Skip to content

chore(deps): bump the production-dependencies group across 1 directory with 6 updates#33

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/production-dependencies-c0973c077c
Open

chore(deps): bump the production-dependencies group across 1 directory with 6 updates#33
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/production-dependencies-c0973c077c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown

Bumps the production-dependencies group with 6 updates in the / directory:

Package From To
haraka-utils 1.1.4 2.2.1
ipaddr.js 2.3.0 2.4.0
node-gyp 12.4.0 13.0.0
nopt 9.0.0 10.0.1
redis 5.11.0 6.0.1
haraka-plugin-uribl 1.0.10 2.0.0

Updates haraka-utils from 1.1.4 to 2.2.1

Release notes

Sourced from haraka-utils's releases.

2.2.1

  • feat: sanitize() gains keepTab option (RFC 5424)
  • fix(getVersion): use optional chaining to avoid crashes

2.2.0

  • feat: add sanitize()

2.1.1

  • refactor(rfc1869): defer address grammar to address parser

2.1.0

  • imports from Haraka
  • feat(rfc1869): import from Haraka core
  • feat(FsyncWriteStream): moved from Haraka outbound
  • feat(TimerQueue): moved from Haraka outbound.
  • feat(cram_md5_response): moved from Haraka outbound/hmail
  • fix(extend): reject unsafe and ignore inherited enumerables
  • fix(copyDir): use lstatSync and skip symlinks
  • fix(wildcard_to_regexp): replaceAll so multi-wildcard patterns compile correctly
  • fix(createFile): drop fd-leaking openSync/writeSync for writeFileSync
  • fix(getVersion): drop the global cache
  • fix(copyFile): use explicit existsSync + lstatSync; throw Error not string
  • fix(mkDir): throw when path exists as a file
  • chore(uuid): use crypto.randomUUID()
  • chore(getGitCommitId): use --format=%h
  • chore: drop the Node-0.x existsSync alias
  • dep(eslint): upgrade to v10

2.0.0

  • sunset fns removed: decode_qp, asQuotedPrintable, encode_qp
  • test runner is now node:test
  • test: remove unnecessary done callbacks in synchronous tests (#33)
Changelog

Sourced from haraka-utils's changelog.

[2.2.1] - 2026-06-04

  • fix(getVersion): use optional chaining to avoid crashes
  • feat: sanitize() gains keepTab option (RFC 5424)

[2.2.0] - 2026-06-03

  • feat: add sanitize() to strip control chars from strings

[2.1.1] - 2026-06-02

  • refactor(rfc1869): defer address grammar to address parser
  • test fixes to mollify codeql

[2.1.0] - 2026-05-27

  • feat(rfc1869): import from Haraka core
  • feat(FsyncWriteStream): moved from Haraka outbound
  • feat(TimerQueue): moved from Haraka outbound.
  • feat(cram_md5_response): moved from Haraka outbound/hmail
  • fix(extend): reject unsafe and ignore inherited enumerables
  • fix(copyDir): use lstatSync and skip symlinks
  • fix(wildcard_to_regexp): replaceAll so multi-wildcard patterns compile correctly
  • fix(createFile): drop fd-leaking openSync/writeSync for writeFileSync
  • fix(getVersion): drop the global cache
  • fix(copyFile): use explicit existsSync + lstatSync; throw Error not string
  • fix(mkDir): throw when path exists as a file
  • chore(uuid): use crypto.randomUUID()
  • chore(getGitCommitId): use --format=%h
  • chore: existsSync is now unconditionally fs.existsSync

[2.0.0] - 2026-05-18

  • sunset fns removed: decode_qp, asQuotedPrintable, encode_qp
  • test runner is node:test
  • remove unnecessary done callbacks in synchronous tests #33
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for haraka-utils since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates ipaddr.js from 2.3.0 to 2.4.0

Changelog

Sourced from ipaddr.js's changelog.

2.4.0 - 2026-05-03

  • remove Bower support
  • add RFC9637, RFC9602, RFC8215, RFC3879 reserved address ranges
Commits
  • 61bd6df Bump version.
  • f563e5c Add RFC9637, RFC9602, RFC8215, RFC3879 reserved address ranges.
  • 9992db9 Rename 2001:10::/28 from deprecated to deprecatedOrchid.
  • 5686480 Indicate which RFCs reserved some IPv6 ranges.
  • 9199d3f Remove bower.json
  • 1915d22 spelling: string
  • 85eb23c spelling: javascript
  • 4222342 spelling: ip v6
  • 1c76a35 spelling: hexadecimal
  • 82e4b6d spelling: addresses
  • Additional commits viewable in compare view

Updates node-gyp from 12.4.0 to 13.0.0

Release notes

Sourced from node-gyp's releases.

v13.0.0

13.0.0 (2026-06-10)

⚠ BREAKING CHANGES

  • node-gyp now supports node ^22.22.2 || ^24.15.0 || >=26.0.0

Features

  • bump to new node engine range (b792b8e)

Bug Fixes

Core

Miscellaneous

Changelog

Sourced from node-gyp's changelog.

13.0.0 (2026-06-10)

⚠ BREAKING CHANGES

  • node-gyp now supports node ^22.22.2 || ^24.15.0 || >=26.0.0

Features

  • bump to new node engine range (b792b8e)

Bug Fixes

Core

Miscellaneous

Commits

Updates nopt from 9.0.0 to 10.0.1

Release notes

Sourced from nopt's releases.

v10.0.1

10.0.1 (2026-06-04)

Documentation

Chores

v10.0.0

10.0.0 (2026-05-15)

⚠️ BREAKING CHANGES

  • nopt now supports node ^22.22.2 || ^24.15.0 || >=26.0.0
  • template-oss-apply
  • debug console.error output has been removed
  • this package now uses URL.parse, as the original url.parse was deprecated.

Features

Bug Fixes

Dependencies

Chores

Changelog

Sourced from nopt's changelog.

10.0.1 (2026-06-04)

Documentation

Chores

10.0.0 (2026-05-15)

⚠️ BREAKING CHANGES

  • nopt now supports node ^22.22.2 || ^24.15.0 || >=26.0.0
  • template-oss-apply
  • debug console.error output has been removed
  • this package now uses URL.parse, as the original url.parse was deprecated.

Features

Bug Fixes

Dependencies

Chores

Commits

Updates redis from 5.11.0 to 6.0.1

Release notes

Sourced from redis's releases.

redis@6.0.1

What's Changed

New Contributors

Full Changelog: https://github.com/redis/node-redis/compare/redis@6.0.0...redis@6.0.1

redis@6.0.0

Changes

This is the first major release of node-redis since 5.x. The headline change is RESP3 by default, alongside broader Redis 8.8 command coverage, pubsub/cluster reliability fixes, and a bumped minimum Node.js version.

Key changes

  • RESP3 is the default protocol — opt back into RESP2 explicitly if you need the old wire format
  • Node.js 20 is the new minimum supported runtime
  • Redis 8.8 coverage — new array commands, INCREX / INCREXBYFLOAT, ZINTER/ZUNION COUNT aggregator, XNACK, CLIENT UNBLOCK
  • Sentinel & cluster pubsub fixes for failover-moved connections and sharded topology recovery
  • Stack modules exposed on pool type and the core client classes are now publicly re-exported

🔥 Breaking Changes

See the v5 → v6 migration guide for migration steps.

  • RESP3 is now the default protocol (#3215)
  • Node.js 20 is now the minimum supported version (#3293)
  • New default values for keepAliveInitialDelay (30s) and commandTimeout (5s) (#3292)

🔒 Security

  • entraid: bump @azure/msal-node to 5.x to drop vulnerable transitive uuid (CVE-2026-41907) (#3269)

🚀 New Features

  • Add CLIENT UNBLOCK command (#3266)
  • Add XNACK command with options (#3238)
  • Add Redis 8.8 array commands (#3285)
  • Add INCREX and INCREXBYFLOAT commands (#3288)
  • Add COUNT aggregator to ZINTER / ZINTERSTORE / ZUNION / ZUNIONSTORE (#3243)
  • Add FPHA option to JSON.SET (#3235)

... (truncated)

Commits

Updates haraka-plugin-uribl from 1.0.10 to 2.0.0

Release notes

Sourced from haraka-plugin-uribl's releases.

2.0.0

  • security: bound URL-extraction regexes to stop polynomial ReDoS on the body
  • security: parse From/Reply-To/Message-ID per RFC 5322 to stop domain spoofing
  • fix: bound DNS queries with a dedicated resolver (~5s) vs c-ares (~25s) default
  • fix: escape the dot in inAddrArpaToIP (correctness + ReDoS)
  • fix: validate TLDs against haraka-tld Sets; rebuild extractors for modern gTLDs
  • fix: don't record a pass after a reject
  • fix: treat timeout="0" as the default instead of firing immediately
  • chore: replace deprecated url.parse with WHATWG URL
  • refactor: convert hook internals to async/await (dns.promises)
  • dep: add @​haraka/email-address
  • fix: off-by-one in max_uris_per_list
  • fix: typoed phase label in lookup_header_zones
  • fix: hot-reload uribl.excludes
  • doc: README documents not_ipv6_compatible zone option
  • refactor: split do_lookups into 5 helpers
  • chore: drop unused node:https import
  • test: refactored against test-fixtures 1.7.0
  • test: cover do_lookups and hooks via fixtures.dns
  • test: raise coverage from 51 to 98%
Changelog

Sourced from haraka-plugin-uribl's changelog.

