build(deps): bump the non-major group across 1 directory with 25 updates

[dependabot]

Bumps the non-major group with 24 updates in the / directory:

Package	From	To
typescript	5.8.3	5.9.3
@silvia-odwyer/photon-node	0.3.3	0.3.4
bufferutil	4.0.8	4.0.9
discord.js	14.19.3	14.23.2
fp-ts	2.16.2	2.16.11
humanize-duration	3.31.0	3.33.1
moment-timezone	0.5.44	0.6.0
mysql2	3.9.8	3.15.2
passport	0.6.0	0.7.0
reflect-metadata	0.1.14	0.2.2
tlds	1.249.0	1.260.0
tmp	0.0.33	0.2.5
typeorm	0.3.20	0.3.27
@types/cors	2.8.17	2.8.19
@types/passport	1.0.16	1.0.17
@types/passport-oauth2	1.4.15	1.8.0
@types/tmp	0.0.33	0.2.6
zod-to-json-schema	3.22.4	3.24.6
@tailwindcss/vite	4.1.8	4.1.14
@vue/tsconfig	0.7.0	0.8.1
highlight.js	11.9.0	11.11.1
postcss-nesting	13.0.1	13.0.2
vue	3.5.16	3.5.22
vue-router	4.5.1	4.6.0

Updates typescript from 5.8.3 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

TypeScript 5.9

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

• npm

TypeScript 5.9 RC

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).

Downloads are available on:

• npm

TypeScript 5.9 Beta

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.9.0 (Beta).

Downloads are available on:

• npm

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• 5be3346 Bump version to 5.9.2 and LKG
• ad825f2 Bump version to 5.9.1-rc and LKG
• 463a5bf Update LKG
• Additional commits viewable in compare view

Updates @silvia-odwyer/photon-node from 0.3.3 to 0.3.4

Commits

• See full diff in compare view

Updates bufferutil from 4.0.8 to 4.0.9

Commits

• 35e2eb6 [dist] 4.0.9
• c13d588 [pkg] Update mocha to version 11.0.1
• f086bf2 [pkg] Update node-gyp to version 11.0.0
• c9428e6 [build] Fix invalid escape sequence
• 362f677 [ci] Update softprops/action-gh-release action to v2
• 1bc6647 [doc] Add a note about parameter validation
• 9023b6b [ci] Do not test on node 16
• ca5cc0d [ci] Test on node 22
• 853a377 [pkg] Update prebuildify to version 6.0.0
• 331e278 [ci] Use unique artifact name
• Additional commits viewable in compare view

Updates discord.js from 14.19.3 to 14.23.2

Release notes

Sourced from discord.js's releases.

14.23.2

Bug Fixes

• ModalSubmitInteraction: Better resolving of components (#11162) (5cc13b7)
• Handle DM modals (1e4d1dc)

14.23.1

Bug Fixes

• ModalSubmitInteraction: Resolve crash on handling populated select menus (#11158) (11b236f)
• Ending uncached polls (#11157) (1d5b983)

14.23.0

Bug Fixes

• ThreadMemberFlagsBitField: Use ThreadMemberFlags enum in Flags (#11118) (154c00d)
• Backport in operator fix from main (#11127) (fcce0d9)
• Ensure discriminator detection respects webhooks too (#11062) (d8ad181)

Documentation

• Use LocalizationMap where applicable (#11117) (3b92744)
• GuildEditOptions: Deprecate owner property (fe025c0)
• Deprecate API related to guild ownership (#11054) (3dd57c2)
• Deprecate setting owner (740da4c)

Features

• Bump builders in v14 (and fix runtime crashes) (#11153) (67c8953)
• GuildMemberManager: Add new modify self fields (#11112) (9b821e5)
• Text display and more selects in modal for v14 (#11096) (93e0f4c)
• Guest invites (#11079) (79d999e)
• Polls overhaul (#11058) (4a8aeb6)

Refactor

• ActionsManager: Register actions without using class name (#11080) (0dff969)

Typings

• ClientEventTypes: Fix messageDeleteBulk event arg (#11122) (30e35d9)
• Webhook: Specify message type (#11142) (6a5707c)

14.22.1

14.22.1 - (2025-08-22)

Bug Fixes

• GuildChannel: Account for everyone base permissions (#11053) (ecef7bd)

... (truncated)

Changelog

Sourced from discord.js's changelog.

14.23.2 - (2025-10-09)

Bug Fixes

• ModalSubmitInteraction: Better resolving of components (#11162) (5cc13b7)
• Handle DM modals (1e4d1dc)

14.23.1 - (2025-10-08)

Bug Fixes

• ModalSubmitInteraction: Resolve crash on handling populated select menus (#11158) (11b236f)
• Ending uncached polls (#11157) (1d5b983)

14.23.0 - (2025-10-08)

Bug Fixes

• ThreadMemberFlagsBitField: Use ThreadMemberFlags enum in Flags (#11118) (154c00d)
• Backport in operator fix from main (#11127) (fcce0d9)
• Ensure discriminator detection respects webhooks too (#11062) (d8ad181)

Documentation

• Use LocalizationMap where applicable (#11117) (3b92744)
• GuildEditOptions: Deprecate owner property (fe025c0)
• Deprecate API related to guild ownership (#11054) (3dd57c2)
• Deprecate setting owner (740da4c)

Features

• Bump builders in v14 (and fix runtime crashes) (#11153) (67c8953)
• GuildMemberManager: Add new modify self fields (#11112) (9b821e5)
• Text display and more selects in modal for v14 (#11096) (93e0f4c)
• Guest invites (#11079) (79d999e)
• Polls overhaul (#11058) (4a8aeb6)

Refactor

• ActionsManager: Register actions without using class name (#11080) (0dff969)

Typings

• ClientEventTypes: Fix messageDeleteBulk event arg (#11122) (30e35d9)
• Webhook: Specify message type (#11142) (6a5707c)

14.22.1 - (2025-08-22)

Bug Fixes

... (truncated)

Commits

• 083f6ab chore(discord.js): release [email protected]
• 5cc13b7 fix(ModalSubmitInteraction): Better resolving of components (#11162)
• 1e4d1dc fix: handle DM modals
• 177d81f chore(discord.js): release [email protected]
• bf4cfeb build: upgrade builders to 1.12.1
• 11b236f fix(ModalSubmitInteraction): Resolve crash on handling populated select menus...
• 1d5b983 fix: ending uncached polls (#11157)
• 3b26680 chore(discord.js): release [email protected]
• 67c8953 feat: bump builders in v14 (and fix runtime crashes) (#11153)
• 30e35d9 types(ClientEventTypes): fix messageDeleteBulk event arg (#11122)
• Additional commits viewable in compare view

Updates fp-ts from 2.16.2 to 2.16.11

Release notes

Sourced from fp-ts's releases.

2.16.9

Polish

Support strictBuiltinIteratorReturn, #1949

2.16.5

Polish

Resolved a RangeError where the maximum call stack size was exceeded when invoking chainWithIndex, #1931

Changelog

Sourced from fp-ts's changelog.

2.16.11

Bug Fix

Fix Option.getOrd definition, #1963

2.16.10

Polish

Add apFirstW and apSecondW to ReaderTask, #1958

2.16.9

Polish

Support strictBuiltinIteratorReturn, #1949

2.16.8

Polish

Remove useless pure comment, closes #1937

2.16.7

Polish

Add tap for Identity #1943

2.16.6

Polish

Allow dependencies to be widen when using orLeft #1938

2.16.5

Polish

Resolved a RangeError where the maximum call stack size was exceeded when invoking chainWithIndex, #1931

2.16.4

Polish

Fix __PURE__ annotation placement, closes #1926

2.16.3

... (truncated)

Commits

• See full diff in compare view

Updates humanize-duration from 3.31.0 to 3.33.1

Changelog

Sourced from humanize-duration's changelog.

3.33.1 / 2025-09-15

• change: shrink size slightly

3.33.0 / 2025-06-05

• new: Serbian Latin support (sr_Latn)

3.32.2 / 2025-05-12

• fix: use "週間" instead of "週" in Japanese (see #230)

3.32.1 / 2024-05-25

• fix: hide unit count if 2 in Arabic (see #222)

3.32.0 / 2024-03-29

• new: Amharic support (am)
• change: use Object.assign internally on newer runtimes, which should be slightly faster

Commits

• 7d96bbc 3.33.1
• 8e7cf83 Update changelog and bower.json for 3.33.1 release
• eb2ab9d Shorten definition of "ones" languages, like English
• aa943ce Shorten definitions of Slavic languages
• 2e31091 Minor: shrink condition in language helper by a few bytes
• 3fa60af Remove unnecessary @ts-check directives
• 1e520bb Update devDependencies to latest versions
• 4609884 Add funding metadata to package
• 1f03ec6 3.33.0
• 7c18165 Update changelog and bower.json for 3.33.0 release
• Additional commits viewable in compare view

Updates moment-timezone from 0.5.44 to 0.6.0

Release notes

Sourced from moment-timezone's releases.

Release 0.6.0

• Fixed and updated TypeScript definitions. #1132
  • Updated types to more accurately match the code implementation.
  • Added definitions for pre-built files (e.g. moment-timezone-with-data.js).

This release is a potential breaking change for TypeScript projects only. The types are now more accurate, but consumers might hit errors if they were relying on the more relaxed types.

No implementation code has changed in this release.

Release 0.5.48

• Updated data to IANA TZDB 2025b. #1130

Release 0.5.47

• Updated data to IANA TZDB 2025a. #1125

Release 0.5.46

• Updated data to IANA TZDB 2024b. #1121 This only affects historical timestamps; no future timestamps have changed.

Release 0.5.45

• Updated data to IANA TZDB 2024a. #1095

Changelog

Sourced from moment-timezone's changelog.

0.6.0 2025-05-25

• Fixed and updated TypeScript definitions. #1132
  • Updated types to more accurately match the code implementation.
  • Added definitions for pre-built files (e.g. moment-timezone-with-data.js).

This release is a potential breaking change for TypeScript projects only. The types are now more accurate, but consumers might hit errors if they were relying on the more relaxed types.

No implementation code has changed in this release.

0.5.48 2025-03-23

• Updated data to IANA TZDB 2025b. #1130

0.5.47 2025-01-28

• Updated data to IANA TZDB 2025a. #1125

0.5.46 2024-10-06

• Updated data to IANA TZDB 2024b. #1121 This only affects historical timestamps; no future timestamps have changed.

0.5.45 2024-02-04

• Updated data to IANA TZDB 2024a. #1095

Commits

• 92c6a36 Build moment-timezone 0.6.0
• d2618cf Bump version to 0.6.0
• d084bec changelog: Add missing PR links for data updates
• 83784ed Merge pull request #1132 from moment/typescript-fixes
• f159a57 Remove any type from input params definition
• c6d84e9 Add type definitions for built files
• c1215d4 Update type definitions to match the code implementation
• a2ea5b6 Update typing tests to include missing use cases
• fcec454 Build moment-timezone 0.5.48
• 4b320b8 Bump version to 0.5.48
• Additional commits viewable in compare view

Updates mysql2 from 3.9.8 to 3.15.2

Release notes

Sourced from mysql2's releases.

v3.15.2

3.15.2 (2025-10-08)

Bug Fixes

• fix sha256_password to work correctly over a TLS connection (#3809) (fb9eae1)

v3.15.1

3.15.1 (2025-09-24)

Bug Fixes

• typings: fix missing callback to PoolCluster.end() (#3819) (53a9bc2)

v3.15.0

3.15.0 (2025-09-16)

Features

• gracefully end pool connections #3148 (#3776) (e72247f)

v3.14.5

3.14.5 (2025-09-08)

Bug Fixes

• types: restrict StreamOptions.objectMode to true (#3686) (#3784) (c091f1b)

v3.14.4

3.14.4 (2025-09-01)

Bug Fixes

• stream: destroy connection when stream errors (#3769) (cc34a83)
• stream: resume connection when stream errors or is destroyed (#3775) (9642a1e)
• stream: fix backpressure when using TLS (#1752) (64ea4cd)

v3.14.3

3.14.3 (2025-07-29)

Bug Fixes

• resolve parser cache collision with dual typeCast connections (#3644) (ce2ad75)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.15.2 (2025-10-08)

Bug Fixes

• fix sha256_password to work correctly over a TLS connection (#3809) (fb9eae1)

3.15.1 (2025-09-24)

Bug Fixes

• typings: missing callback to PoolCluster.end() (#3819) (53a9bc2)

3.15.0 (2025-09-16)

Features

• gracefully end pool connections #3148 (#3776) (e72247f)

3.14.5 (2025-09-08)

Bug Fixes

• types: restrict StreamOptions.objectMode to true (#3686) (#3784) (c091f1b)

3.14.4 (2025-09-01)

Bug Fixes

• destroy connection when stream errors (#3769) (cc34a83)
• fix backpressure when using TLS (#1752) (64ea4cd)
• stream: resume connection when stream errors or is destroyed (#3775) (9642a1e)

3.14.3 (2025-07-29)

Bug Fixes

• resolve parser cache collision with dual typeCast connections (#3644) (ce2ad75)

3.14.2 (2025-07-10)

Bug Fixes

• pass columnType to readDateTimeString (#3700) (1ee48cc)

... (truncated)

Commits

• 8143e42 chore(master): release 3.15.2 (#3846)
• 9d48033 build(deps): bump lucide-react from 0.544.0 to 0.545.0 in /website (#3853)
• 645279c build(deps-dev): bump @​eslint/markdown from 7.3.0 to 7.4.0 (#3852)
• a62ad85 build(deps-dev): bump @​typescript-eslint/eslint-plugin (#3850)
• 46f3c51 build(deps-dev): bump @​types/node from 24.6.2 to 24.7.0 (#3849)
• f9715e7 build(deps-dev): bump @​eslint/js from 9.36.0 to 9.37.0 (#3848)
• 293b3c5 build(deps-dev): bump @​types/node from 24.6.2 to 24.7.0 in /website (#3847)
• fb9eae1 fix: fix sha256_password to work correctly over a TLS connection (#3809)
• 234901d build(deps): bump react-dom from 19.1.1 to 19.2.0 in /website (#3843)
• eb17272 build(deps-dev): bump @​types/node from 24.6.1 to 24.6.2 (#3840)
• Additional commits viewable in compare view

Updates passport from 0.6.0 to 0.7.0

Changelog

Sourced from passport's changelog.

[0.7.0] - 2023-11-27

Changed

• Set req.authInfo by default when using the assignProperty option to authenticate() middleware. This makes the behavior the same as when not using the option, and can be disabled by setting authInfo option to false.

Commits

• 33b92f9 0.7.0
• 8dd8ec5 Update changelog.
• 2815dc9 Merge pull request #1012 from jaredhanson/authinfo-assignprop
• 0f2f81c Fix test to allow setting of authInfo with assignProperty.
• b4e4cff Fix test to allow setting of authInfo from authorize call.
• da379a0 Merge branch 'master' into authinfo-assignprop
• cfdbd4a Update sponsors.
• 6cc8a7c Update sponsors.
• b6ab747 Update sponsors.
• c521bc8 Add FusionAuth as sponsor.
• Additional commits viewable in compare view

Updates reflect-metadata from 0.1.14 to 0.2.2

Release notes

Sourced from reflect-metadata's releases.

v0.2.1

What's Changed

• Fix stack overflow crash in isProviderFor by @​rbuckton in rbuckton/reflect-metadata#155
• Update main to v0.2.1 by @​rbuckton in rbuckton/reflect-metadata#156

Full Changelog: microsoft/reflect-metadata@v0.2.0...v0.2.1

reflect-metadata 0.2.0

What's Changed

• Add /lite and /no-conflict exports by @​rbuckton in rbuckton/reflect-metadata#144
• No dynamic evaluation in /lite mode by @​rbuckton in rbuckton/reflect-metadata#149

Full Changelog: microsoft/reflect-metadata@v0.1.14...v0.2.0

reflect-metadata 0.2.0-pre.0

What's Changed

• Add /lite and /no-conflict exports by @​rbuckton in rbuckton/reflect-metadata#144

Full Changelog: microsoft/reflect-metadata@v0.1.14...v0.2.0-pre.0

Commits

• See full diff in compare view

Updates tlds from 1.249.0 to 1.260.0

Changelog

Sourced from tlds's changelog.

v1.260.0 / 2025-08-27

• Update list

v1.259.0 / 2025-05-17

• Update list

v1.258.0 / 2025-04-30

• Update list

v1.257.0 / 2025-04-24

• Update list

v1.256.0 / 2025-02-28

• Update list

v1.255.0 / 2024-09-27

• Update list

v1.254.0 / 2024-07-11

• Update list

v1.253.0 / 2024-06-14

• Update list

v1.252.0 / 2024-03-28

• Update list

v1.251.0 / 2024-03-06

• Update list

v1.250.0 / 2024-02-07

• Update list

Commits

• 83c45ad Release v1.260.0
• c92498e Update list
• b43a51e Release v1.259.0
• 141b92c Update list
• 88b89bd Release v1.258.0
• f0ee1c2 Update list
• b287043 Release v1.257.0
• 9325975 Update list
• 9c190ae Release v1.256.0
• a9431f8 Update list
• Additional commits viewable in compare view

Updates tmp from 0.0.33 to 0.2.5

Changelog

Sourced from tmp's changelog.

v0.2.2 (2024-02-28)

🐛 Bug Fix

• #278 Closes #268: Revert "fix #246: remove any double quotes or single quotes… (@​mbargiel)

📝 Documentation

• #279 Closes #266: move paragraph on graceful cleanup to the head of the documentation (@​silkentrance)

Committers: 5

• Carsten Klein (@​silkentrance)
• Dave Nicolson (@​dnicolson)
• KARASZI István (@​raszi)
• Maxime Bargiel (@​mbargiel)
• @​robertoaceves

v0.2.1 (2020-04-28)

🚀 Enhancement

• #252 Closes #250: introduce tmpdir option for overriding the system tmp dir (@​silkentrance)

🏠 Internal

• #253 Closes #191: generate changelog from pull requests using lerna-changelog (@​silkentrance)

Committers: 1

• Carsten Klein (@​silkentrance)

v0.2.0 (2020-04-25)

🚀 Enhancement

• #234 feat: stabilize tmp for v0.2.0 release (@​silkentrance)

🐛 Bug Fix

• #231 Closes #230: regression after fix for #197 (@​silkentrance)
• #220 Closes #197: return sync callback when using the sync interface, otherwise return the async callback (@​silkentrance)
• #193 Closes #192: tmp must not exit the process on its own (@​silkentrance)

📝 Documentation

• #221 Gh 206 document name option (@​silkentrance)

🏠 Internal

• #226 Closes #212: enable direct name option test (@​silkentrance)
• #225 Closes #211: existing tests must clean up after themselves (@​silkentrance)
• #224 Closes #217: name tests must use tmpName (@​silkentrance)
• #223 Closes #214: refactor tests and lib (@​silkentrance)
• #198 Update dependencies to latest versions (@​matsev)

... (truncated)

Commits

• 3d2fe38 Bump up the version
• e162828 Merge pull request #309 from fflorent/fix-tmp-dir-with-dir
• b847d2f Fix use of tmp.dir() with dir option
• 08fa3ab Update version
• 1cf4ec5 Merge commit from fork
• 188b25e Fix GHSA-52f5-9888-hmc6
• 73b9fe4 Add test case for GHSA-52f5-9888-hmc6
• b8e2f29 Remove broken tests
• 2892a02 Remove outdated URL
• f592318 Reformat package.json
• Additional commits viewable in compare view

Updates typeorm from 0.3.20 to 0.3.27

Release notes

Sourced from typeorm's releases.

0.3.27

Note: This release reverts a fix from 0.3.26 (#11114) because it introduced a regression in certain cases.

Once a fix can be provided which does not have this regression, it will be released in a future patch.

What's Changed

• perf: Cache package.json location between getNearestPackageJson invocations by @​rutkowskib in typeorm/typeorm#11580
• feat: allow VirtualColumns to be initially non-selectable by @​alumni in typeorm/typeorm#11586
• build(deps): bump sha.js from 2.4.11 to 2.4.12 in /sample/playground by @​dependabot[bot] in typeorm/typeorm#11617
• Add @​signalwire/docusaurus-plugin-llms-txt to TypeORM documentation by @​Copilot in typeorm/typeorm#11622
• fix: Add package.json exports for react-native by @​macksal in typeorm/typeorm#11623
• fix(query-builder): don't use lazy count when offset exceeds total in getManyAndCount by @​jeremyteyssedre in typeorm/typeorm#11634
• chore: bump sha.js from 2.4.11 to 2.4.12 (fix security issue: CVE-2025-9288) by @​prateek-hegde in typeorm/typeorm#11639
• docs: fix docs for UpdateDateColumn by @​madhugb in typeorm/typeorm#11572
• build(deps): bump axios from 1.11.0 to 1.12.1 in /docs by @​dependabot[bot] in typeorm/typeorm#11649
• feat(migration): improve JSDoc types in generated migration templates by @​gwythyr in typeorm/typeorm#11490
• fix: update tests to reflect migration template changes by @​sgarner in typeorm/typeorm#11653
• feat(mysql): add support for MySQL 9 / MariaDB 12 by @​alumni in typeorm/typeorm#11575
• ci: add close stale issues GH action by @​gioboa in typeorm/typeorm#11651
• feat: add new undefined and null behavior flags by @​naorpeled in typeorm/typeorm#11332
• feat(postgres): support vector/halfvec data types by @​naorpeled in typeorm/typeorm#11437
• fix: JSON parsing for mysql2 client library (#8319) by @​dlhck in typeorm/typeorm#11659
• Revert #11114 do not create junction table metadata when it already exists by @​michaelbromley in typeorm/typeorm#11660
• chore: Release v0.3.27 by @​michaelbromley in typeorm/typeorm#11661

New Contributors