Skip to content

chore(deps): bump the runtime-deps-minor group across 1 directory with 4 updates#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/runtime-deps-minor-67f277042a
Open

chore(deps): bump the runtime-deps-minor group across 1 directory with 4 updates#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/runtime-deps-minor-67f277042a

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Bumps the runtime-deps-minor group with 4 updates in the / directory: drizzle-orm, @aws-sdk/client-s3, @aws-sdk/s3-request-presigner and @scalar/fastify-api-reference.

Updates drizzle-orm from 0.38.4 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

  • Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

0.45.1

  • Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

0.45.0

  • Fixed pg-native Pool detection in node-postgres transactions
  • Allowed subqueries in select fields
  • Updated typo algorythm => algorithm
  • Fixed $onUpdate not handling SQL values (fixes #2388, tests implemented by L-Mario564 in #2911)
  • Fixed pg mappers not handling Date instances in bun-sql:postgresql driver responses for date, timestamp types (fixes #4493)

0.44.7

0.44.6

  • feat: add $replicas reference #4874

0.44.5

  • Fixed invalid usage of .one() in durable-sqlite session
  • Fixed spread operator related crash in sqlite blob columns
  • Better browser support for sqlite blob columns
  • Improved sqlite blob mapping

0.44.4

0.44.3

  • Fixed types of $client for clients created by drizzle function
await db.$client.[...]
  • Added the updated_at column to the neon_auth.users_sync table definition.

0.44.2

  • [BUG]: Fixed type issues with joins with certain variations of tsconfig: #4535, #4457

0.44.1

0.44.0

Error handling

Starting from this version, we’ve introduced a new DrizzleQueryError that wraps all errors from database drivers and provides a set of useful information:

... (truncated)

Commits
  • 273c780 + 0.45.2 (#5534)
  • 4aa6ecf Kit updates (#5490)
  • e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
  • a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
  • c445637 Merge pull request #5095 from drizzle-team/main-workflows
  • e7b3aaa Merge branch 'main' into main-workflows
  • 0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
  • 45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
  • 6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
  • 53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for drizzle-orm since your current version.


Updates @aws-sdk/client-s3 from 3.1041.0 to 3.1048.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1048.0

3.1048.0(2026-05-15)

Chores
New Features
  • clients: update client endpoints as of 2026-05-15 (4aa76bd0)
  • client-mediapackagev2: This release adds support for AvailabilityStartTimeConfiguration in MediaPackageV2 DASH manifests (6c8a84d4)
  • client-partnercentral-selling: Enable TCV intake on Opportunity to improve Opportunities Hygiene and downstream revenue attribution. (d68a75c4)
  • client-cloudwatch-logs: Updating the max limit for start query api parameter. (931876e1)

For list of updated packages, view updated-packages.md in assets-3.1048.0.zip

v3.1047.0

3.1047.0(2026-05-14)

Chores
New Features
  • clients: update client endpoints as of 2026-05-14 (3505575d)
  • client-glue: Release --has-databases parameter for AWS Glue get-catalogs API, which filters catalog responses to include only those capable of containing databases, excluding parent catalogs that hold only other catalogs. Remove model-level validation on partition index list size for AWS Glue tables. (e2b076ee)
  • client-database-migration-service: Add 9 SDK waiters for DMS Schema Conversion async operations. Eliminates manual polling for import, assessment, conversion, export, and creation jobs. (32d372e7)
  • client-mgn: Introducing new option for security groups mapping - with MAP-DHCP the service translates security rules from your source environment with DHCP compatibility. (27c07049)
  • client-bedrock: Advanced Prompt Optimization (AdvPO) allows you to optimize and migrate your prompts for any model on Bedrock by automatically evaluating responses and rewriting prompts to improve performance. This release provides a programmatic way to create, get, list, stop, and delete AdvPO jobs. (7e479fde)
  • client-cloudfront: Adding a new boolean for OCSP Revocations in Viewer mTLS Create and Update APIs, and adding a new 'Passthrough' option for TrustStore modes (ee96afaa)
  • client-datazone: Adds support for SageMaker Unified Studio notebook operations, including notebook import and export (383f4ea2)
  • client-qconnect: ListModels is an API that returns the available AI models for a Connect Assistant based on its region and AI prompt type. (0d6d7ec3)
  • client-grafana: Adds support for dual-stack (IPv4 and IPv6) connectivity to Amazon Managed Grafana workspaces. Customers can configure the ipAddressType parameter when creating or updating a workspace to choose between IPv4-only or dual-stack (IPv4 and IPv6) access. (1184c5e5)

For list of updated packages, view updated-packages.md in assets-3.1047.0.zip

v3.1046.0

3.1046.0(2026-05-14)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1048.0 (2026-05-15)

Note: Version bump only for package @​aws-sdk/client-s3

3.1047.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/client-s3

3.1046.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/client-s3

3.1045.0 (2026-05-07)

Note: Version bump only for package @​aws-sdk/client-s3

3.1044.0 (2026-05-06)

Features

  • client-s3: Validate outpost access point resource name (bee88a5)

3.1043.0 (2026-05-05)

Note: Version bump only for package @​aws-sdk/client-s3

... (truncated)

Commits

Updates @aws-sdk/s3-request-presigner from 3.1041.0 to 3.1048.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.1048.0

3.1048.0(2026-05-15)

Chores
New Features
  • clients: update client endpoints as of 2026-05-15 (4aa76bd0)
  • client-mediapackagev2: This release adds support for AvailabilityStartTimeConfiguration in MediaPackageV2 DASH manifests (6c8a84d4)
  • client-partnercentral-selling: Enable TCV intake on Opportunity to improve Opportunities Hygiene and downstream revenue attribution. (d68a75c4)
  • client-cloudwatch-logs: Updating the max limit for start query api parameter. (931876e1)

For list of updated packages, view updated-packages.md in assets-3.1048.0.zip

v3.1047.0

3.1047.0(2026-05-14)

Chores
New Features
  • clients: update client endpoints as of 2026-05-14 (3505575d)
  • client-glue: Release --has-databases parameter for AWS Glue get-catalogs API, which filters catalog responses to include only those capable of containing databases, excluding parent catalogs that hold only other catalogs. Remove model-level validation on partition index list size for AWS Glue tables. (e2b076ee)
  • client-database-migration-service: Add 9 SDK waiters for DMS Schema Conversion async operations. Eliminates manual polling for import, assessment, conversion, export, and creation jobs. (32d372e7)
  • client-mgn: Introducing new option for security groups mapping - with MAP-DHCP the service translates security rules from your source environment with DHCP compatibility. (27c07049)
  • client-bedrock: Advanced Prompt Optimization (AdvPO) allows you to optimize and migrate your prompts for any model on Bedrock by automatically evaluating responses and rewriting prompts to improve performance. This release provides a programmatic way to create, get, list, stop, and delete AdvPO jobs. (7e479fde)
  • client-cloudfront: Adding a new boolean for OCSP Revocations in Viewer mTLS Create and Update APIs, and adding a new 'Passthrough' option for TrustStore modes (ee96afaa)
  • client-datazone: Adds support for SageMaker Unified Studio notebook operations, including notebook import and export (383f4ea2)
  • client-qconnect: ListModels is an API that returns the available AI models for a Connect Assistant based on its region and AI prompt type. (0d6d7ec3)
  • client-grafana: Adds support for dual-stack (IPv4 and IPv6) connectivity to Amazon Managed Grafana workspaces. Customers can configure the ipAddressType parameter when creating or updating a workspace to choose between IPv4-only or dual-stack (IPv4 and IPv6) access. (1184c5e5)

For list of updated packages, view updated-packages.md in assets-3.1047.0.zip

v3.1046.0

3.1046.0(2026-05-14)

... (truncated)

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.1048.0 (2026-05-15)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1047.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1046.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1045.0 (2026-05-07)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1044.0 (2026-05-06)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1043.0 (2026-05-05)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1042.0 (2026-05-04)

... (truncated)

Commits

Updates @scalar/fastify-api-reference from 1.55.1 to 1.57.2

Changelog

Sourced from @​scalar/fastify-api-reference's changelog.

1.57.2

1.57.1

1.57.0

1.56.0

1.55.3

1.55.2

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the runtime-deps-minor group across 1 directory wit…
3158ea3 
…h 4 updates

Bumps the runtime-deps-minor group with 4 updates in the / directory: [drizzle-orm](https://github.com/drizzle-team/drizzle-orm), [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3), [@aws-sdk/s3-request-presigner](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/s3-request-presigner) and [@scalar/fastify-api-reference](https://github.com/scalar/scalar/tree/HEAD/integrations/fastify).


Updates `drizzle-orm` from 0.38.4 to 0.45.2
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.38.4...0.45.2)

Updates `@aws-sdk/client-s3` from 3.1041.0 to 3.1048.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1048.0/clients/client-s3)

Updates `@aws-sdk/s3-request-presigner` from 3.1041.0 to 3.1048.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/s3-request-presigner/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1048.0/packages/s3-request-presigner)

Updates `@scalar/fastify-api-reference` from 1.55.1 to 1.57.2
- [Release notes](https://github.com/scalar/scalar/releases)
- [Changelog](https://github.com/scalar/scalar/blob/main/integrations/fastify/CHANGELOG.md)
- [Commits](https://github.com/scalar/scalar/commits/HEAD/integrations/fastify)

---
updated-dependencies:
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: runtime-deps-minor
- dependency-name: "@aws-sdk/client-s3"
  dependency-version: 3.1048.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: runtime-deps-minor
- dependency-name: "@aws-sdk/s3-request-presigner"
  dependency-version: 3.1048.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: runtime-deps-minor
- dependency-name: "@scalar/fastify-api-reference"
  dependency-version: 1.57.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: runtime-deps-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 18, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 18, 2026

Dependabot bump type: version-update:semver-minor. Auto-merge applies to patch bumps only — this needs manual review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants