chore(deps): bump the production-dependencies group across 1 directory with 7 updates #1291

dependabot · 2026-01-26T06:48:25Z

Bumps the production-dependencies group with 6 updates in the /server directory:

Package	From	To
@primer/octicons	`19.15.1`	`19.21.2`
@types/primer__octicons	`19.11.0`	`19.11.1`
body-parser	`2.2.0`	`2.2.2`
concurrently	`9.1.2`	`9.2.1`
cors	`2.8.5`	`2.8.6`
typescript	`5.8.2`	`5.9.3`

Updates @primer/octicons from 19.15.1 to 19.21.2

Release notes

Sourced from @primer/octicons's releases.

v19.21.2

Patch Changes

#1146 41c78057 Thanks @rezrah! - Updated GitHub brand logos (mark-github and logo-github) to 2026 versions.

v19.21.1

Patch Changes

#1137 97cefc9f Thanks @dependabot! - Bump js-yaml from 3.13.1 to 4.1.1

v19.21.0

Minor Changes

#1132 c5411b04 Thanks @mperrotti! - Adds icons used for Copilot Loops

#1134 131fbedc Thanks @mperrotti! - Adds icons used for Copilot Markdown text wrapping options

#1133 94ceabb7 Thanks @mperrotti! - Adds icons used for feedback dialogs

Patch Changes

#1135 be5df35d Thanks @mperrotti! - Updates VS Code icon to closer match the real app icon

v19.20.0

Minor Changes

#1129 68ebe53b Thanks @lukasoppermann! - Added InboxFill icon

v19.19.0

Minor Changes

#1123 1d346555 Thanks @mperrotti! - Adds an icon for AI chat

v19.18.1

Patch Changes

#1120 370c72c8 Thanks @langermank! - Add vscode-32.svg, vscode-48.svg

#1122 dcf14c81 Thanks @langermank! - Add 16 vscode

v19.18.0

Minor Changes

#1117 13014409 Thanks @arisacoba! - Add checkbox-fill-16.svg and checkbox-fill-24.svg

v19.17.0

Minor Changes

... (truncated)

Changelog

Sourced from @primer/octicons's changelog.

19.21.2

Patch Changes

#1146 41c78057 Thanks @rezrah! - Updated GitHub brand logos (mark-github and logo-github) to 2026 versions.

19.21.1

Patch Changes

#1137 97cefc9f Thanks @dependabot! - Bump js-yaml from 3.13.1 to 4.1.1

19.21.0

Minor Changes

#1132 c5411b04 Thanks @mperrotti! - Adds icons used for Copilot Loops

#1134 131fbedc Thanks @mperrotti! - Adds icons used for Copilot Markdown text wrapping options

#1133 94ceabb7 Thanks @mperrotti! - Adds icons used for feedback dialogs

Patch Changes

#1135 be5df35d Thanks @mperrotti! - Updates VS Code icon to closer match the real app icon

19.20.0

Minor Changes

#1129 68ebe53b Thanks @lukasoppermann! - Added InboxFill icon

19.19.0

Minor Changes

#1123 1d346555 Thanks @mperrotti! - Adds an icon for AI chat

19.18.1

Patch Changes

#1120 370c72c8 Thanks @langermank! - Add vscode-32.svg, vscode-48.svg

#1122 dcf14c81 Thanks @langermank! - Add 16 vscode

19.18.0

Minor Changes

... (truncated)

Commits

63d6a23 Version Packages (#1147)
41c7805 Updated GitHub logos (#1146)
6c65ce6 Bump next from 14.2.32 to 14.2.35 in /lib/octicons_react (#1142)
77ef6b2 Version Packages (#1141)
97cefc9 Bump js-yaml from 3.13.1 to 4.1.1 (#1137)
4e7f725 Bump next from 14.2.30 to 14.2.32 in /lib/octicons_react (#1139)
c3afedb Bump js-yaml from 3.14.1 to 3.14.2 in /lib/octicons_node (#1140)
4424b17 Add workflow to check for changesets in PRs (#1138)
d2627d3 Version Packages (#1136)
be5df35 Update VS Code icon (#1135)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @primer/octicons since your current version.

Updates @types/primer__octicons from 19.11.0 to 19.11.1

Commits

See full diff in compare view

Updates @types/primer__octicons from 19.11.0 to 19.11.1

Commits

See full diff in compare view

Updates body-parser from 2.2.0 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

docs: update README links by @efekrskl in expressjs/body-parser#673

docs: release notes for the v1.20.4 release by @Phillip9587 in expressjs/body-parser#674

docs: update URL-encoded parser description to include ISO-8859-1 encoding support by @Phillip9587 in expressjs/body-parser#679

docs: use standard jsdoc tags everywhere by @Phillip9587 in expressjs/body-parser#677

deps: qs@^6.14.1 by @UlisesGascon in expressjs/body-parser#689

refactor(json): simplify strict mode error string construction by @jonchurch in expressjs/body-parser#693

Release: 2.2.2 by @UlisesGascon in expressjs/body-parser#691

New Contributors

@efekrskl made their first contribution in expressjs/body-parser#673

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

ci: add dependabot by @Phillip9587 in expressjs/body-parser#593

ci: use full SHAs for github action versions by @Phillip9587 in expressjs/body-parser#594

deps: type-is@^2.0.1 by @Phillip9587 in expressjs/body-parser#599

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/body-parser#609

build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in expressjs/body-parser#610

build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in expressjs/body-parser#611

build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in expressjs/body-parser#613

build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in expressjs/body-parser#612

ci: add codeql github workflows scanning by @Phillip9587 in expressjs/body-parser#614

ci: update CodeQL config to ignore the test directory by @Phillip9587 in expressjs/body-parser#615

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/body-parser#620

build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in expressjs/body-parser#619

chore(deps): unpin devDependencies by @Phillip9587 in expressjs/body-parser#616

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/body-parser#621

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/body-parser#623

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/body-parser#624

chore: add funding to package.json by @Phillip9587 in expressjs/body-parser#617

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/body-parser#625

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/body-parser#630

refactor: move common request validation to read function by @Phillip9587 in expressjs/body-parser#600

deps: bump iconv-lite by @bjohansebas in expressjs/body-parser#631

doc: pull beta changelog forward into 2.0.0 by @jonchurch in expressjs/body-parser#629

refactor: optimize raw and text parsers with shared passthrough function by @Phillip9587 in expressjs/body-parser#634

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#640

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in expressjs/body-parser#639

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#636

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#637

build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in expressjs/body-parser#638

deps: raw-body@^3.0.1 by @Phillip9587 in expressjs/body-parser#641

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.2 / 2026-01-07

deps: qs@^6.14.1

refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

Security fix for GHSA-wqch-xfxh-vrr4

deps:

type-is@^2.0.1

iconv-lite@^0.7.0

Handle split surrogate pairs when encoding UTF-8

Avoid false positives in encodingExists by using prototype-less objects

raw-body@^3.0.1

debug@^4.4.3

Commits

3d24866 2.2.2 (#691)
8474a98 refactor(json): simplify strict mode error string construction (#693)
03f17c2 deps: qs@^6.14.1 (#689)
ea1f25e docs: use standard jsdoc tags everywhere (#677)
d7deef8 docs: update URL-encoded parser description to include ISO-8859-1 encoding su...
b6f52aa docs: release notes for the v1.20.4 release (#674)
2965ca4 docs: update links (#673)
d96b63d 2.2.1 (#659)
b204886 sec: security patch for CVE-2025-13466
e20e351 feat: remove history.md from being packaged on publish (#660)
Additional commits viewable in compare view

Updates concurrently from 9.1.2 to 9.2.1

Release notes

Sourced from concurrently's releases.

