build(deps): bump the infra-deps group across 1 directory with 9 updates

[dependabot]

Bumps the infra-deps group with 9 updates in the /infra/message-box-server directory:

Package	From	To
mysql2	3.22.4	3.22.5
@types/node	25.9.1	25.9.2
@types/superagent	8.1.9	8.1.10
@typescript-eslint/eslint-plugin	8.60.0	8.60.1
@typescript-eslint/parser	8.60.0	8.60.1
axios	1.16.1	1.17.0
eslint	10.4.0	10.4.1
tsx	4.22.3	4.22.4
typescript-eslint	8.60.0	8.60.1

Updates mysql2 from 3.22.4 to 3.22.5

Release notes

Sourced from mysql2's releases.

v3.22.5

3.22.5 (2026-06-06)

Bug Fixes

• keep 00:00:00 time for TIMESTAMP in binary protocol with dateStrings (#4327) (2af33a1)

Changelog

Sourced from mysql2's changelog.

3.22.5 (2026-06-06)

Bug Fixes

• keep 00:00:00 time for TIMESTAMP in binary protocol with dateStrings (#4327) (2af33a1)

Commits

• 14a479b chore(master): release 3.22.5 (#4328)
• 2af33a1 fix: keep 00:00:00 time for TIMESTAMP in binary protocol with dateStrings (#4...
• f3ce399 docs: add Cursor Cloud development environment instructions
• b895afe build(deps-dev): bump rollup in the dev-dependencies group (#4326)
• b8131c5 build(deps-dev): bump the dev-dependencies group with 5 updates (#4322)
• 63a8803 build(deps): bump the react group across 1 directory with 2 updates (#4323)
• 188a342 build(deps-dev): bump tsx (#4324)
• 8fc97ba build(deps): bump @​easyops-cn/docusaurus-search-local in /website (#4325)
• dd1fc93 build(deps-dev): bump eslint-plugin-prettier (#4318)
• 3fbadbd build(deps): bump postcss from 8.5.6 to 8.5.15 in /website (#4320)
• Additional commits viewable in compare view

Updates @types/node from 25.9.1 to 25.9.2

Commits

• See full diff in compare view

Updates @types/superagent from 8.1.9 to 8.1.10

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.60.0 to 8.60.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)
• eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)

❤️ Thank You

• lumir
• Nevette Bailey @​nevette-bailey

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)
• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)

❤️ Thank You

• lumir
• Nevette Bailey @​nevette-bailey

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 4f84a69 chore(release): publish 8.60.1
• 598af56 docs(eslint-plugin): clarify no-redeclare type-value collision not covered by...
• 1849b53 chore: typecheck using tsgo (#12139)
• 5341d59 chore: fix lint issues (#12369)
• f525814 fix(eslint-plugin): [no-shadow] correct rule to match ESLint v10 handling (#1...
• 2df540c chore(eslint-plugin): defer type checks to improve rules performance (#12296)
• 1ab4284 fix(eslint-plugin): respect ECMAScript line terminators in ts-comment rules (...
• 2f49df5 docs: update references to @stylistic/eslint-plugin rules in documentation ...
• See full diff in compare view

Updates @typescript-eslint/parser from 8.60.0 to 8.60.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)
• eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)

❤️ Thank You

• lumir
• Nevette Bailey @​nevette-bailey

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.60.1 (2026-06-01)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 4f84a69 chore(release): publish 8.60.1
• 1849b53 chore: typecheck using tsgo (#12139)
• See full diff in compare view

Updates axios from 1.16.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
• Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
• Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
• Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
• Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
• Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

• HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
• Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
• CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
• Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
• Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
• Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​BasixKOR (#6792)
• @​carladams1299-lab (#10861)
• @​LaplaceYoung (#10812)
• @​JamieMagee (#10939)
• @​RonGamzu (#10905)
• @​sapirbaruch (#10891)
• @​nezukoagent (#10901)
• @​devareddy05 (#10929)
• @​Mohammad-Faiz-Cloud-Engineer (#10922)
• @​azandabot (#10931)
• @​niksy (#10896)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
• Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
• Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
• Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
• Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
• Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

• HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
• Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
• CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
• Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
• Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
• Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​BasixKOR (#6792)
• @​carladams1299-lab (#10861)
• @​LaplaceYoung (#10812)
• @​JamieMagee (#10939)
• @​RonGamzu (#10905)
• @​sapirbaruch (#10891)
• @​nezukoagent (#10901)
• @​devareddy05 (#10929)
• @​Mohammad-Faiz-Cloud-Engineer (#10922)
• @​azandabot (#10931)
• @​niksy (#10896)

Full Changelog

Commits

• 4306df2 chore: add fun 88 sponsorship
• 931cc8f chore(release): prepare release 1.17.0 (#10983)
• 38ba1b3 fix(fetch): support basic auth from URL (#10896)
• 32e2515 fix: replace ternary side effect in script (#10931)
• 030e722 chore(deps): bump axios from 1.15.2 to 1.16.1 in /docs (#10960)
• ec63164 chore: remove openspec (#10958)
• 3dec28f fix(http): preserve TLS options for proxy tunnels (#10957)
• a2390a5 fix: correct isCancel type to narrow to CanceledError<T> (#10952)
• fa01b92 chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /docs (#10954)
• 2d2314a fix: AxiosHeaders toJSON() return types (#10956)
• Additional commits viewable in compare view

Updates eslint from 10.4.0 to 10.4.1

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
• d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
• c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
• 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

• 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
• 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
• 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
• 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
• c91b041 docs: Update README (GitHub Actions Bot)
• e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

• b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
• f78838b test: add CodePath type coverage (#20904) (Pixel998)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
• 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
• 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)
• 6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)
• b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])
• a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)
• b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)
• 507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)
• 92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)
• df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)
• 327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)
• f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)
• 0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)

Commits

• 4a3d15a 10.4.1
• 43e7e2b Build: changelog update for 10.4.1
• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930)
• b0e466b test: add data property to invalid tests cases for rules (#20924)
• d4ce898 fix: propagate failures from delegated commands (#20917)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916)
• f78838b test: add CodePath type coverage (#20904)
• 61b0add docs: remove deprecated rule from related rules of max-params (#20921)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20...
• 002942c ci: declare contents:read on update-readme workflow (#20919)
• Additional commits viewable in compare view

Updates tsx from 4.22.3 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

• resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
• See full diff in compare view

Updates typescript-eslint from 8.60.0 to 8.60.1

Release notes

Sourced from typescript-eslint's releases.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)
• eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)

❤️ Thank You

• lumir
• Nevette Bailey @​nevette-bailey

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.60.1 (2026-06-01)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 4f84a69 chore(release): publish 8.60.1
• 1849b53 chore: typecheck using tsgo (#12139)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Superseded by #184.