chore(deps)(deps): bump the production-dependencies group across 1 directory with 13 updates by dependabot[bot] · Pull Request #95 · FutureSolutionDev/Deploy-Center-Server

dependabot · 2026-06-08T03:06:43Z

Bumps the production-dependencies group with 13 updates in the / directory:

Package	From	To
axios	`1.16.1`	`1.17.0`
bullmq	`5.77.1`	`5.78.0`
cors	`2.8.5`	`2.8.6`
dotenv	`17.2.3`	`17.4.2`
express-validator	`7.3.1`	`7.3.2`
fs-extra	`11.3.3`	`11.3.5`
helmet	`8.1.0`	`8.2.0`
ioredis	`5.10.1`	`5.11.1`
joi	`18.0.2`	`18.2.1`
mariadb	`3.4.5`	`3.5.2`
morgan	`1.10.1`	`1.11.0`
mysql2	`3.16.0`	`3.22.5`
nodemailer	`8.0.8`	`8.0.10`

Updates axios from 1.16.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)

Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)

React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)

Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)

Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)

Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)

Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)

Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)

CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)

Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)

Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)

Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@BasixKOR (#6792)

@carladams1299-lab (#10861)

@LaplaceYoung (#10812)

@JamieMagee (#10939)

@RonGamzu (#10905)

@sapirbaruch (#10891)

@nezukoagent (#10901)

@devareddy05 (#10929)

@Mohammad-Faiz-Cloud-Engineer (#10922)

@azandabot (#10931)

@niksy (#10896)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)

Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)

React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)

Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)

Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)

Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)

Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)

Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)

CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)

Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)

Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)

Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@BasixKOR (#6792)

@carladams1299-lab (#10861)

@LaplaceYoung (#10812)

@JamieMagee (#10939)

@RonGamzu (#10905)

@sapirbaruch (#10891)

@nezukoagent (#10901)

@devareddy05 (#10929)

@Mohammad-Faiz-Cloud-Engineer (#10922)

@azandabot (#10931)

@niksy (#10896)

Full Changelog

Commits

4306df2 chore: add fun 88 sponsorship
931cc8f chore(release): prepare release 1.17.0 (#10983)
38ba1b3 fix(fetch): support basic auth from URL (#10896)
32e2515 fix: replace ternary side effect in script (#10931)
030e722 chore(deps): bump axios from 1.15.2 to 1.16.1 in /docs (#10960)
ec63164 chore: remove openspec (#10958)
3dec28f fix(http): preserve TLS options for proxy tunnels (#10957)
a2390a5 fix: correct isCancel type to narrow to CanceledError<T> (#10952)
fa01b92 chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /docs (#10954)
2d2314a fix: AxiosHeaders toJSON() return types (#10956)
Additional commits viewable in compare view

Updates bullmq from 5.77.1 to 5.78.0

Release notes

Sourced from bullmq's releases.

v5.78.0

5.78.0 (2026-06-02)

Features

rust: initial implementation of rust support (#4200) (38798cc)

v5.77.7

5.77.7 (2026-06-01)

Bug Fixes

deps: update dependency msgpackr to v2.0.2 [security] (#4202) (fbe04af)

v5.77.6

5.77.6 (2026-05-27)

Bug Fixes

types: change NodeRedisRawClient to be node-redis compliant (#4195) (81709e4)

v5.77.5

5.77.5 (2026-05-27)

Bug Fixes

connection: handle cluster reconnection with timeouts (#4186) (411690e)

v5.77.4

5.77.4 (2026-05-26)

Bug Fixes

deduplication: preserve custom jobId when requeuing keepLastIfActive proto-jobs (#4190) fixes #4030 (6e4972e)

v5.77.3

5.77.3 (2026-05-25)

Performance Improvements

bun-redis: remove per-command serialization to enable implicit pipelining (#4188) (685b074)

v5.77.2

5.77.2 (2026-05-24)

... (truncated)