[2.0.0] - 2026-06-03

  • security: bound URL-extraction regexes to stop polynomial ReDoS on the body
  • security: parse From/Reply-To/Message-ID per RFC 5322 to stop domain spoofing
  • fix: bound DNS queries with a dedicated resolver (~5s) vs c-ares (~25s) default
  • fix: escape the dot in inAddrArpaToIP (correctness + ReDoS)
  • fix: validate TLDs against haraka-tld Sets; rebuild extractors for modern gTLDs
  • fix: don't record a pass after a reject
  • fix: treat timeout="0" as the default instead of firing immediately
  • chore: replace deprecated url.parse with WHATWG URL
  • refactor: convert hook internals to async/await (dns.promises)
  • dep: add @​haraka/email-address
  • fix: off-by-one in max_uris_per_list
  • fix: typoed phase label in lookup_header_zones
  • fix: hot-reload uribl.excludes
  • doc: README documents not_ipv6_compatible zone option
  • refactor: split do_lookups into 5 helpers
  • chore: drop unused node:https import
  • test: refactored against test-fixtures 1.7.0
  • test: cover do_lookups and hooks via fixtures.dns
  • test: raise coverage from 51 to 98%
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for haraka-plugin-uribl since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…y with 6 updates

Bumps the production-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [haraka-utils](https://github.com/haraka/haraka-utils) | `1.1.4` | `2.2.1` |
| [ipaddr.js](https://github.com/whitequark/ipaddr.js) | `2.3.0` | `2.4.0` |
| [node-gyp](https://github.com/nodejs/node-gyp) | `12.4.0` | `13.0.0` |
| [nopt](https://github.com/npm/nopt) | `9.0.0` | `10.0.1` |
| [redis](https://github.com/redis/node-redis) | `5.11.0` | `6.0.1` |
| [haraka-plugin-uribl](https://github.com/haraka/haraka-plugin-uribl) | `1.0.10` | `2.0.0` |



Updates `haraka-utils` from 1.1.4 to 2.2.1
- [Release notes](https://github.com/haraka/haraka-utils/releases)
- [Changelog](https://github.com/haraka/haraka-utils/blob/master/CHANGELOG.md)
- [Commits](haraka/haraka-utils@v1.1.4...v2.2.1)

Updates `ipaddr.js` from 2.3.0 to 2.4.0
- [Changelog](https://github.com/whitequark/ipaddr.js/blob/main/Changes.md)
- [Commits](whitequark/ipaddr.js@v2.3.0...v2.4.0)

Updates `node-gyp` from 12.4.0 to 13.0.0
- [Release notes](https://github.com/nodejs/node-gyp/releases)
- [Changelog](https://github.com/nodejs/node-gyp/blob/main/CHANGELOG.md)
- [Commits](nodejs/node-gyp@v12.4.0...v13.0.0)

Updates `nopt` from 9.0.0 to 10.0.1
- [Release notes](https://github.com/npm/nopt/releases)
- [Changelog](https://github.com/npm/nopt/blob/main/CHANGELOG.md)
- [Commits](npm/nopt@v9.0.0...v10.0.1)

Updates `redis` from 5.11.0 to 6.0.1
- [Release notes](https://github.com/redis/node-redis/releases)
- [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/node-redis/compare/redis@5.11.0...redis@6.0.1)

Updates `haraka-plugin-uribl` from 1.0.10 to 2.0.0
- [Release notes](https://github.com/haraka/haraka-plugin-uribl/releases)
- [Changelog](https://github.com/haraka/haraka-plugin-uribl/blob/master/CHANGELOG.md)
- [Commits](haraka/haraka-plugin-uribl@v1.0.10...v2.0.0)

---
updated-dependencies:
- dependency-name: haraka-utils
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: ipaddr.js
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: node-gyp
  dependency-version: 13.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: nopt
  dependency-version: 10.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: redis
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: haraka-plugin-uribl
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 1, 2026
@coveralls

Copy link
Copy Markdown

Coverage Status

coverage: 67.693% (-0.9%) from 68.622% — dependabot/npm_and_yarn/production-dependencies-c0973c077c into master

@coveralls

Copy link
Copy Markdown

Coverage Status

coverage: 67.661% (-1.0%) from 68.622% — dependabot/npm_and_yarn/production-dependencies-c0973c077c into master

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant