Bump the deps group across 1 directory with 12 updates #2984

dependabot · 2026-01-01T07:03:53Z

Bumps the deps group with 11 updates in the /express directory:

Package	From	To
@bufbuild/protobuf	`2.6.3`	`2.10.2`
@connectrpc/connect	`2.0.3`	`2.1.1`
@connectrpc/connect-express	`2.0.3`	`2.1.1`
@connectrpc/connect-web	`2.0.3`	`2.1.1`
express	`5.1.0`	`5.2.1`
@types/express	`5.0.3`	`5.0.6`
tsx	`4.20.3`	`4.21.0`
@bufbuild/buf	`1.56.0`	`1.62.1`
@bufbuild/protoc-gen-es	`2.6.3`	`2.10.2`
@types/node	`24.2.0`	`25.0.3`
typescript	`5.9.2`	`5.9.3`

Updates @bufbuild/protobuf from 2.6.3 to 2.10.2

Release notes

Sourced from @bufbuild/protobuf's releases.

v2.10.2

What's Changed

Update to protocolbuffers/protobuf v33.2 by @timostamm in bufbuild/protobuf-es#1308

Permit google.protobuf.Value.null_value in map values in ProtoJSON by @timostamm in bufbuild/protobuf-es#1314

Full Changelog: bufbuild/protobuf-es@v2.10.1...v2.10.2

v2.10.1

What's Changed

Update @typescript/vfs to version 1.6.2 by @Yovach in bufbuild/protobuf-es#1274

New Contributors

@Yovach made their first contribution in bufbuild/protobuf-es#1274

Full Changelog: bufbuild/protobuf-es@v2.10.0...v2.10.1

v2.10.0

What's Changed

Cache list of sorted fields in WeakMap by @cptpcrd in bufbuild/protobuf-es#1240

Add functions durationFromMS and durationMs by @noahbald in bufbuild/protobuf-es#1244

Add section for google.protobuf.Duration in MANUAL.md by @timostamm in bufbuild/protobuf-es#1245

Add additional checks to toJson for Timestamp and Duration by @timostamm in bufbuild/protobuf-es#1263

Fix nanos sign in durationFromMs() by @timostamm in bufbuild/protobuf-es#1262

Update to protocolbuffers/protobuf v33 by @timostamm in bufbuild/protobuf-es#1270

Add Deno example by @timostamm in bufbuild/protobuf-es#1234

Mention Deno in package README.md by @timostamm in bufbuild/protobuf-es#1258

New Contributors

@cptpcrd made their first contribution in bufbuild/protobuf-es#1240

@noahbald made their first contribution in bufbuild/protobuf-es#1244

Full Changelog: bufbuild/protobuf-es@v2.9.0...v2.10.0

v2.9.0

What's Changed

Support Deno by @timostamm in bufbuild/protobuf-es#1233

Full Changelog: bufbuild/protobuf-es@v2.8.0...v2.9.0

v2.8.0

What's Changed

Add support for Edition 2024 by @timostamm in bufbuild/protobuf-es#1228

Fix Valid types for interstitial references by @timostamm in bufbuild/protobuf-es#1230

Full Changelog: bufbuild/protobuf-es@v2.7.0...v2.8.0

v2.7.0

What's Changed

... (truncated)

Commits

05dab19 Release v2.10.2 (#1317)
cedc585 Permit google.protobuf.Value.null_value in map values in ProtoJSON (#1314)
16ac756 Update to protocolbuffers/protobuf v33.2 (#1308)
a2619ec Update to protocolbuffers/protobuf v33.1 (#1293)
3eb403e Release 2.10.1 (#1289)
22a2c29 Release 2.10.0 (#1271)
66edc01 Update to protocolbuffers/protobuf v33 (#1270)
cb788dd Fix nanos sign in durationFromMs() (#1262)
bbd084d Add additional checks to toJson for Timestamp and Duration (#1263)
ff279f9 Bump protoc from 32.0.0 to 32.1.0 (#1252)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by hudlowbuf, a new releaser for @bufbuild/protobuf since your current version.

Updates @connectrpc/connect from 2.0.3 to 2.1.1

Release notes

Sourced from @connectrpc/connect's releases.

v2.1.1

What's Changed

Do not hold on to HTTP/2 connections after receiving GOAWAY without open streams by @timostamm in connectrpc/connect-es#1566

Add Protovalidate (@connectrpc/validate) to README by @jrinehart-buf in connectrpc/connect-es#1595

Fix memory leak in Http2SessionManager's verify step by @ttyniwa in connectrpc/connect-es#1616

New Contributors

@jrinehart-buf made their first contribution in connectrpc/connect-es#1595

@ttyniwa made their first contribution in connectrpc/connect-es#1616

Full Changelog: connectrpc/connect-es@v2.1.0...v2.1.1

v2.1.0

What's Changed

[!IMPORTANT]

TypeScript 5.9 includes breaking changes to lib.d.ts, forcing us to change return types for some functions from Uint8Array to Uint8Array<ArrayBuffer>. This is unlikely to affect you, but if it does, see #1560 for details.

Update to TypeScript 5.9 and change return types from Uint8Array to Uint8Array<ArrayBuffer> by @timostamm in connectrpc/connect-es#1560

Drop support for Node.js 18 by @timostamm in connectrpc/connect-es#1559

Full Changelog: connectrpc/connect-es@v2.0.4...v2.1.0

v2.0.4

What's Changed

Fix memory leak in Node.js universal HTTP client by @timostamm in connectrpc/connect-es#1547

Full Changelog: connectrpc/connect-es@v2.0.3...v2.0.4

Commits

bf6b191 Release 2.1.1 (#1618)
6585c9e Bump the bench group across 1 directory with 4 updates (#1584)
f27d8bf Bump jasmine and @types/jasmine (#1611)
54f492b Bump @bufbuild/buf from 1.57.2 to 1.59.0 (#1613)
5a9d53c Minor improvement for docs (#1602)
9168232 Add Protovalidate (@connectrpc/validate) to README (#1595)
332f9b5 Bump jasmine from 5.10.0 to 5.11.0 (#1590)
1e0eb15 Bump @bufbuild/buf from 1.57.0 to 1.57.2 (#1586)
78b40ab Bump jasmine and @types/jasmine (#1572)
cedb07d Bump @bufbuild/buf from 1.56.0 to 1.57.0 (#1576)
Additional commits viewable in compare view

Updates @connectrpc/connect-express from 2.0.3 to 2.1.1

Release notes

Sourced from @connectrpc/connect-express's releases.

v2.1.1

What's Changed

Do not hold on to HTTP/2 connections after receiving GOAWAY without open streams by @timostamm in connectrpc/connect-es#1566

Add Protovalidate (@connectrpc/validate) to README by @jrinehart-buf in connectrpc/connect-es#1595

Fix memory leak in Http2SessionManager's verify step by @ttyniwa in connectrpc/connect-es#1616

New Contributors

@jrinehart-buf made their first contribution in connectrpc/connect-es#1595

@ttyniwa made their first contribution in connectrpc/connect-es#1616

Full Changelog: connectrpc/connect-es@v2.1.0...v2.1.1

v2.1.0

What's Changed

[!IMPORTANT]

TypeScript 5.9 includes breaking changes to lib.d.ts, forcing us to change return types for some functions from Uint8Array to Uint8Array<ArrayBuffer>. This is unlikely to affect you, but if it does, see #1560 for details.

Update to TypeScript 5.9 and change return types from Uint8Array to Uint8Array<ArrayBuffer> by @timostamm in connectrpc/connect-es#1560

Drop support for Node.js 18 by @timostamm in connectrpc/connect-es#1559

Full Changelog: connectrpc/connect-es@v2.0.4...v2.1.0

v2.0.4

What's Changed

Fix memory leak in Node.js universal HTTP client by @timostamm in connectrpc/connect-es#1547

Full Changelog: connectrpc/connect-es@v2.0.3...v2.0.4

Commits

bf6b191 Release 2.1.1 (#1618)
ad1d3d2 Bump the build group with 2 updates (#1571)
32b9d12 Bump @types/express from 5.0.3 to 5.0.5 (#1608)
4ec4be8 Add Protovalidate recommendation to package READMEs (#1615)
8566675 Release 2.1.0 (#1564)
904b68d Bump the build group across 1 directory with 2 updates (#1555)
4eed0ce Update to TypeScript 5.9 and change return types from Uint8Array to `Uint8A...
f6505b7 Drop support for Node.js 18 (#1559)
17ee287 Release 2.0.4 (#1558)
See full diff in compare view

