, spring and <code>delay</code>.</li> <li>Gracefully handle negative scroll values.</li> <li>Fix one-frame visual gap when rapidly switching WAAPI animations.</li> <li><code>animation.time = 0</code> on a finished animation sets the playhead in a paused state.</li> </ul> <h2>[12.35.0] 2026-03-03</h2> <h3>Added</h3> <ul> <li><code>ViewTimeline</code> support for <code>scroll</code> and <code>useScroll</code>.</li> </ul> <h2>[12.34.6] 2026-03-03</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/motiondivision/motion/commit/ea66e177f27fc2329295c353abd3907bb48bff60"><code>ea66e17</code></a> v12.36.0</li> <li><a href="https://github.com/motiondivision/motion/commit/db5726dcb5f48c714f31d33d4805e85d588ba50c"><code>db5726d</code></a> Adding tests for exit animations</li> <li><a href="https://github.com/motiondivision/motion/commit/5ccc21a3386b48e75379d540bc5a5a1f6a4c3c40"><code>5ccc21a</code></a> Updating changelog</li> <li><a href="https://github.com/motiondivision/motion/commit/06159b33403c5a1567cdbe2ab5492affb4bfbc5c"><code>06159b3</code></a> Latest</li> <li><a href="https://github.com/motiondivision/motion/commit/ed64e5fc398fd075e8fd19e32cebf2d6df0c4234"><code>ed64e5f</code></a> Merge pull request <a href="https://redirect.github.com/motiondivision/motion/issues/3625">#3625</a> from motiondivision/worktree-fix-issue-3141</li> <li><a href="https://github.com/motiondivision/motion/commit/5fad98c757808d9f49691ca0cadd77259cdc459a"><code>5fad98c</code></a> Merge pull request <a href="https://redirect.github.com/motiondivision/motion/issues/3627">#3627</a> from motiondivision/worktree-fix-issue-3103</li> <li><a href="https://github.com/motiondivision/motion/commit/f084bb2e1d98dd40e0d66d277fee2c3a7ebf9912"><code>f084bb2</code></a> Simplify axis-snap logic: use copyAxisInto, remove redundant isShared block</li> <li><a href="https://github.com/motiondivision/motion/commit/32047118ff4177e2ae5f7e0f0a19147375be17b2"><code>3204711</code></a> Merge pull request <a href="https://redirect.github.com/motiondivision/motion/issues/3626">#3626</a> from motiondivision/audit/motion-dom-frameloop</li> <li><a href="https://github.com/motiondivision/motion/commit/25bf593faa34de862c7088e3478acae0124e0643"><code>25bf593</code></a> Merge pull request <a href="https://redirect.github.com/motiondivision/motion/issues/3629">#3629</a> from motiondivision/worktree-fix-issue-3082</li> <li><a href="https://github.com/motiondivision/motion/commit/0dad36bd8d0de94f447495b56067d1589bf42f41"><code>0dad36b</code></a> Merge pull request <a href="https://redirect.github.com/motiondivision/motion/issues/3634">#3634</a> from motiondivision/worktree-fix-issue-3102</li> <li>Additional commits viewable in <a href="https://github.com/motiondivision/motion/compare/v12.34.4...v12.36.0">compare view</a></li> </ul> </details> <br /> Updates `pg` from 8.19.0 to 8.20.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md">pg's changelog</a>.</em></p> <blockquote> <h2>pg@8.20.0</h2> <ul> <li>Add <a href="https://redirect.github.com/brianc/node-postgres/pull/3620">onConnect</a> callback to pg.Pool constructor options allowing for async initialization of newly created &amp; connected pooled clients.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/brianc/node-postgres/commit/c9070cc8d526fca65780cedc25c1966b57cf7532"><code>c9070cc</code></a> Publish</li> <li><a href="https://github.com/brianc/node-postgres/commit/ad36e3c9e80fae771d636328420cebe7d544baae"><code>ad36e3c</code></a> fix: typo in deprecation notice for <code>client.query()</code> (<a href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3618">#3618</a>)</li> <li>See full diff in <a href="https://github.com/brianc/node-postgres/commits/pg@8.20.0/packages/pg">compare view</a></li> </ul> </details> <br /> Updates `undici` from 7.22.0 to 7.24.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v7.24.3</h2> <h2>What's Changed</h2> <ul> <li>fix(h2): TypeError: Cannot read properties of null (reading 'push') i… by <a href="https://github.com/hxinhan"><code>@​hxinhan</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4881">nodejs/undici#4881</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.24.2...v7.24.3">https://github.com/nodejs/undici/compare/v7.24.2...v7.24.3</a></p> <h2>v7.24.2</h2> <h2>What's Changed</h2> <ul> <li>fix fetch path logic by <a href="https://github.com/KhafraDev"><code>@​KhafraDev</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4890">nodejs/undici#4890</a></li> <li>remove maxDecompressedMessageSize by <a href="https://github.com/KhafraDev"><code>@​KhafraDev</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4891">nodejs/undici#4891</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2">https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2</a></p> <h2>v7.24.1</h2> <h2>What's Changed</h2> <ul> <li>fix: <strong>proto</strong> pollution by <a href="https://github.com/rahulyadav5524"><code>@​rahulyadav5524</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4885">nodejs/undici#4885</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1">https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1</a></p> <h2>v7.24.0</h2> <h1>Undici v7.24.0 Security Release Notes</h1> <p>This release addresses multiple security vulnerabilities in Undici.</p> <h2>Upgrade guidance</h2> <p>All users on v7 should upgrade to <strong>v7.24.0</strong> or later.</p> <h2>Fixed advisories</h2> <ul> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm">GHSA-2mjp-6q6p-2qxm</a> / CVE-2026-1525 (Medium)<br /> Inconsistent interpretation of HTTP requests (request/response smuggling class issue).</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj">GHSA-f269-vfmq-vjvj</a> / CVE-2026-1528 (High)<br /> Malicious WebSocket 64-bit frame length handling could crash the client.</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h">GHSA-phc3-fgpg-7m6h</a> / CVE-2026-2581 (Medium)<br /> Unbounded memory consumption in deduplication interceptor response buffering (DoS risk).</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq">GHSA-4992-7rv2-5pvq</a> / CVE-2026-1527 (Medium)<br /> CRLF injection via the <code>upgrade</code> option.</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8">GHSA-v9p9-hfj2-hcw8</a> / CVE-2026-2229 (High)<br /> Unhandled exception from invalid <code>server_max_window_bits</code> in WebSocket permessage-deflate negotiation.</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q">GHSA-vrm6-8vpv-qv8q</a> / CVE-2026-1526 (High)<br /> Unbounded memory consumption in WebSocket permessage-deflate decompression.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/9b96516c266ddf37f658179448a1a19479d8c204"><code>9b96516</code></a> Bumped v7.24.3</li> <li><a href="https://github.com/nodejs/undici/commit/79266603db63492826382375a504c580d86845c8"><code>7926660</code></a> Ignore .githuman</li> <li><a href="https://github.com/nodejs/undici/commit/9eaa5af23e8be069556af812a982bc7d59932bb7"><code>9eaa5af</code></a> fix(h2): TypeError: Cannot read properties of null (reading 'push') in Reques...</li> <li><a href="https://github.com/nodejs/undici/commit/a9bfe210b093366a5d11ce5315e56adbadfbb78d"><code>a9bfe21</code></a> ignore .pi</li> <li><a href="https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd"><code>f2e155b</code></a> Bumped v7.24.2</li> <li><a href="https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da"><code>4d2d1af</code></a> remove maxDecompressedMessageSize (<a href="https://redirect.github.com/nodejs/undici/issues/4891">#4891</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb"><code>3a05a4f</code></a> fix fetch path logic (<a href="https://redirect.github.com/nodejs/undici/issues/4890">#4890</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591"><code>23e3cd3</code></a> Bumped v7.24.1</li> <li><a href="https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566"><code>3aedaa8</code></a> remove PLAN.md</li> <li><a href="https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156"><code>0d7ec33</code></a> fix: <strong>proto</strong> pollution (<a href="https://redirect.github.com/nodejs/undici/issues/4885">#4885</a>)</li> <li>Additional commits viewable in <a href="https://github.com/nodejs/undici/compare/v7.22.0...v7.24.3">compare view</a></li> </ul> </details> <br /> Updates `@eslint/eslintrc` from 3.3.4 to 3.3.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/eslint/eslintrc/releases"><code>@​eslint/eslintrc</code>'s releases</a>.</em></p> <blockquote> <h2>eslintrc: v3.3.5</h2> <h2><a href="https://github.com/eslint/eslintrc/compare/eslintrc-v3.3.4...eslintrc-v3.3.5">3.3.5</a> (2026-03-04)</h2> <h3>Bug Fixes</h3> <ul> <li>update dependency minimatch to ^3.1.5 (<a href="https://redirect.github.com/eslint/eslintrc/issues/227">#227</a>) (<a href="https://github.com/eslint/eslintrc/commit/3dc2381e3e063f41e6b135650d05cdfe4045804e">3dc2381</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/eslint/eslintrc/blob/main/CHANGELOG.md"><code>@​eslint/eslintrc</code>'s changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/eslint/eslintrc/compare/eslintrc-v3.3.4...eslintrc-v3.3.5">3.3.5</a> (2026-03-04)</h2> <h3>Bug Fixes</h3> <ul> <li>update dependency minimatch to ^3.1.5 (<a href="https://redirect.github.com/eslint/eslintrc/issues/227">#227</a>) (<a href="https://github.com/eslint/eslintrc/commit/3dc2381e3e063f41e6b135650d05cdfe4045804e">3dc2381</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eslint/eslintrc/commit/5135df1a5388ebb2e340a631c69f0d3ce9f2432f"><code>5135df1</code></a> chore: release 3.3.5 🚀 (<a href="https://redirect.github.com/eslint/eslintrc/issues/228">#228</a>)</li> <li><a href="https://github.com/eslint/eslintrc/commit/c109d69371e8544823637b708a16735e9136536c"><code>c109d69</code></a> docs: Update README sponsors</li> <li><a href="https://github.com/eslint/eslintrc/commit/3dc2381e3e063f41e6b135650d05cdfe4045804e"><code>3dc2381</code></a> fix: update dependency minimatch to ^3.1.5 (<a href="https://redirect.github.com/eslint/eslintrc/issues/227">#227</a>)</li> <li><a href="https://github.com/eslint/eslintrc/commit/81385b67f04cac42ab068dc78e3ee1ce6668ef5c"><code>81385b6</code></a> ci: pin Node.js 25.6.1 (<a href="https://redirect.github.com/eslint/eslintrc/issues/226">#226</a>)</li> <li>See full diff in <a href="https://github.com/eslint/eslintrc/compare/eslintrc-v3.3.4...eslintrc-v3.3.5">compare view</a></li> </ul> </details> <br /> Updates `@types/node` from 25.3.3 to 25.5.0 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details>
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something isn't working

  
dependencies

Pull requests that update a dependency file

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
haspr

Has a PR open that resolves this issue

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
javascript

Pull requests that update javascript code

  
question

Further information is requested

  
wontfix

This will not be worked on

No labels
bug
dependencies
documentation
duplicate
enhancement
good first issue
haspr
help wanted
invalid
javascript
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
parasitepool/parastats!192
No description provided.