Commits

38798cc feat(rust): initial implementation of rust support (#4200)
a45e0d9 chore(release): 5.77.7 (#4203)
fbe04af fix(deps): update dependency msgpackr to v2.0.2 [security] (#4202)
63c4054 chore(deps): update eslint to v8.60.0 [security] (#4192)
d2c9850 chore(release): v5.77.6 (#4199)
1c99570 chore(release): 5.77.5 (#4198)
81709e4 fix(types): change NodeRedisRawClient to be node-redis compliant (#4195)
411690e fix(connection): handle cluster reconnection with timeouts (#4186)
e7d7d87 chore(release): 5.77.4 (#4197)
6e4972e fix(deduplication): preserve custom jobId when requeuing keepLastIfActive pro...
Additional commits viewable in compare view

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

Build: Node.js@12.16 and Node.js.13.12 by @smondal in expressjs/cors#189

Update README.md for origin function callback parameters by @dstudzinski in expressjs/cors#180

Suggest passing false for disallowed domains, not erroring by @shackpank in expressjs/cors#175

Changed the term whitelist to allowlist in Documentation by @jkasun in expressjs/cors#200

Fix typo in README by @alex-grover in expressjs/cors#207

Added new link & website in the README by @manjunath00 in expressjs/cors#269

Fix functions call with extra parameter by @LuisEGR in expressjs/cors#245

🐛 Fix readme status badge by @homersimpsons in expressjs/cors#306

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cors#321

ci: fix errors in ci github action for node 8 by @inigomarquinez in expressjs/cors#322

test: improved test robustness by @Alex-GF in expressjs/cors#320

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/cors#341

ci: add CodeQL (SAST) by @bjohansebas in expressjs/cors#340

docs: remove broken link to demo site by @dpopp07 in expressjs/cors#344

OSSF Scorecard recommendations by @UlisesGascon in expressjs/cors#350

build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @dependabot[bot] in expressjs/cors#351

build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/cors#353

build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @dependabot[bot] in expressjs/cors#354

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @dependabot[bot] in expressjs/cors#355

build(deps-dev): bump express from 4.17.1 to 4.21.2 by @dependabot[bot] in expressjs/cors#356

build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in expressjs/cors#352

build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @dependabot[bot] in expressjs/cors#358

update the docs for per request config by @jonchurch in expressjs/cors#338

(fix): readme updated for #271 origin option for * by @dhananjaysa92 in expressjs/cors#289

ci: upgrade Node versions by @UlisesGascon in expressjs/cors#359

chore: add funding to package.json by @bjohansebas in expressjs/cors#363

build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @dependabot[bot] in expressjs/cors#371

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/cors#370

docs: Cleanup README by @efekrskl in expressjs/cors#374

chore: add node v25 by @imangas in expressjs/cors#375

Extend CI test matrix by @imangas in expressjs/cors#376

docs: simplify code examples with header comments by @jonchurch in expressjs/cors#386

docs: tweak intro, add note w/ browser enforcement, FAQ by @jonchurch in expressjs/cors#385

chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @Phillip9587 in expressjs/cors#388

Release: 2.8.6 by @UlisesGascon in expressjs/cors#390

New Contributors

@smondal made their first contribution in expressjs/cors#189

@dstudzinski made their first contribution in expressjs/cors#180

@shackpank made their first contribution in expressjs/cors#175

@jkasun made their first contribution in expressjs/cors#200

@alex-grover made their first contribution in expressjs/cors#207

@manjunath00 made their first contribution in expressjs/cors#269

@LuisEGR made their first contribution in expressjs/cors#245

@homersimpsons made their first contribution in expressjs/cors#306

@inigomarquinez made their first contribution in expressjs/cors#321

@Alex-GF made their first contribution in expressjs/cors#320

@carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

Improve documentation (API, context, examples...)

Remove additional markdown files from tarball

Commits

f00a8c1 2.8.6 (#390)
848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
bbf62a5 docs: simplify code examples with header comments (#386)
f442e77 Extend CI test matrix (#376)
d5cf6cd ci: add support for node@25 (#375)
7e6f7ee docs: revamp content (#374)
b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
9a9a760 chore: add funding to package.json (#363)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates dotenv from 17.2.3 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

Add a new README section on dotenv’s approach to the agentic future.

Changed

Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

f116f70 17.4.2
3a81612 fix visual order of faq
13f55a8 Merge branch 'skill'
4bbbf73 reorganize faq
c3da64b Merge pull request #1009 from motdotla/skill
6f743b1 update source
fc2c624 update skill
972315b Tighten up skill
2795fce reorganize faq
d5495d4 adjust skill
Additional commits viewable in compare view

Updates express-validator from 7.3.1 to 7.3.2

Release notes

Sourced from express-validator's releases.

v7.3.2

What's Changed

bump lodash to 4.17.23 to fix CVE-2025-13465 by @mahmoodhamdi in express-validator/express-validator#1355

Plus several docs changes.

New Contributors

@mahmoodhamdi made their first contribution in express-validator/express-validator#1357

Full Changelog: express-validator/express-validator@v7.3.1...v7.3.2

Commits

7d06bc3 7.3.2
73fb78b ci: bump node version used across several action jobs
8a6c2d6 deps: upgrade docusaurus and friends
2db1d81 deps: further bump lodash to v4.18.1
0b1dbe3 docs: fix incorrect type references in oneOf and validation-result docs (#1358)
0386b00 docs: fix duplicate variable declaration in matchedData example (#1359)
97fde88 fix(deps): bump lodash to 4.17.23 to fix CVE-2025-13465 (#1355)
6c2df4d docs: fix incorrect checkSchema().run() example (#1357)
See full diff in compare view

Updates fs-extra from 11.3.3 to 11.3.5

Changelog

Sourced from fs-extra's changelog.

11.3.5 / 2026-05-06

Fix ensureLink*/ensureSymlink* identical file detection on Windows (#1068)

Fix error handling in timestamp preservation code (#1065, #1069)

Fix potential file descriptor leak on error in synchronous timestamp preservation code (#1066)

11.3.4 / 2026-03-03

Fix bug where calling ensureSymlink/ensureSymlinkSync with a relative srcPath would fail if the symlink already existed (#1038, #1064)

Commits

8a88f58 11.3.5
81a1311 Mirror all utimesMillis() tests for utimesMillisSync() (#1070)
b7ab7f8 Properly handle close errors in utimesMillis*() (#1069)
1c248ed Fix file descriptor leak in utimesMillisSync (#1066)
a4000d6 Ensure all usages of areIdentical receive bigint stats (#1068)
1e9c57d Fix error handling in utimesMillis (#1065)
353a29b 11.3.4
3e65fbe fix(ensureSymlink): resolve relative srcpath correctly when symlink exists (#...
e2615e5 Fix git URL in package.json (#1062)
See full diff in compare view

Updates helmet from 8.1.0 to 8.2.0

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522

Improve error message when passing duplicate options

Commits

638e43b 8.2.0
fdf25a8 Update changelog for 8.2.0 release
bd293b7 Update devDependencies to latest versions
81ce5cc Test supported Node versions on CI
807a888 Update to new URL
d4e0128 Add direct link to FAQ
437d2eb Bump actions/setup-node from 6.3.0 to 6.4.0 (#537)
a6bd779 Upgrade actions/setup-node to 6.3.0
1e09f5f Fix changelog typo
d526f5c Bump Picomatch dev sub-dependency
Additional commits viewable in compare view

Updates ioredis from 5.10.1 to 5.11.1

Release notes

Sourced from ioredis's releases.

v5.11.1

5.11.1 (2026-06-04)

Bug Fixes

cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)

parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

v5.11.0

5.11.0 (2026-05-26)

Bug Fixes

prevent RangeError from string accumulation in pipeline (#2088) (defc077)

replace deprecated url.parse() with WHATWG URL API (#2081) (0021a45), closes redis/ioredis#1747

Features

add array commands, typings and tests (#2114) (baf68d6)

add increx command (#2115) (37d0695)

add Redis MSETEX support (#2111) (04a4615)

add typed GCRA command support and functional tests (#2094) (468a802)

add vector set command support (#2116) (b7b3def)

Add xnack command (#2103) (187d29b)

Add zinter zunion count (#2104) (0d510bb)

Implement TracingChannel support (#2089) (4760e0a)

Changelog

Sourced from ioredis's changelog.

5.11.1 (2026-06-04)

Bug Fixes

cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)

parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

5.11.0 (2026-05-26)

Bug Fixes

prevent RangeError from string accumulation in pipeline (#2088) (defc077)

replace deprecated url.parse() with WHATWG URL API (#2081) (0021a45), closes redis/ioredis#1747

Features

add array commands, typings and tests (#2114) (baf68d6)

add increx command (#2115) (37d0695)

add Redis MSETEX support (#2111) (04a4615)

add typed GCRA command support and functional tests (#2094) (468a802)

add vector set command support (#2116) (b7b3def)

Add xnack command (#2103) (187d29b)

Add zinter zunion count (#2104) (0d510bb)

Implement TracingChannel support (#2089) (4760e0a)

Commits

fb224a7 chore(release): 5.11.1 [skip ci]
131ee24 fix: parse protocol-relative Redis URLs as TCP connections (#2125)
c84b2ee fix(cluster): reconnect to nodes that restart without slot changes (#2096)
1490432 chore(release): 5.11.0 [skip ci]
5359d4d refactor(utils): inline defaults and isArguments helpers (#2107)
b7b3def feat: add vector set command support (#2116)
faa53fd ci: update Node.js and Redis test matrix (#2119)
37d0695 feat: add increx command (#2115)
612ee9d chore: update Redis 8.8 test image to custom (

…rectory with 13 updates Bumps the production-dependencies group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.16.1` | `1.17.0` | | [bullmq](https://github.com/taskforcesh/bullmq) | `5.77.1` | `5.78.0` | | [cors](https://github.com/expressjs/cors) | `2.8.5` | `2.8.6` | | [dotenv](https://github.com/motdotla/dotenv) | `17.2.3` | `17.4.2` | | [express-validator](https://github.com/express-validator/express-validator) | `7.3.1` | `7.3.2` | | [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.3` | `11.3.5` | | [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` | | [ioredis](https://github.com/luin/ioredis) | `5.10.1` | `5.11.1` | | [joi](https://github.com/hapijs/joi) | `18.0.2` | `18.2.1` | | [mariadb](https://github.com/mariadb-corporation/mariadb-connector-nodejs) | `3.4.5` | `3.5.2` | | [morgan](https://github.com/expressjs/morgan) | `1.10.1` | `1.11.0` | | [mysql2](https://github.com/sidorares/node-mysql2) | `3.16.0` | `3.22.5` | | [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.8` | `8.0.10` | Updates `axios` from 1.16.1 to 1.17.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.16.1...v1.17.0) Updates `bullmq` from 5.77.1 to 5.78.0 - [Release notes](https://github.com/taskforcesh/bullmq/releases) - [Commits](taskforcesh/bullmq@v5.77.1...v5.78.0) Updates `cors` from 2.8.5 to 2.8.6 - [Release notes](https://github.com/expressjs/cors/releases) - [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md) - [Commits](expressjs/cors@v2.8.5...v2.8.6) Updates `dotenv` from 17.2.3 to 17.4.2 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.2.3...v17.4.2) Updates `express-validator` from 7.3.1 to 7.3.2 - [Release notes](https://github.com/express-validator/express-validator/releases) - [Commits](express-validator/express-validator@v7.3.1...v7.3.2) Updates `fs-extra` from 11.3.3 to 11.3.5 - [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-fs-extra@11.3.3...11.3.5) Updates `helmet` from 8.1.0 to 8.2.0 - [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md) - [Commits](helmetjs/helmet@v8.1.0...v8.2.0) Updates `ioredis` from 5.10.1 to 5.11.1 - [Release notes](https://github.com/luin/ioredis/releases) - [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md) - [Commits](redis/ioredis@v5.10.1...v5.11.1) Updates `joi` from 18.0.2 to 18.2.1 - [Commits](hapijs/joi@v18.0.2...v18.2.1) Updates `mariadb` from 3.4.5 to 3.5.2 - [Release notes](https://github.com/mariadb-corporation/mariadb-connector-nodejs/releases) - [Changelog](https://github.com/mariadb-corporation/mariadb-connector-nodejs/blob/main/CHANGELOG.md) - [Commits](mariadb-corporation/mariadb-connector-nodejs@3.4.5...3.5.2) Updates `morgan` from 1.10.1 to 1.11.0 - [Release notes](https://github.com/expressjs/morgan/releases) - [Changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md) - [Commits](expressjs/morgan@1.10.1...1.11.0) Updates `mysql2` from 3.16.0 to 3.22.5 - [Release notes](https://github.com/sidorares/node-mysql2/releases) - [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md) - [Commits](sidorares/node-mysql2@v3.16.0...v3.22.5) Updates `nodemailer` from 8.0.8 to 8.0.10 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v8.0.8...v8.0.10) --- updated-dependencies: - dependency-name: axios dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: bullmq dependency-version: 5.78.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: cors dependency-version: 2.8.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: express-validator dependency-version: 7.3.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: fs-extra dependency-version: 11.3.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: helmet dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: ioredis dependency-version: 5.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: joi dependency-version: 18.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: mariadb dependency-version: 3.5.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: morgan dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: mysql2 dependency-version: 3.22.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: nodemailer dependency-version: 8.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-08T03:06:45Z