Updates @connectrpc/connect-node from 2.0.3 to 2.1.1

Release notes

Sourced from @connectrpc/connect-node's releases.

v2.1.1

What's Changed

Do not hold on to HTTP/2 connections after receiving GOAWAY without open streams by @timostamm in connectrpc/connect-es#1566

Add Protovalidate (@connectrpc/validate) to README by @jrinehart-buf in connectrpc/connect-es#1595

Fix memory leak in Http2SessionManager's verify step by @ttyniwa in connectrpc/connect-es#1616

New Contributors

@jrinehart-buf made their first contribution in connectrpc/connect-es#1595

@ttyniwa made their first contribution in connectrpc/connect-es#1616

Full Changelog: connectrpc/connect-es@v2.1.0...v2.1.1

v2.1.0

What's Changed

[!IMPORTANT]

TypeScript 5.9 includes breaking changes to lib.d.ts, forcing us to change return types for some functions from Uint8Array to Uint8Array<ArrayBuffer>. This is unlikely to affect you, but if it does, see #1560 for details.

Update to TypeScript 5.9 and change return types from Uint8Array to Uint8Array<ArrayBuffer> by @timostamm in connectrpc/connect-es#1560

Drop support for Node.js 18 by @timostamm in connectrpc/connect-es#1559

Full Changelog: connectrpc/connect-es@v2.0.4...v2.1.0

v2.0.4

What's Changed

Fix memory leak in Node.js universal HTTP client by @timostamm in connectrpc/connect-es#1547

Full Changelog: connectrpc/connect-es@v2.0.3...v2.0.4

Commits

bf6b191 Release 2.1.1 (#1618)
280adb2 Fix memory leak in Http2SessionManager's verify step (#1616)
ff99bbe Bump @types/node from 22.9.3 to 24.9.2 (#1606)
f27d8bf Bump jasmine and @types/jasmine (#1611)
4ec4be8 Add Protovalidate recommendation to package READMEs (#1615)
332f9b5 Bump jasmine from 5.10.0 to 5.11.0 (#1590)
78b40ab Bump jasmine and @types/jasmine (#1572)
e1c4728 Do not hold on to HTTP/2 connections after receiving GOAWAY without open stre...
8566675 Release 2.1.0 (#1564)
4eed0ce Update to TypeScript 5.9 and change return types from Uint8Array to `Uint8A...
Additional commits viewable in compare view

Updates @connectrpc/connect-web from 2.0.3 to 2.1.1

Release notes

Sourced from @connectrpc/connect-web's releases.

v2.1.1

What's Changed

Do not hold on to HTTP/2 connections after receiving GOAWAY without open streams by @timostamm in connectrpc/connect-es#1566

Add Protovalidate (@connectrpc/validate) to README by @jrinehart-buf in connectrpc/connect-es#1595

Fix memory leak in Http2SessionManager's verify step by @ttyniwa in connectrpc/connect-es#1616

New Contributors

@jrinehart-buf made their first contribution in connectrpc/connect-es#1595

@ttyniwa made their first contribution in connectrpc/connect-es#1616

Full Changelog: connectrpc/connect-es@v2.1.0...v2.1.1

v2.1.0

What's Changed

[!IMPORTANT]

TypeScript 5.9 includes breaking changes to lib.d.ts, forcing us to change return types for some functions from Uint8Array to Uint8Array<ArrayBuffer>. This is unlikely to affect you, but if it does, see #1560 for details.

Update to TypeScript 5.9 and change return types from Uint8Array to Uint8Array<ArrayBuffer> by @timostamm in connectrpc/connect-es#1560

Drop support for Node.js 18 by @timostamm in connectrpc/connect-es#1559

Full Changelog: connectrpc/connect-es@v2.0.4...v2.1.0

v2.0.4

What's Changed

Fix memory leak in Node.js universal HTTP client by @timostamm in connectrpc/connect-es#1547

Full Changelog: connectrpc/connect-es@v2.0.3...v2.0.4

Commits

bf6b191 Release 2.1.1 (#1618)
6585c9e Bump the bench group across 1 directory with 4 updates (#1584)
f27d8bf Bump jasmine and @types/jasmine (#1611)
54f492b Bump @bufbuild/buf from 1.57.2 to 1.59.0 (#1613)
332f9b5 Bump jasmine from 5.10.0 to 5.11.0 (#1590)
1e0eb15 Bump @bufbuild/buf from 1.57.0 to 1.57.2 (#1586)
78b40ab Bump jasmine and @types/jasmine (#1572)
cedb07d Bump @bufbuild/buf from 1.56.0 to 1.57.0 (#1576)
26ce544 Bump the webdriver group with 5 updates (#1570)
8566675 Release 2.1.0 (#1564)
Additional commits viewable in compare view

Updates express from 5.1.0 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 5.2.1 by @UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in expressjs/express#6429

Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in expressjs/express#6137

increased code coverage of utils.js file by @ashish3011 in expressjs/express#6386

chore: remove duplicate word by @dufucun in expressjs/express#6456

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in expressjs/express#6498

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/express#6497

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/express#6496

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6504

ci: update codeql config by @Phillip9587 in expressjs/express#6488

chore: wider range for query test skip by @jonchurch in expressjs/express#6512

chore: fix typos in test by @noritaka1166 in expressjs/express#6535

ci: disable credential persistence for checkout actions by @mertssmnoglu in expressjs/express#6522

ci: allow manual triggering of workflow by @shivarm in expressjs/express#6515

test: add coverage for app.listen() variants by @kgarg1 in expressjs/express#6476

docs: move documentation and charters to the discussions and .github … by @bjohansebas in expressjs/express#6427

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/express#6549

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/express#6548

chore: enforce explicit Buffer import and add lint rule by @shivarm in expressjs/express#6525

chore: use node protocol for querystring by @shivarm in expressjs/express#6520

chore: fix typo by @mountdisk in expressjs/express#6609

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/express#6618

add deprecation warnings for redirect arguments undefined by @bjohansebas in expressjs/express#6405

ci: run CI when the markdown changes by @bjohansebas in expressjs/express#6632

doc: fix CONTRIBUTING link by @jonchurch in expressjs/express#6653

doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in expressjs/express#6601

build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in expressjs/express#6679

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in expressjs/express#6678

lint: add --fix flag to automatic fix linting issue by @shivarm in expressjs/express#6644

chore: ignore yarn.lock file and update example by @shivarm in expressjs/express#6588

lib: use req.socket over deprecated req.connection by @bjohansebas in expressjs/express#6705

doc: update express app example by @shivarm in expressjs/express#6718

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/express#6675

Remove history.md from being packaged on publish by @sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: body-parser@^2.2.1

A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

Commits

dbac741 5.2.1
697547c Revert "sec: security patch for CVE-2024-51999"
4007ad1 Release: 5.2.0 (#6920)
2f64f68 sec: security patch for CVE-2024-51999
ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
758d435 deps: body-parser@^2.2.1 (#6922)
77bcd52 docs: update emeritus triagers (#6890)
f33caf1 Nominate to @efekrskl for triage team (#6888)
Additional commits viewable in compare view

Updates @types/express from 5.0.3 to 5.0.6

Commits

See full diff in compare view

Updates tsx from 4.20.3 to 4.21.0

Release notes

Sourced from tsx's releases.

v4.21.0

4.21.0 (2025-11-30)

Features

upgrade esbuild (#748) (048fb62)

This release is also available on:

npm package (@latest dist-tag)

v4.20.6

4.20.6 (2025-09-26)

Bug Fixes

properly hide relaySignal from process.listeners() (#741) (710a424)

This release is also available on:

npm package (@latest dist-tag)

v4.20.5

4.20.5 (2025-08-24)

Bug Fixes

handle ambiguous packages (796053a)

This release is also available on:

npm package (@latest dist-tag)

v4.20.4

4.20.4 (2025-08-12)

Bug Fixes

... (truncated)

Commits

f6284cd ci: lock in semantic-release v24
048fb62 feat: upgrade esbuild (#748)
710a424 fix: properly hide relaySignal from process.listeners() (#741)
20b91c4 docs: make sponsors dynamic
08dcd59 chore: move vercel settings to root
e6d1a47 docs: obfuscate aside classname
de2719d style: remove unused variable
13f2954 chore: upgrade docs deps
0504525 chore: upgrade manten
132fdd8 test: assert require.cache
Additional commits viewable in compare view

Updates @bufbuild/buf from 1.56.0 to 1.62.1

Release notes

Sourced from @bufbuild/buf's releases.

v1.62.1

Fix default behavior for swift_prefix to remain unset when no override is provided in managed mode.

v1.62.0

Add swift_prefix to managed mode.

Add textDocument/rename and textDocument/prepareRename support for buf lsp serve.

Fix panic in LSP for empty option paths.

Fix support for multi-arch image manifests for buf beta registry plugin push.

v1.61.0

Disable format on unknown or invalid syntax.

Fix regression in LSP functionality for well-known types.

Fix browser open for buf registry login in WSL2.

Fix panic in LSP for EOF lookups.

Fix --create flag for buf push to avoid errors on already existing modules if create is disallowed.

v1.60.0

Fix LSP published diagnostics to filter to the opened file.

Add textDocument/documentSymbol support for buf lsp serve.

Fix LSP navigation for cached modules which could cause import paths to become unresolvable.

Update default value of --timeout flag to 0, which results in no timeout by default.

v1.59.0

Promote buf beta lsp to buf lsp serve. Command buf beta lsp is now deprecated.

Add textDocument/References support for buf lsp serve.

Add autocompletion for basic keywords, syntax, package and imports for buf lsp serve.

Add workspace symbol queries for buf lsp serve.

Fix positional encoding for diagnostics in buf lsp serve.

Fix format updates for buf lsp serve.

Fix syntax highlighting on semantic tokens for buf lsp serve.

Fix buf format to remove extraneous whitespace before the first header node (syntax/package declarations).

v1.58.0

Update PROTOVALIDATE lint rule to check IGNORE_IF_ZERO_VALUE on fields that track presence.

Fix buf format on fields with missing field number tags.

Optimize include and exclude path handling for workspaces to avoid unnecessary file system operations. This change can result in a performance improvement for large workspaces.

Fix buf curl for HTTP/2 services with --http2-prior-knowledge flag set.

v1.57.2

Fix buf curl for HTTP/2 services.

v1.57.1

Minor bug fixes and dependency upgrades.

v1.57.0

Update exclude types to remove unused options reducing the size of generated code.

Add gitlab-code-quality error format to print errors in the GitLab Code Quality format for buf lint and buf breaking.

Add source_control_url to json outputs for buf registry {module, plugin} commit commands.

Changelog

Sourced from @bufbuild/buf's changelog.

[v1.62.1] - 2025-12-29

Fix default behavior for swift_prefix to remain unset when no override is provided in managed mode.

[v1.62.0] - 2025-12-29

Add swift_prefix to managed mode.

Add textDocument/rename and textDocument/prepareRename support for buf lsp serve.

Fix panic in LSP for empty option paths.

Fix support for multi-arch image manifests for buf beta registry plugin push.

[v1.61.0] - 2025-11-25

Disable format on unknown or invalid syntax.

Fix regression in LSP functionality for well-known types.

Fix browser open for buf registry login in WSL2.

Fix panic in LSP for EOF lookups.

Fix --create flag for buf push to avoid errors on already existing modules if create is disallowed.

[v1.60.0] - 2025-11-14

Fix LSP published diagnostics to filter to the opened file.

Add textDocument/documentSymbol support for buf lsp serve.

Fix LSP navigation for cached modules which could cause import paths to become unresolvable.

Update default value of --timeout flag to 0, which results in no timeout by default.

Update PROTOVALIDATE lint rule to allow for custom rules that do not have id or message fields.

[v1.59.0] - 2025-10-20

Promote buf beta lsp to buf lsp serve. Command buf beta lsp is now deprecated.

Add textDocument/References support for buf lsp serve.

Add autocompletion for basic keywords, syntax, package and imports for buf lsp serve.

Add workspace symbol queries for buf lsp serve.

Fix positional encoding for diagnostics in buf lsp serve.

Fix format updates for buf lsp serve.

Fix syntax highlighting on semantic tokens for buf lsp serve.

Fix buf format to remove extraneous whitespace before the first header node (syntax/package declarations).

[v1.58.0] - 2025-10-09

Update PROTOVALIDATE lint rule to check IGNORE_IF_ZERO_VALUE on fields that track presence.

Fix buf format on fields with missing field number tags.

Optimize include and exclude path handling for workspaces to avoid unnecessary file system operations. This change can result in a performance improvement for large workspaces.

Fix buf curl for HTTP/2 services with --http2-prior-knowledge flag set.

[v1.57.2] - 2025-09-16

... (truncated)

Commits

26896d0 Release v1.62.1 (#4246)
efd9273 Fix default behavior of swift_prefix to remain unset in managed mode (#4245)
c7c37dc Return to development (#4244)
61fa40c Release v1.62.0 (#4243)
a23620e Make upgrade (#4242)
3da6f18 Reuse source.Opener and ir.Session to fix executor memory leaks in LSP (#...
3a5f466 Fix LSP to ignore excluded workspace files (#4239)
2ef6d9e Update docker image versions (#4241)
5c88271 Run make upgrade (#4240)
a293ec6 Add swift_prefix to managed mode (#4215)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @bufbuild/buf since your current version.

Updates @bufbuild/protoc-gen-es from 2.6.3 to 2.10.2

Release notes

Sourced from @bufbuild/protoc-gen-es's releases.

v2.10.2

What's Changed

Update to protocolbuffers/protobuf v33.2 by @timostamm in bufbuild/protobuf-es#1308

Permit google.protobuf.Value.null_value in map values in ProtoJSON by @timostamm in bufbuild/protobuf-es#1314

Full Changelog: bufbuild/protobuf-es@v2.10.1...v2.10.2

v2.10.1

What's Changed

Update @typescript/vfs to version 1.6.2 by @Yovach in bufbuild/protobuf-es#1274

New Contributors

@Yovach made their first contribution in bufbuild/protobuf-es#1274

Full Changelog: bufbuild/protobuf-es@v2.10.0...v2.10.1

v2.10.0

What's Changed

Cache list of sorted fields in WeakMap by @cptpcrd in bufbuild/protobuf-es#1240

Add functions durationFromMS and durationMs by @noahbald in bufbuild/protobuf-es#1244

Add section for google.protobuf.Duration in MANUAL.md by @timostamm in bufbuild/protobuf-es#1245

Add additional checks to toJson for Timestamp and Duration by @timostamm in bufbuild/protobuf-es#1263

Fix nanos sign in durationFromMs() by @timostamm in bufbuild/protobuf-es#1262

Update to protocolbuffers/protobuf v33 by @timostamm in bufbuild/protobuf-es#1270

Add Deno example by @timostamm in bufbuild/protobuf-es#1234

Mention Deno in package README.md by @timostamm in bufbuild/protobuf-es#1258

New Contributors

@cptpcrd made their first contribution in bufbuild/protobuf-es#1240

@noahbald made their first contribution in bufbuild/protobuf-es#1244

Full Changelog: bufbuild/protobuf-es@v2.9.0...v2.10.0

v2.9.0

What's Changed

Support Deno by @timostamm in bufbuild/protobuf-es#1233

Full Changelog: bufbuild/protobuf-es@v2.8.0...v2.9.0

v2.8.0

What's ChangedDescription has been truncated

Bumps the deps group with 11 updates in the /express directory: | Package | From | To | | --- | --- | --- | | [@bufbuild/protobuf](https://github.com/bufbuild/protobuf-es/tree/HEAD/packages/protobuf) | `2.6.3` | `2.10.2` | | [@connectrpc/connect](https://github.com/connectrpc/connect-es/tree/HEAD/packages/connect) | `2.0.3` | `2.1.1` | | [@connectrpc/connect-express](https://github.com/connectrpc/connect-es/tree/HEAD/packages/connect-express) | `2.0.3` | `2.1.1` | | [@connectrpc/connect-web](https://github.com/connectrpc/connect-es/tree/HEAD/packages/connect-web) | `2.0.3` | `2.1.1` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` | | [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `5.0.3` | `5.0.6` | | [tsx](https://github.com/privatenumber/tsx) | `4.20.3` | `4.21.0` | | [@bufbuild/buf](https://github.com/bufbuild/buf) | `1.56.0` | `1.62.1` | | [@bufbuild/protoc-gen-es](https://github.com/bufbuild/protobuf-es/tree/HEAD/packages/protoc-gen-es) | `2.6.3` | `2.10.2` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.2.0` | `25.0.3` | | [typescript](https://github.com/microsoft/TypeScript) | `5.9.2` | `5.9.3` | Updates `@bufbuild/protobuf` from 2.6.3 to 2.10.2 - [Release notes](https://github.com/bufbuild/protobuf-es/releases) - [Commits](https://github.com/bufbuild/protobuf-es/commits/v2.10.2/packages/protobuf) Updates `@connectrpc/connect` from 2.0.3 to 2.1.1 - [Release notes](https://github.com/connectrpc/connect-es/releases) - [Commits](https://github.com/connectrpc/connect-es/commits/v2.1.1/packages/connect) Updates `@connectrpc/connect-express` from 2.0.3 to 2.1.1 - [Release notes](https://github.com/connectrpc/connect-es/releases) - [Commits](https://github.com/connectrpc/connect-es/commits/v2.1.1/packages/connect-express) Updates `@connectrpc/connect-node` from 2.0.3 to 2.1.1 - [Release notes](https://github.com/connectrpc/connect-es/releases) - [Commits](https://github.com/connectrpc/connect-es/commits/v2.1.1/packages/connect-node) Updates `@connectrpc/connect-web` from 2.0.3 to 2.1.1 - [Release notes](https://github.com/connectrpc/connect-es/releases) - [Commits](https://github.com/connectrpc/connect-es/commits/v2.1.1/packages/connect-web) Updates `express` from 5.1.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v5.1.0...v5.2.1) Updates `@types/express` from 5.0.3 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `tsx` from 4.20.3 to 4.21.0 - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.20.3...v4.21.0) Updates `@bufbuild/buf` from 1.56.0 to 1.62.1 - [Release notes](https://github.com/bufbuild/buf/releases) - [Changelog](https://github.com/bufbuild/buf/blob/main/CHANGELOG.md) - [Commits](bufbuild/buf@v1.56.0...v1.62.1) Updates `@bufbuild/protoc-gen-es` from 2.6.3 to 2.10.2 - [Release notes](https://github.com/bufbuild/protobuf-es/releases) - [Commits](https://github.com/bufbuild/protobuf-es/commits/v2.10.2/packages/protoc-gen-es) Updates `@types/express` from 5.0.3 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `@types/node` from 24.2.0 to 25.0.3 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `typescript` from 5.9.2 to 5.9.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.2...v5.9.3) --- updated-dependencies: - dependency-name: "@bufbuild/protobuf" dependency-version: 2.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: deps - dependency-name: "@connectrpc/connect" dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: deps - dependency-name: "@connectrpc/connect-express" dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: deps - dependency-name: "@connectrpc/connect-node" dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: deps - dependency-name: "@connectrpc/connect-web" dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: deps - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: deps - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: deps - dependency-name: tsx dependency-version: 4.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: deps - dependency-name: "@bufbuild/buf" dependency-version: 1.62.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: deps - dependency-name: "@bufbuild/protoc-gen-es" dependency-version: 2.10.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: deps - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: deps - dependency-name: "@types/node" dependency-version: 25.0.3 dependency-type: direct:development update-type: version-update:semver-major dependency-group: deps - dependency-name: typescript dependency-version: 5.9.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: deps ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the deps group across 1 directory with 12 updates #2984

Bump the deps group across 1 directory with 12 updates #2984

Uh oh!

dependabot bot commented on behalf of github Jan 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the deps group across 1 directory with 12 updates #2984

Are you sure you want to change the base?

Bump the deps group across 1 directory with 12 updates #2984

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 1, 2026

v2.10.2

What's Changed

v2.10.1

What's Changed

New Contributors

v2.10.0

What's Changed

New Contributors

v2.9.0

What's Changed

v2.8.0

What's Changed

v2.7.0

What's Changed

v2.1.1

What's Changed

New Contributors

v2.1.0

What's Changed

v2.0.4

What's Changed

v2.1.1

What's Changed

New Contributors

v2.1.0

What's Changed

v2.0.4

What's Changed

v2.1.1

What's Changed

New Contributors

v2.1.0

What's Changed

v2.0.4

What's Changed

v2.1.1

What's Changed

New Contributors

v2.1.0

What's Changed

v2.0.4

What's Changed

v5.2.1

What's Changed

v5.2.0

Important: Security

What's Changed

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

v4.21.0

4.21.0 (2025-11-30)

Features

v4.20.6

4.20.6 (2025-09-26)

Bug Fixes

v4.20.5

4.20.5 (2025-08-24)

Bug Fixes

v4.20.4

4.20.4 (2025-08-12)

Bug Fixes

v1.62.1

v1.62.0

v1.61.0

v1.60.0

v1.59.0

v1.58.0

v1.57.2

v1.57.1

v1.57.0

[v1.62.1] - 2025-12-29

[v1.62.0] - 2025-12-29

[v1.61.0] - 2025-11-25

[v1.60.0] - 2025-11-14