Bump the major-updates group with 19 updates by dependabot[bot] · Pull Request #515 · ministryofjustice/cica-apply-data-capture-service

dependabot · 2026-02-25T14:51:03Z

Bumps the major-updates group with 19 updates:

Package	From	To
ajv	`6.14.0`	`8.18.0`
ajv-errors	`1.0.1`	`3.0.0`
debug	`2.6.9`	`4.4.3`
express	`4.22.1`	`5.2.1`
helmet	`3.23.3`	`8.1.0`
pino-http	`5.8.0`	`11.0.0`
pino-std-serializers	`6.2.2`	`7.1.0`
swagger-ui-express	`4.6.3`	`5.0.1`
aws-sdk-client-mock	`2.2.0`	`4.1.0`
eslint	`8.57.1`	`10.0.2`
eslint-config-prettier	`6.15.0`	`10.1.8`
eslint-plugin-jest	`23.20.0`	`29.15.0`
eslint-plugin-prettier	`3.4.1`	`5.5.5`
husky	`4.3.8`	`9.1.7`
jest	`28.1.3`	`30.2.0`
lint-staged	`11.2.6`	`16.2.7`
pino-pretty	`10.3.1`	`13.1.3`
prettier	`1.19.1`	`3.8.1`
supertest	`4.0.2`	`7.2.2`

Updates ajv from 6.14.0 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

v8.17.1

What's Changed

bump version to 8.17.1 by @jasoniangreen in ajv-validator/ajv#2472

Full Changelog: ajv-validator/ajv@v8.17.0...v8.17.1

Plus everything in 8.17.0 which failed to release

The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.

Revert "Revert fast-uri change (ajv-validator/ajv#2444)" by @gurgunday in ajv-validator/ajv#2448 fix: ignore new eslint error for @typescript-eslint/no-extraneous-class by @jasoniangreen in ajv-validator/ajv#2455 docs: clarify behaviour of addVocabulary by @jasoniangreen in ajv-validator/ajv#2454 docs: refactor to improve legibility by @blottn in ajv-validator/ajv#2432 Fix grammatical typo in managing-schemas.md by @wetneb in ajv-validator/ajv#2305 docs: Fix broken strict-mode link by @alexanderjsx in ajv-validator/ajv#2459 feat: add test for encoded refs and bump fast-uri by @jasoniangreen in ajv-validator/ajv#2449 fix: changes for @typescript-eslint/array-type rule by @jasoniangreen in ajv-validator/ajv#2467 fixes ajv-validator/ajv#2217 - clarify custom keyword naming by @jasoniangreen in ajv-validator/ajv#2457

v8.17.0

What's Changed

The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.

Revert "Revert fast-uri change (#2444)" by @gurgunday in ajv-validator/ajv#2448

fix: ignore new eslint error for @typescript-eslint/no-extraneous-class by @jasoniangreen in ajv-validator/ajv#2455

docs: clarify behaviour of addVocabulary by @jasoniangreen in ajv-validator/ajv#2454

docs: refactor to improve legibility by @blottn in ajv-validator/ajv#2432

Fix grammatical typo in managing-schemas.md by @wetneb in ajv-validator/ajv#2305

docs: Fix broken strict-mode link by @alexanderjsx in ajv-validator/ajv#2459

feat: add test for encoded refs and bump fast-uri by @jasoniangreen in ajv-validator/ajv#2449

fix: changes for @typescript-eslint/array-type rule by @jasoniangreen in ajv-validator/ajv#2467

fixes #2217 - clarify custom keyword naming by @jasoniangreen in ajv-validator/ajv#2457

... (truncated)

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
9050ba1 bump version to 8.17.1 (#2472)
f7831b4 fixes #2217 - clarify custom keyword naming (#2457)
a523784 fix: changes for @typescript-eslint/array-type rule (#2467)
595fe58 feat: add test for encoded refs and bump fast-uri (#2449)
Additional commits viewable in compare view

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Updates ajv-errors from 1.0.1 to 3.0.0

Release notes

Sourced from ajv-errors's releases.

v3.0.0

Upgrade for Ajv v8 (error property dataPath changed to instancePath)

v2.0.1

Fix standalone generation code when errorMessage keyword is used.

v2.0.0

Re-written to support ajv v7

v2.0.0-beta.0

Re-written to support for ajv v7

Commits

7efe8c2 3.0.0
7658b29 readme: version
8a238fd Revert "3.0.0"
f4e79cf 3.0.0
0415601 upgrade ajv 8.0.0, dataPath -> instancePath
623c07b 2.0.1
2c9fd6c Merge pull request #80 from ejoebstl/patch-1
50f4129 Merge branch 'master' into patch-1
25f2783 Merge pull request #91 from ajv-validator/dependabot/npm_and_yarn/husky-5.1.3
5e04e67 fix: standalone validation code, tests (fixes #88)
Additional commits viewable in compare view

Updates debug from 2.6.9 to 4.4.3

Release notes

Sourced from debug's releases.

4.4.3

Functionally identical release to 4.4.1.

Version 4.4.2 is compromised. Please see debug-js/debug#1005.

4.4.1

What's Changed

fix(Issue-996): replace whitespaces in namespaces string with commas globally by @pdahal-cx in debug-js/debug#997

fixes #987 fallback to localStorage.DEBUG if debug is not defined by @lzilioli in debug-js/debug#988

New Contributors

@pdahal-cx made their first contribution in debug-js/debug#997

@lzilioli made their first contribution in debug-js/debug#988

Full Changelog: debug-js/debug@4.4.0...4.4.1

4.4.0

Fixes (hopefully) the inefficient regex warnings in .enable().

Minor version as this is invariably going to break certain users who misuse the .enable() API and expected it to work with regexes, which was never supported nor documented. That's on you, sorry - that functionality won't be added back.

Full Changelog: debug-js/debug@4.3.7...4.4.0

4.3.7

What's Changed

Upgrade ms to version 2.1.3 by @realityking in debug-js/debug#819

Full Changelog: debug-js/debug@4.3.6...4.3.7

4.3.6

What's Changed

Avoid using deprecated RegExp.$1 by @bluwy in debug-js/debug#969

New Contributors

@bluwy made their first contribution in debug-js/debug#969

Full Changelog: debug-js/debug@4.3.5...4.3.6

4.3.5

Patch

cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (#926)

Thank you @calvintwr for the fix.

4.3.4

What's Changed

Add section about configuring JS console to show debug messages by @gitname in debug-js/debug#866

Replace deprecated String.prototype.substr() by @CommanderRoot in debug-js/debug#876

... (truncated)

Commits

6b2c5fb 4.4.3
33330fa 4.4.1
98df33e remove istanbul
bf2f574 fixes #987 fallback to localStorage.DEBUG if debug is not defined (#988)
a0497bd Replace whitespaces in namespaces string with commas globally instead of just...
7e3814c 4.4.0
d2d6bf0 fix inefficient .enable() regex and .enabled() test
bc60914 4.3.7
c63e96e Upgrade ms to version 2.1.3 (#819)
382864a remove archaic badges from readme
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 5.2.1 by @UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in expressjs/express#6429

Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in expressjs/express#6137

increased code coverage of utils.js file by @ashish3011 in expressjs/express#6386

chore: remove duplicate word by @dufucun in expressjs/express#6456

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in expressjs/express#6498

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/express#6497

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/express#6496

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6504

ci: update codeql config by @Phillip9587 in expressjs/express#6488

chore: wider range for query test skip by @jonchurch in expressjs/express#6512

chore: fix typos in test by @noritaka1166 in expressjs/express#6535

ci: disable credential persistence for checkout actions by @mertssmnoglu in expressjs/express#6522

ci: allow manual triggering of workflow by @shivarm in expressjs/express#6515

test: add coverage for app.listen() variants by @kgarg1 in expressjs/express#6476

docs: move documentation and charters to the discussions and .github … by @bjohansebas in expressjs/express#6427

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/express#6549

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/express#6548

chore: enforce explicit Buffer import and add lint rule by @shivarm in expressjs/express#6525

chore: use node protocol for querystring by @shivarm in expressjs/express#6520

chore: fix typo by @mountdisk in expressjs/express#6609

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/express#6618

add deprecation warnings for redirect arguments undefined by @bjohansebas in expressjs/express#6405

ci: run CI when the markdown changes by @bjohansebas in expressjs/express#6632

doc: fix CONTRIBUTING link by @jonchurch in expressjs/express#6653

doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in expressjs/express#6601

build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in expressjs/express#6679

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in expressjs/express#6678

lint: add --fix flag to automatic fix linting issue by @shivarm in expressjs/express#6644

chore: ignore yarn.lock file and update example by @shivarm in expressjs/express#6588

lib: use req.socket over deprecated req.connection by @bjohansebas in expressjs/express#6705

doc: update express app example by @shivarm in expressjs/express#6718

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/express#6675

Remove history.md from being packaged on publish by @sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: body-parser@^2.2.1

A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

Add support for Uint8Array in res.send()

Add support for ETag option in res.sendFile()

Add support for multiple links with the same rel in res.links()

Add funding field to package.json

perf: use loop for acceptParams

refactor: prefix built-in node module imports

deps: remove setprototypeof

deps: remove safe-buffer

deps: remove utils-merge

deps: remove methods

deps: remove depd

deps: debug@^4.4.0

deps: body-parser@^2.2.0

deps: router@^2.2.0

deps: content-type@^1.0.5

deps: finalhandler@^2.1.0

deps: qs@^6.14.0

deps: server-static@2.2.0

deps: type-is@2.0.1

5.0.1 / 2024-10-08

Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

remove:

path-is-absolute dependency - use path.isAbsolute instead

breaking:

res.status() accepts only integers, and input must be greater than 99 and less than 1000

will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range

will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs

deps: send@1.0.0

... (truncated)

Commits

dbac741 5.2.1
697547c Revert "sec: security patch for CVE-2024-51999"
4007ad1 Release: 5.2.0 (#6920)
2f64f68 sec: security patch for CVE-2024-51999
ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
758d435 deps: body-parser@^2.2.1 (#6922)
77bcd52 docs: update emeritus triagers (#6890)
f33caf1 Nominate to @efekrskl for triage team (#6888)
Additional commits viewable in compare view

Updates helmet from 3.23.3 to 8.1.0

Changelog

Sourced from helmet's changelog.

8.1.0 - 2025-03-17

Changed

Content-Security-Policy gives a better error when a directive value, like self, should be quoted. See #482

8.0.0 - 2024-09-28

Changed

Breaking: Strict-Transport-Security now has a max-age of 365 days, up from 180

Breaking: Content-Security-Policy middleware now throws an error if a directive should have quotes but does not, such as self instead of 'self'. See #454

Breaking: Content-Security-Policy's getDefaultDirectives now returns a deep copy. This only affects users who were mutating the result

Breaking: Strict-Transport-Security now throws an error when "includeSubDomains" option is misspelled. This was previously a warning

Removed

Breaking: Drop support for Node 16 and 17. Node 18+ is now required

7.2.0 - 2024-09-28

Changed

Content-Security-Policy middleware now warns if a directive should have quotes but does not, such as self instead of 'self'. This will be an error in future versions. See #454

7.1.0 - 2023-11-07

Added

helmet.crossOriginEmbedderPolicy now supports the unsafe-none directive. See #477

7.0.0 - 2023-05-06

Changed

Breaking: Cross-Origin-Embedder-Policy middleware is now disabled by default. See #411

Removed

Breaking: Drop support for Node 14 and 15. Node 16+ is now required

Breaking: Expect-CT is no longer part of Helmet. If you still need it, you can use the expect-ct package. See #378

6.2.0 - 2023-05-06

Expose header names (e.g., strictTransportSecurity for the Strict-Transport-Security header, instead of hsts)

Rework documentation

6.1.5 - 2023-04-11

Fixed

... (truncated)

Commits

57e1b39 8.1.0
c8efbe3 Update changelog for 8.1.0 release
3396804 Add 8.0.0 release date to changelog
52dd8eb Content-Security-Policy: better error when value should be quoted
4af4777 Use built-in test runner (instead of Jest)
ba10272 Organize imports
e0f1387 Update devDependencies to latest versions
842393c Check types during npm test, run in parallel
77fbe3a Strict-Transport-Security: fix documentation for default max-age
632e629 Update license year for 2025
Additional commits viewable in compare view

Updates pino-http from 5.8.0 to 11.0.0

Release notes

Sourced from pino-http's releases.

v11.0.0

What's Changed

build(deps-dev): bump @types/node from 22.15.32 to 24.0.3 by @dependabot[bot] in pinojs/pino-http#370

build(deps-dev): bump typescript from 5.8.3 to 5.9.2 by @dependabot[bot] in pinojs/pino-http#373

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in pinojs/pino-http#376

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in pinojs/pino-http#380

build(deps): bump actions/setup-node from 4 to 5 by @dependabot[bot] in pinojs/pino-http#382

Update for pino@10 by @jsumners in pinojs/pino-http#383

Full Changelog: pinojs/pino-http@v10.5.0...v11.0.0

v10.5.0

What's Changed

build(deps-dev): bump typescript from 5.7.3 to 5.8.2 by @dependabot[bot] in pinojs/pino-http#364

build(deps): bump actions/dependency-review-action from 3 to 4 by @dependabot[bot] in pinojs/pino-http#326

build(deps): bump process-warning from 4.0.1 to 5.0.0 by @dependabot[bot] in pinojs/pino-http#367

build(deps-dev): bump tsd from 0.31.2 to 0.32.0 by @dependabot[bot] in pinojs/pino-http#368

Full Changelog: pinojs/pino-http@v10.4.0...v10.5.0

v10.4.0

What's Changed

build(deps-dev): lock typescript minor version by @Fdawgs in pinojs/pino-http#353

build(deps-dev): bump autocannon from 7.15.0 to 8.0.0 by @dependabot in pinojs/pino-http#355

build(deps-dev): bump pino-pretty from 11.3.0 to 13.0.0 by @dependabot in pinojs/pino-http#357

build(deps-dev): bump typescript from 5.0.4 to 5.7.2 by @dependabot in pinojs/pino-http#360

feat: make check for allLogs more explicit by @todor-a in pinojs/pino-http#362

New Contributors

@todor-a made their first contribution in pinojs/pino-http#362

Full Changelog: pinojs/pino-http@v10.3.0...v10.4.0

v10.3.0

What's Changed

build(deps): bump process-warning from 3.0.0 to 4.0.0 by @dependabot in pinojs/pino-http#343

build(deps-dev): bump @types/node from 20.14.13 to 22.0.0 by @dependabot in pinojs/pino-http#344

fix: allow CustomLevels in useLevel and customLogLevel by @JulianCissen in pinojs/pino-http#346

New Contributors

@JulianCissen made their first contribution in pinojs/pino-http#346

Full Changelog: pinojs/pino-http@v10.2.0...v10.3.0

v10.2.0

What's Changed

feat: add quietResLogger option by @wms in pinojs/pino-http#339

fix: allow using non-lowercased custom levels by @chernodub in pinojs/pino-http#342

... (truncated)

Commits

6615953 v11.0.0
da0442e Update for pino@10 (#383)
c77bf25 build(deps): bump actions/setup-node from 4 to 5 (#382)
5b06a22 build(deps): bump actions/checkout from 4 to 5 (#380)
bc69ee9 build(deps-dev): bump tsd from 0.32.0 to 0.33.0 (#376)
c2ccdb3 build(deps-dev): bump typescript from 5.8.3 to 5.9.2 (#373)
6dbe316 build(deps-dev): bump @types/node from 22.15.32 to 24.0.3 (#370)
d8c995e Bumped 10.5.0
e3f04bf build(deps-dev): bump tsd from 0.31.2 to 0.32.0 (#368)
5e19fa6 build(deps): bump process-warning from 4.0.1 to 5.0.0 (#367)
Additional commits viewable in compare view

Updates pino-std-serializers from 6.2.2 to 7.1.0

Release notes

Sourced from pino-std-serializers's releases.

v7.0.0

What's Changed

Bump tsd from 0.28.1 to 0.29.0 by @dependabot in pinojs/pino-std-serializers#134

Bump actions/checkout from 3 to 4 by @dependabot in pinojs/pino-std-serializers#135

Updating for v9: update dependencies and CI by @Ranieri93 in pinojs/pino-std-serializers#136

Bump actions/setup-node from 3 to 4 by @dependabot in pinojs/pino-std-serializers#138

Bump tsd from 0.29.0 to 0.30.0 by @dependabot in pinojs/pino-std-serializers#139

Bump actions/dependency-review-action from 3 to 4 by @dependabot in pinojs/pino-std-serializers#142

docs(readme): add missing code block quotes by @mmarinero in pinojs/pino-std-serializers#143

feat: Port tests from tap to node:assert and node:test by @codershiba in pinojs/pino-std-serializers#141

Bump tsd from 0.30.7 to 0.31.0 by @dependabot in pinojs/pino-std-serializers#144

New Contributors

@Ranieri93 made their first contribution in pinojs/pino-std-serializers#136

@mmarinero made their first contribution in pinojs/pino-std-serializers#143

@codershiba made their first contribution in pinojs/pino-std-serializers#141

Full Changelog: pinojs/pino-std-serializers@v6.2.2...v7.0.0

Commits

See full diff in compare view

Updates swagger-ui-express from 4.6.3 to 5.0.1

Release notes

Sourced from swagger-ui-express's releases.

5.0.1

Bump dependencies.

5.0.0

No release notes provided.

Commits

0d0c788 Bump version of package
6432818 Merge pull request #370 from gavinslilley/swagger-ui-express-bump
4fc6ca2 update dev dependencies
bba8961 Bumped to version 5
fdbffb0 Merge pull request #352 from J12934/performance/minimize-server-side-import
11a8423 Merge pull request #350 from varanauskas/master
8db205d Only import required function / file
2d71fe8 Update Swagger to 5.0.0
See full diff in compare view

Updates aws-sdk-client-mock from 2.2.0 to 4.1.0

Release notes

Sourced from aws-sdk-client-mock's releases.

v4.1.0

4.1.0 (2024-10-15)

Features

add commandCall method to AwsStub (#241) (4f11d4c)

v4.1.0-beta.0

4.1.0-beta.0 (2024-10-11)

Features

jest: add support for vitest (#231) (3ed37a9)

Bug Fixes

jest: import path in types test (750605b)

v4.0.2

4.0.2 (2024-09-23)

v4.0.2-beta.0

4.0.2-beta.0 (2024-06-20)

Bug Fixes

jest: allow "toHaveReceivedCommandWith" partial match without required Command fields (79929ae)

v4.0.1

4.0.1 (2024-06-01)

v4.0.1-beta.0

4.0.1-beta.0 (2024-06-01)

Bug Fixes

jest: match input type accepting @jest/globals asymmetric matchers (644a603)

v4.0.0

4.0.0 (2024-03-17)

v4.0.0-beta.0

4.0.0-beta.0 (2024-03-17)

⚠ BREAKING CHANGES

Correct expect.assertions() count on CommandWith commands (#209)

Bug Fixes

... (truncated)

Changelog

Sourced from aws-sdk-client-mock's changelog.

4.1.0 (2024-10-15)

Features

add commandCall method to AwsStub (#241) (4f11d4c)

4.1.0-beta.0 (2024-10-11)

Features

jest: add support for vitest (#231) (3ed37a9)

Bug Fixes

jest: import path in types test (750605b)

4.0.2 (2024-09-23)

4.0.2-beta.0 (2024-06-20)

Bug Fixes

jest: allow "toHaveReceivedCommandWith" partial match without required Command fields (79929ae)

4.0.1 (2024-06-01)

4.0.1-beta.0 (2024-06-01)

Bug Fixes

jest: match input type accepting @jest/globals asymmetric matchers (644a603)

4.0.0 (2024-03-17)

4.0.0-beta.0 (2024-03-17)

⚠ BREAKING CHANGES

Correct expect.assertions() count on CommandWith commands (#209)

Bug Fixes

Correct expect.assertions() count on CommandWith commands (#209) (65d53a7)

... (truncated)

Commits

2f8100e chore(release): 4.1.0
4f11d4c feat: add commandCall method to AwsStub (#241)
dfdbc83 chore(release): 4.1.0-beta.0
750605b fix(jest): import path in types test
3ed37a9 feat(jest): add support for vitest (#231)
72ebb74 docs: update docs website
1f08693 chore(release): 4.0.2
3be9f30 ci: fix CLI conflict for pnpm docs
f4b16c5 docs: move reproduction code instructions from body to desc in bug template
6ca4735 docs: mocking lib-storage Upload for small files
Additional commits viewable in compare view

Updates eslint from 8.57.1 to 10.0.2

Release notes

Sourced from eslint's releases.

v10.0.2

Bug Fixes

2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)

98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)

61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

951223b chore: update dependency @eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])

6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

Bumps the major-updates group with 19 updates: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `6.14.0` | `8.18.0` | | [ajv-errors](https://github.com/epoberezkin/ajv-errors) | `1.0.1` | `3.0.0` | | [debug](https://github.com/debug-js/debug) | `2.6.9` | `4.4.3` | | [express](https://github.com/expressjs/express) | `4.22.1` | `5.2.1` | | [helmet](https://github.com/helmetjs/helmet) | `3.23.3` | `8.1.0` | | [pino-http](https://github.com/pinojs/pino-http) | `5.8.0` | `11.0.0` | | [pino-std-serializers](https://github.com/pinojs/pino-std-serializers) | `6.2.2` | `7.1.0` | | [swagger-ui-express](https://github.com/scottie1984/swagger-ui-express) | `4.6.3` | `5.0.1` | | [aws-sdk-client-mock](https://github.com/m-radzikowski/aws-sdk-client-mock) | `2.2.0` | `4.1.0` | | [eslint](https://github.com/eslint/eslint) | `8.57.1` | `10.0.2` | | [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) | `6.15.0` | `10.1.8` | | [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `23.20.0` | `29.15.0` | | [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) | `3.4.1` | `5.5.5` | | [husky](https://github.com/typicode/husky) | `4.3.8` | `9.1.7` | | [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `28.1.3` | `30.2.0` | | [lint-staged](https://github.com/lint-staged/lint-staged) | `11.2.6` | `16.2.7` | | [pino-pretty](https://github.com/pinojs/pino-pretty) | `10.3.1` | `13.1.3` | | [prettier](https://github.com/prettier/prettier) | `1.19.1` | `3.8.1` | | [supertest](https://github.com/ladjs/supertest) | `4.0.2` | `7.2.2` | Updates `ajv` from 6.14.0 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.14.0...v8.18.0) Updates `ajv-errors` from 1.0.1 to 3.0.0 - [Release notes](https://github.com/epoberezkin/ajv-errors/releases) - [Commits](ajv-validator/ajv-errors@v1.0.1...v3.0.0) Updates `debug` from 2.6.9 to 4.4.3 - [Release notes](https://github.com/debug-js/debug/releases) - [Commits](debug-js/debug@2.6.9...4.4.3) Updates `express` from 4.22.1 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v4.22.1...v5.2.1) Updates `helmet` from 3.23.3 to 8.1.0 - [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md) - [Commits](helmetjs/helmet@v3.23.3...v8.1.0) Updates `pino-http` from 5.8.0 to 11.0.0 - [Release notes](https://github.com/pinojs/pino-http/releases) - [Commits](pinojs/pino-http@v5.8.0...v11.0.0) Updates `pino-std-serializers` from 6.2.2 to 7.1.0 - [Release notes](https://github.com/pinojs/pino-std-serializers/releases) - [Commits](https://github.com/pinojs/pino-std-serializers/commits) Updates `swagger-ui-express` from 4.6.3 to 5.0.1 - [Release notes](https://github.com/scottie1984/swagger-ui-express/releases) - [Commits](scottie1984/swagger-ui-express@4.6.3...5.0.1) Updates `aws-sdk-client-mock` from 2.2.0 to 4.1.0 - [Release notes](https://github.com/m-radzikowski/aws-sdk-client-mock/releases) - [Changelog](https://github.com/m-radzikowski/aws-sdk-client-mock/blob/main/CHANGELOG.md) - [Commits](m-radzikowski/aws-sdk-client-mock@v2.2.0...v4.1.0) Updates `eslint` from 8.57.1 to 10.0.2 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v8.57.1...v10.0.2) Updates `eslint-config-prettier` from 6.15.0 to 10.1.8 - [Release notes](https://github.com/prettier/eslint-config-prettier/releases) - [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md) - [Commits](prettier/eslint-config-prettier@v6.15.0...v10.1.8) Updates `eslint-plugin-jest` from 23.20.0 to 29.15.0 - [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases) - [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md) - [Commits](jest-community/eslint-plugin-jest@v23.20.0...v29.15.0) Updates `eslint-plugin-prettier` from 3.4.1 to 5.5.5 - [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases) - [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/eslint-plugin-prettier/commits/v5.5.5) Updates `husky` from 4.3.8 to 9.1.7 - [Release notes](https://github.com/typicode/husky/releases) - [Commits](typicode/husky@v4.3.8...v9.1.7) Updates `jest` from 28.1.3 to 30.2.0 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.2.0/packages/jest) Updates `lint-staged` from 11.2.6 to 16.2.7 - [Release notes](https://github.com/lint-staged/lint-staged/releases) - [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md) - [Commits](lint-staged/lint-staged@v11.2.6...v16.2.7) Updates `pino-pretty` from 10.3.1 to 13.1.3 - [Release notes](https://github.com/pinojs/pino-pretty/releases) - [Commits](pinojs/pino-pretty@v10.3.1...v13.1.3) Updates `prettier` from 1.19.1 to 3.8.1 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@1.19.1...3.8.1) Updates `supertest` from 4.0.2 to 7.2.2 - [Release notes](https://github.com/ladjs/supertest/releases) - [Commits](forwardemail/supertest@v4.0.2...v7.2.2) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major-updates - dependency-name: ajv-errors dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major-updates - dependency-name: debug dependency-version: 4.4.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major-updates - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major-updates - dependency-name: helmet dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major-updates - dependency-name: pino-http dependency-version: 11.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major-updates - dependency-name: pino-std-serializers dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major-updates - dependency-name: swagger-ui-express dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major-updates - dependency-name: aws-sdk-client-mock dependency-version: 4.1.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: eslint dependency-version: 10.0.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: eslint-config-prettier dependency-version: 10.1.8 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: eslint-plugin-jest dependency-version: 29.15.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: eslint-plugin-prettier dependency-version: 5.5.5 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: husky dependency-version: 9.1.7 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: jest dependency-version: 30.2.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: lint-staged dependency-version: 16.2.7 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: pino-pretty dependency-version: 13.1.3 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: prettier dependency-version: 3.8.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: supertest dependency-version: 7.2.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 25, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/major-updates-028cab2381 branch from 8d37a93 to 399acfc Compare March 3, 2026 15:09

dependabot bot force-pushed the dependabot/npm_and_yarn/major-updates-028cab2381 branch from 399acfc to 7614d86 Compare March 4, 2026 12:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the major-updates group with 19 updates#515

Bump the major-updates group with 19 updates#515
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/major-updates-028cab2381

dependabot bot commented on behalf of github Feb 25, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v8.18.0

What's Changed

New Contributors

v8.17.1

What's Changed

Plus everything in 8.17.0 which failed to release

v8.17.0

What's Changed

v3.0.0

v2.0.1

v2.0.0

v2.0.0-beta.0

4.4.3

4.4.1

What's Changed

New Contributors

4.4.0

4.3.7

What's Changed

4.3.6

What's Changed

New Contributors

4.3.5

Patch

4.3.4

What's Changed

v5.2.1

What's Changed

v5.2.0

Important: Security

What's Changed

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

5.1.0 / 2025-03-31

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

8.1.0 - 2025-03-17

Changed

8.0.0 - 2024-09-28

Changed

Removed

7.2.0 - 2024-09-28

Changed

7.1.0 - 2023-11-07

Added

7.0.0 - 2023-05-06

Changed

Removed

6.2.0 - 2023-05-06

6.1.5 - 2023-04-11

Fixed

v11.0.0

What's Changed

v10.5.0

What's Changed

v10.4.0

What's Changed

New Contributors

v10.3.0

What's Changed

New Contributors

v10.2.0

What's Changed

v7.0.0

What's Changed

New Contributors

5.0.1

5.0.0

v4.1.0

4.1.0 (2024-10-15)

Features

v4.1.0-beta.0

4.1.0-beta.0 (2024-10-11)

Features

Bug Fixes

v4.0.2

4.0.2 (2024-09-23)

dependabot bot commented on behalf of github Feb 25, 2026 •

edited

Loading