Assignees

The following users could not be added as assignees: FutureSolutionDev. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 8, 2026

github-actions Bot added the server Changes in server/src/ label Jun 8, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps)(deps): bump the production-dependencies group across 1 directory with 13 updates#95

chore(deps)(deps): bump the production-dependencies group across 1 directory with 13 updates#95
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/production-dependencies-f884941dd6

dependabot Bot commented on behalf of github Jun 8, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 8, 2026

v1.17.0 — June 1, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.17.0 — June 1, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v5.78.0

5.78.0 (2026-06-02)

Features

v5.77.7

5.77.7 (2026-06-01)

Bug Fixes

v5.77.6

5.77.6 (2026-05-27)

Bug Fixes

v5.77.5

5.77.5 (2026-05-27)

Bug Fixes

v5.77.4

5.77.4 (2026-05-26)

Bug Fixes

v5.77.3

5.77.3 (2026-05-25)

Performance Improvements

v5.77.2

5.77.2 (2026-05-24)

v2.8.6

What's Changed

New Contributors

2.8.6 / 2026-01-22

17.4.2 (2026-04-12)

Changed

17.4.1 (2026-04-05)

Changed

17.4.0 (2026-04-01)

Added

Changed

17.3.1 (2026-02-12)

Changed

17.3.0 (2026-02-12)

Added

Changed

17.2.4 (2026-02-05)

Changed

v7.3.2

What's Changed

New Contributors

11.3.5 / 2026-05-06

11.3.4 / 2026-03-03

8.2.0 - 2026-05-21

v5.11.1

5.11.1 (2026-06-04)

Bug Fixes

v5.11.0

5.11.0 (2026-05-26)

Bug Fixes

Features

5.11.1 (2026-06-04)

Bug Fixes

5.11.0 (2026-05-26)

Bug Fixes

Features

Uh oh!

dependabot Bot commented on behalf of github Jun 8, 2026

Assignees

Labels

Uh oh!

Reviewers

Assignees

Labels

Projects