v9.2.1

What's Changed

chore: update eslint-plugin-simple-import-sort from v10 to v12 by @noritaka1166 in open-cli-tools/concurrently#551

chore: update eslint-config-prettier from v9 to v10 by @noritaka1166 in open-cli-tools/concurrently#552

Remove lodash by @gustavohenke in open-cli-tools/concurrently#555

chore: update coveralls-next from v4 to v5 by @noritaka1166 in open-cli-tools/concurrently#557

Replace jest with vitest by @gustavohenke in open-cli-tools/concurrently#554

Upgrade to pnpm v10 by @paescuj in open-cli-tools/concurrently#558

chore: remove unused eslint-plugin-jest by @noritaka1166 in open-cli-tools/concurrently#559

Minor dependency updates by @paescuj in open-cli-tools/concurrently#560

Migrate to ESLint v9 by @paescuj in open-cli-tools/concurrently#561

Update shell-quote to 1.8.3 by @paescuj in open-cli-tools/concurrently#562

Full coverage by @paescuj in open-cli-tools/concurrently#563

Update GH actions/workflows, enable NPM provenance by @paescuj in open-cli-tools/concurrently#564

Full Changelog: open-cli-tools/concurrently@v9.2.0...v9.2.1

v9.2.0

What's Changed

Bump esbuild from 0.23.1 to 0.25.0 in the npm_and_yarn group by @dependabot in open-cli-tools/concurrently#528

fix: don't throw when there are no commands by @gustavohenke in open-cli-tools/concurrently#532

docs: nicer quotes by @IsaacLeeWebDev in open-cli-tools/concurrently#537

Add --kill-timeout by @gustavohenke in open-cli-tools/concurrently#540

docs: fix typo by @ldeveber in open-cli-tools/concurrently#542

fix: correct typos in comments and documentation by @noritaka1166 in open-cli-tools/concurrently#544

refactor: use startsWith & simplify boolean expression by @noritaka1166 in open-cli-tools/concurrently#543

refactor: use optional chaining by @noritaka1166 in open-cli-tools/concurrently#545

Handle SIGPIPEs by @gustavohenke in open-cli-tools/concurrently#547

refactor: fix map and reduce as return values are not used by @noritaka1166 in open-cli-tools/concurrently#546

docs: fix typos in docs by @noritaka1166 in open-cli-tools/concurrently#548

chore: update jest from v29 to v30 by @noritaka1166 in open-cli-tools/concurrently#549

chore: update @types/jest from v29 to v30 by @noritaka1166 in open-cli-tools/concurrently#550

New Contributors

@IsaacLeeWebDev made their first contribution in open-cli-tools/concurrently#537

@ldeveber made their first contribution in open-cli-tools/concurrently#542

@noritaka1166 made their first contribution in open-cli-tools/concurrently#544

Full Changelog: open-cli-tools/concurrently@v9.1.2...v9.2.0

Commits

414cd01 9.2.1
0dfedb0 Update GH actions/workflows, enable npm provenance (#564)
ee81511 Remove obsolete tsdk config
09d3d7b Full coverage (#563)
8cfc6a6 Update shell-quote to 1.8.3 (#562)
4c403f8 Migrate to ESLint v9 (#561)
8bfcaf7 Minor dependency updates (#560)
389fec4 Enable watch mode & coverage for unit tests by default
7993ce6 chore: remove unused eslint-plugin-jest (#559)
58300f4 Remove obsolete .npmrc file
Additional commits viewable in compare view

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

Build: [email protected] and Node.js.13.12 by @smondal in expressjs/cors#189

Update README.md for origin function callback parameters by @dstudzinski in expressjs/cors#180

Suggest passing false for disallowed domains, not erroring by @shackpank in expressjs/cors#175

Changed the term whitelist to allowlist in Documentation by @jkasun in expressjs/cors#200

Fix typo in README by @alex-grover in expressjs/cors#207

Added new link & website in the README by @manjunath00 in expressjs/cors#269

Fix functions call with extra parameter by @LuisEGR in expressjs/cors#245

🐛 Fix readme status badge by @homersimpsons in expressjs/cors#306

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cors#321

ci: fix errors in ci github action for node 8 by @inigomarquinez in expressjs/cors#322

test: improved test robustness by @Alex-GF in expressjs/cors#320

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/cors#341

ci: add CodeQL (SAST) by @bjohansebas in expressjs/cors#340

docs: remove broken link to demo site by @dpopp07 in expressjs/cors#344

OSSF Scorecard recommendations by @UlisesGascon in expressjs/cors#350

build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @dependabot[bot] in expressjs/cors#351

build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/cors#353

build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @dependabot[bot] in expressjs/cors#354

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @dependabot[bot] in expressjs/cors#355

build(deps-dev): bump express from 4.17.1 to 4.21.2 by @dependabot[bot] in expressjs/cors#356

build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in expressjs/cors#352

build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @dependabot[bot] in expressjs/cors#358

update the docs for per request config by @jonchurch in expressjs/cors#338

(fix): readme updated for #271 origin option for * by @dhananjaysa92 in expressjs/cors#289

ci: upgrade Node versions by @UlisesGascon in expressjs/cors#359

chore: add funding to package.json by @bjohansebas in expressjs/cors#363

build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @dependabot[bot] in expressjs/cors#371

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/cors#370

docs: Cleanup README by @efekrskl in expressjs/cors#374

chore: add node v25 by @imangas in expressjs/cors#375

Extend CI test matrix by @imangas in expressjs/cors#376

docs: simplify code examples with header comments by @jonchurch in expressjs/cors#386

docs: tweak intro, add note w/ browser enforcement, FAQ by @jonchurch in expressjs/cors#385

chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @Phillip9587 in expressjs/cors#388

Release: 2.8.6 by @UlisesGascon in expressjs/cors#390

New Contributors

@smondal made their first contribution in expressjs/cors#189

@dstudzinski made their first contribution in expressjs/cors#180

@shackpank made their first contribution in expressjs/cors#175

@jkasun made their first contribution in expressjs/cors#200

@alex-grover made their first contribution in expressjs/cors#207

@manjunath00 made their first contribution in expressjs/cors#269

@LuisEGR made their first contribution in expressjs/cors#245

@homersimpsons made their first contribution in expressjs/cors#306

@inigomarquinez made their first contribution in expressjs/cors#321

@Alex-GF made their first contribution in expressjs/cors#320

@carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

Improve documentation (API, context, examples...)

Remove additional markdown files from tarball

Commits

f00a8c1 2.8.6 (#390)
848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
bbf62a5 docs: simplify code examples with header comments (#386)
f442e77 Extend CI test matrix (#376)
d5cf6cd ci: add support for node@25 (#375)
7e6f7ee docs: revamp content (#374)
b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
9a9a760 chore: add funding to package.json (#363)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates qs from 6.14.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

[Fix] ensure arrayLength applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Updates typescript from 5.8.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

fixed issues query for Typescript 5.9.0 (Beta).

fixed issues query for Typescript 5.9.1 (RC).

No specific changes for TypeScript 5.9.2 (Stable)

fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

npm

TypeScript 5.9

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

fixed issues query for Typescript 5.9.0 (Beta).

fixed issues query for Typescript 5.9.1 (RC).

No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

npm

TypeScript 5.9 RC

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

fixed issues query for Typescript 5.9.0 (Beta).

fixed issues query for Typescript 5.9.1 (RC).

Downloads are available on:

npm

TypeScript 5.9 Beta

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement.

fixed issues query for Typescript 5.9.0 (Beta).

Downloads are available on:

npm

TypeScript 5.8.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

... (truncated)

Commits

c63de15 Bump version to 5.9.3 and LKG
8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
5be3346 Bump version to 5.9.2 and LKG
ad825f2 Bump version to 5.9.1-rc and LKG
463a5bf Update LKG
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…y with 7 updates Bumps the production-dependencies group with 6 updates in the /server directory: | Package | From | To | | --- | --- | --- | | [@primer/octicons](https://github.com/primer/octicons) | `19.15.1` | `19.21.2` | | [@types/primer__octicons](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/primer__octicons) | `19.11.0` | `19.11.1` | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.2` | | [concurrently](https://github.com/open-cli-tools/concurrently) | `9.1.2` | `9.2.1` | | [cors](https://github.com/expressjs/cors) | `2.8.5` | `2.8.6` | | [typescript](https://github.com/microsoft/TypeScript) | `5.8.2` | `5.9.3` | Updates `@primer/octicons` from 19.15.1 to 19.21.2 - [Release notes](https://github.com/primer/octicons/releases) - [Changelog](https://github.com/primer/octicons/blob/main/CHANGELOG.md) - [Commits](primer/octicons@v19.15.1...v19.21.2) Updates `@types/primer__octicons` from 19.11.0 to 19.11.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/primer__octicons) Updates `@types/primer__octicons` from 19.11.0 to 19.11.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/primer__octicons) Updates `body-parser` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.2) Updates `concurrently` from 9.1.2 to 9.2.1 - [Release notes](https://github.com/open-cli-tools/concurrently/releases) - [Commits](open-cli-tools/concurrently@v9.1.2...v9.2.1) Updates `cors` from 2.8.5 to 2.8.6 - [Release notes](https://github.com/expressjs/cors/releases) - [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md) - [Commits](expressjs/cors@v2.8.5...v2.8.6) Updates `qs` from 6.14.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.1) Updates `typescript` from 5.8.2 to 5.9.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.8.2...v5.9.3) --- updated-dependencies: - dependency-name: "@primer/octicons" dependency-version: 19.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@types/primer__octicons" dependency-version: 19.11.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@types/primer__octicons" dependency-version: 19.11.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: body-parser dependency-version: 2.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: concurrently dependency-version: 9.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: cors dependency-version: 2.8.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: qs dependency-version: 6.14.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: typescript dependency-version: 5.9.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 26, 2026

DenverCoder1 temporarily deployed to custom-icon-dependabot--6y0mhu January 26, 2026 06:48 Inactive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the production-dependencies group across 1 directory with 7 updates #1291

chore(deps): bump the production-dependencies group across 1 directory with 7 updates #1291

Uh oh!

dependabot bot commented on behalf of github Jan 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

chore(deps): bump the production-dependencies group across 1 directory with 7 updates #1291

Are you sure you want to change the base?

chore(deps): bump the production-dependencies group across 1 directory with 7 updates #1291

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 26, 2026

v19.21.2

Patch Changes

v19.21.1

Patch Changes

v19.21.0

Minor Changes

Patch Changes

v19.20.0

Minor Changes

v19.19.0

Minor Changes

v19.18.1

Patch Changes

v19.18.0

Minor Changes

v19.17.0

Minor Changes

19.21.2

Patch Changes

19.21.1

Patch Changes

19.21.0

Minor Changes

Patch Changes

19.20.0

Minor Changes

19.19.0

Minor Changes

19.18.1

Patch Changes

19.18.0

Minor Changes

v2.2.2

What's Changed

New Contributors

v2.2.1

Important: Security

What's Changed

2.2.2 / 2026-01-07

2.2.1 / 2025-11-24

v9.2.1

What's Changed

v9.2.0

What's Changed

New Contributors

v2.8.6

What's Changed

New Contributors

2.8.6 / 2026-01-22

6.14.1

TypeScript 5.9.3

TypeScript 5.9

TypeScript 5.9 RC

TypeScript 5.9 Beta

TypeScript 5.8.3

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant