Skip to content

Bump the backend-prod group across 1 directory with 4 updates#7

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/api/backend-prod-58fdc58833
Open

Bump the backend-prod group across 1 directory with 4 updates#7
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/api/backend-prod-58fdc58833

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Mar 6, 2026
edited
Loading

Bumps the backend-prod group with 4 updates in the /api directory: better-sqlite3, cors, express and globals.

Updates better-sqlite3 from 12.5.0 to 12.9.0

Release notes

Sourced from better-sqlite3's releases.

v12.9.0

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.8.0...v12.9.0

v12.8.0

What's Changed

New Contributors

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

Full Changelog: WiseLibs/better-sqlite3@v12.7.1...v12.8.0

v12.7.1

Also not a viable release

The V8 API change was more bonkers than expected. See v12.8.0.

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.7.0...v12.7.1

v12.7.0

CAUTION: NOT A VIABLE RELEASE

Two (!!) reasons:

  1. Electron v41 bit us and removed functions we were using, so a bunch of prebuilds are missing
  2. From the SQLite team:

    Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

What's Changed

... (truncated)

Commits

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

  • Improve documentation (API, context, examples...)
  • Remove additional markdown files from tarball
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.


Updates express from 4.21.2 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0

... (truncated)

Commits

Updates globals from 16.4.0 to 17.5.0

Release notes

Sourced from globals's releases.

v17.5.0

  • Update globals (2026-04-12) (#342) 5d84602

sindresorhus/globals@v17.4.0...v17.5.0

v17.4.0

  • Update globals (2026-03-01) (#338) d43a051

sindresorhus/globals@v17.3.0...v17.4.0

v17.3.0

  • Update globals (2026-02-01) (#336) 295fba9

sindresorhus/globals@v17.2.0...v17.3.0

v17.2.0

  • jasmine: Add throwUnless and throwUnlessAsync globals (#335) 97f23a7

sindresorhus/globals@v17.1.0...v17.2.0

v17.1.0

  • Add webpack and rspack globals (#333) 65cae73

sindresorhus/globals@v17.0.0...v17.1.0

v17.0.0

Breaking

  • Split audioWorklet environment from browser (#320) 7bc293e

Improvements

  • Update globals (#329) ebe1063
  • Get all browser globals from both chrome and firefox (#321) 59ceff8
  • Add bunBuiltin environment (#324) 1bc6e3b
  • Add denoBuiltin environment (#324) 1bc6e3b
  • Add paintWorklet environment (#323) 4b78f56
  • Add sharedWorker environment (#322) 4a02a85

... (truncated)

Commits

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Mar 6, 2026

Labels

The following labels could not be found: backend, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@msfttoler msfttoler mentioned this pull request Mar 31, 2026
Closed
23 tasks
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/api/backend-prod-58fdc58833 branch from 47b9138 to 0fb6d2a Compare April 2, 2026 10:11
@dependabot
Bump the backend-prod group across 1 directory with 4 updates
6d94d37 
Bumps the backend-prod group with 4 updates in the /api directory: [better-sqlite3](https://github.com/WiseLibs/better-sqlite3), [cors](https://github.com/expressjs/cors), [express](https://github.com/expressjs/express) and [globals](https://github.com/sindresorhus/globals).


Updates `better-sqlite3` from 12.5.0 to 12.9.0
- [Release notes](https://github.com/WiseLibs/better-sqlite3/releases)
- [Commits](WiseLibs/better-sqlite3@v12.5.0...v12.9.0)

Updates `cors` from 2.8.5 to 2.8.6
- [Release notes](https://github.com/expressjs/cors/releases)
- [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md)
- [Commits](expressjs/cors@v2.8.5...v2.8.6)

Updates `express` from 4.21.2 to 5.2.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.21.2...v5.2.1)

Updates `globals` from 16.4.0 to 17.5.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v16.4.0...v17.5.0)

---
updated-dependencies:
- dependency-name: better-sqlite3
  dependency-version: 12.6.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: cors
  dependency-version: 2.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: express
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: backend-prod
- dependency-name: globals
  dependency-version: 17.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: backend-prod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the backend-prod group in /api with 4 updates Bump the backend-prod group across 1 directory with 4 updates Apr 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/api/backend-prod-58fdc58833 branch from 0fb6d2a to 6d94d37 Compare April 30, 2026 10:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants