Skip to content

Bump the server-dependencies group across 1 directory with 5 updates#470

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/server-dependencies-6931a051c0
Open

Bump the server-dependencies group across 1 directory with 5 updates#470
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/server-dependencies-6931a051c0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026

Bumps the server-dependencies group with 5 updates in the / directory:

Package From To
@types/node 25.3.3 25.5.0
mysql2 3.18.2 3.20.0
sinon 21.0.1 21.0.3
webpack 5.105.3 5.105.4
webpack-cli 6.0.1 7.0.0

Updates @types/node from 25.3.3 to 25.5.0

Commits

Updates mysql2 from 3.18.2 to 3.20.0

Release notes

Sourced from mysql2's releases.

v3.20.0

3.20.0 (2026-03-15)

Features

  • add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

  • explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
  • prevent double release from corrupting the connection pool (#4186) (7e57db6)
  • restore PoolConnection as subclass of Connection (#4183) (97855a6)

v3.19.1

3.19.1 (2026-03-09)

Security Bug Fixes

  • bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
  • handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
  • prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
  • validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

v3.19.0

3.19.0 (2026-03-05)

Features

  • use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

  • fix precision loss for large decimal values (#4135) (099beea)
Changelog

Sourced from mysql2's changelog.

3.20.0 (2026-03-15)

Features

  • add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

  • explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
  • prevent double release from corrupting the connection pool (#4186) (7e57db6)
  • restore PoolConnection as subclass of Connection (#4183) (97855a6)

3.19.1 (2026-03-09)

Bug Fixes

  • bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
  • handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
  • prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
  • validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

3.19.0 (2026-03-05)

Features

  • use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

  • fix precision loss for large decimal values (#4135) (099beea)
Commits

Updates sinon from 21.0.1 to 21.0.3

Changelog

Sourced from sinon's changelog.

21.0.3

  • 0494251b fix(#2678): upgrade samsam to fix buffer comparisons (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2026-03-16.

21.0.2

  • 024321c4 fix: skip Node specific tests in browser env (Carl-Erik Kopseng)
  • b836fccb fix: js-yaml breaking change from v3 to v4 (Carl-Erik Kopseng)
  • ebf0c431 docs: add how-to article for stubbing ES module imports (#1832) (#2676) (Eduard Barrera)
    • docs: add how-to article for stubbing ES module imports with esm package

    Adds a comprehensive How-To guide that addresses issue #1832, documenting how to configure Node.js to allow Sinon stubs to work with ES modules.

    • Explains why ES module namespace bindings are immutable by spec
    • Shows how to use the 'esm' npm package with mutableNamespace: true
    • Provides a complete working example with project layout, package.json, loader file, source modules, and a full test suite
    • Documents limitations (destructured imports, non-standard behavior)
    • Replaces the TODO comment in link-seams-commonjs.md with a cross-reference

    Closes #1832 Co-authored-by: Eduard Barrera eduardbar@users.noreply.github.com Co-authored-by: Carl-Erik Kopseng carlerik@gmail.com

  • ebcd506c Fix spies not being reset properly (#2673) (simon-id)
  • 3beab2ba Make doc tests pass with new jQuery (Carl-Erik Kopseng)
  • 766715c6 build: reduce transitive audit findings (Carl-Erik Kopseng)
  • 92aaf5c9 build: upgrade eslint config and replace dependency-check (Carl-Erik Kopseng)
  • c6aaa871 chore: ignore project worktrees (Carl-Erik Kopseng)
  • ef387e8e Upgrade most deps (Carl-Erik Kopseng)
  • 3cf4e77d docs: improve writing of documentation (#2675) (Eduardo de la Cruz Palacios)
  • 6349032f Check login status before publishing steps are performed (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2026-03-04.

Commits

Updates webpack from 5.105.3 to 5.105.4

Release notes

Sourced from webpack's releases.

v5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

Changelog

Sourced from webpack's changelog.

5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

Commits
  • 27c13b4 chore(release): new release (#20550)
  • 9b2f41e chore: bump terser plugin (#20569)
  • eafe060 fix: narrow the export presence guard detection (#20561)
  • 75d605c refactor: add AppendOnlyStackedSet iteration support and tests (#20560)
  • afa607d refactor: remove unused code (#20562)
  • 4098902 test: add source files for web-webworker and web-webworker-auto-public-path (...
  • f97be67 refactor: fix duplicated word in Compilation JSDoc (#20547)
  • 9d76fff refactor: add Module.getSourceBasicTypes for basic JS type detection (#20546)
  • a3d7839 fix: types for multi stats (#20556)
  • b8e9b05 fix: update enhanced-resolve to support new features for tsconfig.json (#...
  • Additional commits viewable in compare view

Updates webpack-cli from 6.0.1 to 7.0.0

Release notes

Sourced from webpack-cli's releases.

webpack-cli@7.0.0

Major Changes

  • The minimum supported version of Node.js is 20.9.0. (by @​alexander-akait in #4677)

  • Use dynamic import to load webpack.config.js, fallback to interpret only when configuration can't be load by dynamic import. Using dynamic imports allows you to take advantage of Node.js's built-in TypeScript support. (by @​alexander-akait in #4677)

  • Removed the --node-env argument in favor of the --config-node-env argument. (by @​alexander-akait in #4677)

  • The version command only output versions right now. (by @​alexander-akait in #4677)

  • Removed deprecated API, no action required unless you use import cli from "webpack-cli";/const cli = require("webpack-cli");. (by @​alexander-akait in #4677)

Patch Changes

Changelog

Sourced from webpack-cli's changelog.

7.0.0

Major Changes

  • The minimum supported version of Node.js is 20.9.0. (by @​alexander-akait in #4677)

  • Use dynamic import to load webpack.config.js, fallback to interpret only when configuration can't be load by dynamic import. Using dynamic imports allows you to take advantage of Node.js's built-in TypeScript support. (by @​alexander-akait in #4677)

  • Removed the --node-env argument in favor of the --config-node-env argument. (by @​alexander-akait in #4677)

  • The version command only output versions right now. (by @​alexander-akait in #4677)

  • Removed deprecated API, no action required unless you use import cli from "webpack-cli";/const cli = require("webpack-cli");. (by @​alexander-akait in #4677)

Patch Changes

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack-cli since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the server-dependencies group across 1 directory with 5 updates
940a4e6 
Bumps the server-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.3.3` | `25.5.0` |
| [mysql2](https://github.com/sidorares/node-mysql2) | `3.18.2` | `3.20.0` |
| [sinon](https://github.com/sinonjs/sinon) | `21.0.1` | `21.0.3` |
| [webpack](https://github.com/webpack/webpack) | `5.105.3` | `5.105.4` |
| [webpack-cli](https://github.com/webpack/webpack-cli) | `6.0.1` | `7.0.0` |



Updates `@types/node` from 25.3.3 to 25.5.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `mysql2` from 3.18.2 to 3.20.0
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v3.18.2...v3.20.0)

Updates `sinon` from 21.0.1 to 21.0.3
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](sinonjs/sinon@v21.0.1...v21.0.3)

Updates `webpack` from 5.105.3 to 5.105.4
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.105.3...v5.105.4)

Updates `webpack-cli` from 6.0.1 to 7.0.0
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/webpack-cli@6.0.1...webpack-cli@7.0.0)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: server-dependencies
- dependency-name: mysql2
  dependency-version: 3.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: server-dependencies
- dependency-name: sinon
  dependency-version: 21.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: server-dependencies
- dependency-name: webpack
  dependency-version: 5.105.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: server-dependencies
- dependency-name: webpack-cli
  dependency-version: 7.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: server-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants