Skip to content

build(deps): bump the major group with 14 updates#3

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/major-03360f8f8e
Open

build(deps): bump the major group with 14 updates#3
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/major-03360f8f8e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026

Bumps the major group with 14 updates:

Package From To
@mzinga/bundler-webpack 0.1.3 1.0.4
@mzinga/db-mongodb 0.1.3 1.0.4
@mzinga/db-postgres 0.1.3 1.0.4
@mzinga/plugin-form-builder 0.1.3 1.0.4
@mzinga/plugin-seo 0.1.3 1.0.4
@mzinga/richtext-slate 0.1.3 1.0.4
express 4.21.2 5.2.1
@types/express 5.0.5 5.0.6
glob 11.1.0 13.0.6
mzinga 0.1.3 1.0.4
nodemailer 7.0.13 8.0.5
typescript 5.9.3 6.0.3
@types/node 24.10.0 25.6.0
eslint 9.39.1 10.2.1

Updates @mzinga/bundler-webpack from 0.1.3 to 1.0.4

Release notes

Sourced from @​mzinga/bundler-webpack's releases.

1.0.4

What's Changed

Full Changelog: mzinga-io/mzinga-core@0.1.3...1.0.4

Commits

Updates @mzinga/db-mongodb from 0.1.3 to 1.0.4

Release notes

Sourced from @​mzinga/db-mongodb's releases.

1.0.4

What's Changed

Full Changelog: mzinga-io/mzinga-core@0.1.3...1.0.4

Commits

Updates @mzinga/db-postgres from 0.1.3 to 1.0.4

Release notes

Sourced from @​mzinga/db-postgres's releases.

1.0.4

What's Changed

Full Changelog: mzinga-io/mzinga-core@0.1.3...1.0.4

Commits

Updates @mzinga/plugin-form-builder from 0.1.3 to 1.0.4

Release notes

Sourced from @​mzinga/plugin-form-builder's releases.

1.0.4

What's Changed

Full Changelog: mzinga-io/mzinga-core@0.1.3...1.0.4

Commits

Updates @mzinga/plugin-seo from 0.1.3 to 1.0.4

Release notes

Sourced from @​mzinga/plugin-seo's releases.

1.0.4

What's Changed

Full Changelog: mzinga-io/mzinga-core@0.1.3...1.0.4

Commits

Updates @mzinga/richtext-slate from 0.1.3 to 1.0.4

Release notes

Sourced from @​mzinga/richtext-slate's releases.

1.0.4

What's Changed

Full Changelog: mzinga-io/mzinga-core@0.1.3...1.0.4

Commits

Updates express from 4.21.2 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0

... (truncated)

Commits

Updates @types/express from 5.0.5 to 5.0.6

Commits

Updates glob from 11.1.0 to 13.0.6

Changelog

Sourced from glob's changelog.

changeglob

13

  • Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

  • Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

  • Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)
  • Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.
  • Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

  • Drop support for node before v20

10.4

  • Add includeChildMatches: false option
  • Export the Ignore class

10.3

  • Add --default -p flag to provide a default pattern
  • exclude symbolic links to directories when follow and nodir are both set

10.2

  • Add glob cli

10.1

  • Return '.' instead of the empty string '' when the current working directory is returned as a match.
  • Add posix: true option to return / delimited paths, even on

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates mzinga from 0.1.3 to 1.0.4

Release notes

Sourced from mzinga's releases.

1.0.4

What's Changed

Full Changelog: mzinga-io/mzinga-core@0.1.3...1.0.4

Commits

Updates nodemailer from 7.0.13 to 8.0.5

Release notes

Sourced from nodemailer's releases.

v8.0.5

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

v8.0.4

8.0.4 (2026-03-25)

Bug Fixes

  • sanitize envelope size to prevent SMTP command injection (2d7b971)

v8.0.3

8.0.3 (2026-03-18)

Bug Fixes

  • clean up addressparser and fix group name fallback producing undefined (9d55877)
  • fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
  • refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
  • remove familySupportCache that broke DNS resolution tests (c803d90)

v8.0.2

8.0.2 (2026-03-09)

Bug Fixes

  • merge fragmented display names with unquoted commas in addressparser (fe27f7f)

v8.0.1

8.0.1 (2026-02-07)

Bug Fixes

  • absorb TLS errors during socket teardown (7f8dde4)
  • absorb TLS errors during socket teardown (381f628)
  • Add Gmail Workspace service configuration (#1787) (dc97ede)

v8.0.0

8.0.0 (2026-02-04)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

8.0.4 (2026-03-25)

Bug Fixes

  • sanitize envelope size to prevent SMTP command injection (2d7b971)

8.0.3 (2026-03-18)

Bug Fixes

  • clean up addressparser and fix group name fallback producing undefined (9d55877)
  • fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
  • refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
  • remove familySupportCache that broke DNS resolution tests (c803d90)

8.0.2 (2026-03-09)

Bug Fixes

  • merge fragmented display names with unquoted commas in addressparser (fe27f7f)

8.0.1 (2026-02-07)

Bug Fixes

  • absorb TLS errors during socket teardown (7f8dde4)
  • absorb TLS errors during socket teardown (381f628)
  • Add Gmail Workspace service configuration (#1787) (dc97ede)

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

  • Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

... (truncated)

Commits
  • 202cfb3 chore(master): release 8.0.5 (#1809)
  • b634abf docs: add CLAUDE.md with project conventions and release process
  • 95876b1 fix: decode SMTP server responses as UTF-8 at line boundary
  • 0a43876 fix: sanitize CRLF in transport name option to prevent SMTP command injection...
  • 08e59e6 chore: update dev dependencies
  • 2d31975 chore(master): release 8.0.4 (#1806)
  • 2d7b971 fix: sanitize envelope size to prevent SMTP command injection
  • 4e702e9 chore(master): release 8.0.3 (#1804)
  • c803d90 fix: remove familySupportCache that broke DNS resolution tests
  • e8c8b92 fix: fix cookie bugs, remove dead code, and improve hot-path efficiency
  • Additional commits viewable in compare view

Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG
  • af4caac Update LKG
  • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
  • Additional commits viewable in compare view

Updates @types/node from 24.10.0 to 25.6.0

Commits

Updates eslint from 9.39.1 to 10.2.1

Release notes

Sourced from eslint's releases.

v10.2.1

Bug Fixes

  • 14be92b fix: model generator yield resumption paths in code path analysis (#20665) (sethamus)
  • 84a19d2 fix: no-async-promise-executor false positives for shadowed Promise (#20740) (xbinaryx)
  • af764af fix: clarify language and processor validation errors (#20729) (Pixel998)
  • e251b89 fix: update eslint (#20715) (renovate[bot])

Documentation

  • ca92ca0 docs: reuse markdown-it instance for markdown filter (#20768) (Amaresh S M)
  • 57d2ee2 docs: Enable Eleventy incremental mode for watch (#20767) (Amaresh S M)
  • c1621b9 docs: fix typos in code-path-analyzer.js (#20700) (Ayush Shukla)
  • 1418d52 docs: Update README (GitHub Actions Bot)
  • 39771e6 docs: Update README (GitHub Actions Bot)
  • 71e0469 docs: fix incomplete JSDoc param description in no-shadow rule (#20728) (kuldeep kumar)
  • 22119ce docs: clarify scope of for-direction rule with dead code examples (#20723) (Amaresh S M)
  • 8f3fb77 docs: document meta.docs.dialects (#20718) (Pixel998)

Chores

  • 7ddfea9 chore: update dependency prettier to v3.8.2 (#20770) (renovate[bot])
  • fac40e1 ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (#20763) (dependabot[bot])
  • 7246f92 test: add tests for SuppressionsService.load() error handling (#20734) (kuldeep kumar)
  • 4f34b1e chore: update pnpm/action-setup action to v5 (#20762) (renovate[bot])
  • 51080eb test: processor service (#20731) (kuldeep kumar)
  • e7e1889 chore: remove stale babel-eslint10 fixture and test (#20727) (kuldeep kumar)
  • 4e1a87c test: remove redundant async/await in flat config array tests (#20722) (Pixel998)
  • 066eabb test: add rule metadata coverage for languages and docs.dialects (#20717) (Pixel998)

v10.2.0

Features

  • 586ec2f feat: Add meta.languages support to rules (#20571) (Copilot)
  • 14207de feat: add Temporal to no-obj-calls (#20675) (Pixel998)
  • bbb2c93 feat: add Temporal to ES2026 globals (#20672) (Pixel998)

Bug Fixes

  • 542cb3e fix: update first-party dependencies (#20714) (Francesco Trotta)

Documentation

  • a2af743 docs: add language to configuration objects (#20712) (Francesco Trotta)
  • 845f23f docs: Update README (GitHub Actions Bot)
  • 5fbcf59 docs: remove sourceType from ts playground link (#20477) (Tanuj Kanti)
  • 8702a47 docs: Update README (GitHub Actions Bot)
  • ddeaded docs: Update README (GitHub Actions Bot)
  • 2b44966 docs: add Major Releases section to Manage Releases (#20269) (Milos Djermanovic)
  • eab65c7 docs: update eslint versions in examples (#20664) (루밀LuMir)
  • 3e4a299 docs: update ESM Dependencies policies with note for own-usage packages (#20660) (Milos Djermanovic)

Chores

  • 8120e30 refactor: extract no unmodified loop condition (#20679) (kuldeep kumar)
  • 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#20697) (renovate[bot])
  • 01ed3aa test: add unit tests for unicode utilities (#20622) (Manish chaudhary)

... (truncated)

Commits

@dependabot
build(deps): bump the major group with 14 updates
4bee9b1 
Bumps the major group with 14 updates:

| Package | From | To |
| --- | --- | --- |
| [@mzinga/bundler-webpack](https://github.com/mzinga-io/mzinga-core/tree/HEAD/packages/bundler-webpack) | `0.1.3` | `1.0.4` |
| [@mzinga/db-mongodb](https://github.com/mzinga-io/mzinga-core/tree/HEAD/packages/db-mongodb) | `0.1.3` | `1.0.4` |
| [@mzinga/db-postgres](https://github.com/mzinga-io/mzinga-core/tree/HEAD/packages/db-postgres) | `0.1.3` | `1.0.4` |
| [@mzinga/plugin-form-builder](https://github.com/mzinga-io/mzinga-core/tree/HEAD/packages/plugin-form-builder) | `0.1.3` | `1.0.4` |
| [@mzinga/plugin-seo](https://github.com/mzinga-io/mzinga-core/tree/HEAD/packages/plugin-seo) | `0.1.3` | `1.0.4` |
| [@mzinga/richtext-slate](https://github.com/mzinga-io/mzinga-core/tree/HEAD/packages/richtext-slate) | `0.1.3` | `1.0.4` |
| [express](https://github.com/expressjs/express) | `4.21.2` | `5.2.1` |
| [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `5.0.5` | `5.0.6` |
| [glob](https://github.com/isaacs/node-glob) | `11.1.0` | `13.0.6` |
| [mzinga](https://github.com/mzinga-io/mzinga-core/tree/HEAD/packages/mzinga) | `0.1.3` | `1.0.4` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `7.0.13` | `8.0.5` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.10.0` | `25.6.0` |
| [eslint](https://github.com/eslint/eslint) | `9.39.1` | `10.2.1` |


Updates `@mzinga/bundler-webpack` from 0.1.3 to 1.0.4
- [Release notes](https://github.com/mzinga-io/mzinga-core/releases)
- [Changelog](https://github.com/mzinga-io/mzinga-core/blob/main/changelog.config.js)
- [Commits](https://github.com/mzinga-io/mzinga-core/commits/1.0.4/packages/bundler-webpack)

Updates `@mzinga/db-mongodb` from 0.1.3 to 1.0.4
- [Release notes](https://github.com/mzinga-io/mzinga-core/releases)
- [Changelog](https://github.com/mzinga-io/mzinga-core/blob/main/changelog.config.js)
- [Commits](https://github.com/mzinga-io/mzinga-core/commits/1.0.4/packages/db-mongodb)

Updates `@mzinga/db-postgres` from 0.1.3 to 1.0.4
- [Release notes](https://github.com/mzinga-io/mzinga-core/releases)
- [Changelog](https://github.com/mzinga-io/mzinga-core/blob/main/changelog.config.js)
- [Commits](https://github.com/mzinga-io/mzinga-core/commits/1.0.4/packages/db-postgres)

Updates `@mzinga/plugin-form-builder` from 0.1.3 to 1.0.4
- [Release notes](https://github.com/mzinga-io/mzinga-core/releases)
- [Changelog](https://github.com/mzinga-io/mzinga-core/blob/main/changelog.config.js)
- [Commits](https://github.com/mzinga-io/mzinga-core/commits/1.0.4/packages/plugin-form-builder)

Updates `@mzinga/plugin-seo` from 0.1.3 to 1.0.4
- [Release notes](https://github.com/mzinga-io/mzinga-core/releases)
- [Changelog](https://github.com/mzinga-io/mzinga-core/blob/main/changelog.config.js)
- [Commits](https://github.com/mzinga-io/mzinga-core/commits/1.0.4/packages/plugin-seo)

Updates `@mzinga/richtext-slate` from 0.1.3 to 1.0.4
- [Release notes](https://github.com/mzinga-io/mzinga-core/releases)
- [Changelog](https://github.com/mzinga-io/mzinga-core/blob/main/changelog.config.js)
- [Commits](https://github.com/mzinga-io/mzinga-core/commits/1.0.4/packages/richtext-slate)

Updates `express` from 4.21.2 to 5.2.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.21.2...v5.2.1)

Updates `@types/express` from 5.0.5 to 5.0.6
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express)

Updates `glob` from 11.1.0 to 13.0.6
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v11.1.0...v13.0.6)

Updates `mzinga` from 0.1.3 to 1.0.4
- [Release notes](https://github.com/mzinga-io/mzinga-core/releases)
- [Changelog](https://github.com/mzinga-io/mzinga-core/blob/main/changelog.config.js)
- [Commits](https://github.com/mzinga-io/mzinga-core/commits/1.0.4/packages/mzinga)

Updates `nodemailer` from 7.0.13 to 8.0.5
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v7.0.13...v8.0.5)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

Updates `@types/node` from 24.10.0 to 25.6.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.39.1 to 10.2.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.1...v10.2.1)

---
updated-dependencies:
- dependency-name: "@mzinga/bundler-webpack"
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@mzinga/db-mongodb"
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@mzinga/db-postgres"
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@mzinga/plugin-form-builder"
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@mzinga/plugin-seo"
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@mzinga/richtext-slate"
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: express
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/express"
  dependency-version: 5.0.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: major
- dependency-name: glob
  dependency-version: 13.0.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: mzinga
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: nodemailer
  dependency-version: 8.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/node"
  dependency-version: 25.6.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: eslint
  dependency-version: 10.2.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants