Skip to content

build(deps): bump the npm-dependencies group across 1 directory with 9 updates#138

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-5dcccc20a3
Open

build(deps): bump the npm-dependencies group across 1 directory with 9 updates#138
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-5dcccc20a3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-dependencies group with 9 updates in the / directory:

Package From To
commander 14.0.3 15.0.0
mariadb 3.5.2 3.5.3
mysql2 3.20.0 3.22.5
pg 8.20.0 8.21.0
@types/node 25.5.2 25.9.2
@swc/core 1.15.24 1.15.41
jest 30.3.0 30.4.2
rollup 4.60.1 4.61.1
typescript 6.0.2 6.0.3

Updates commander from 14.0.3 to 15.0.0

Release notes

Sourced from commander's releases.

v15.0.0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

Changed

  • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
  • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
  • dev: switch tests from Jest to node:test test runner (#2463)

Deleted

  • Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

v15.0.0-0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 in May 2026 will move Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

... (truncated)

Changelog

Sourced from commander's changelog.

[15.0.0] (2026-05-29)

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

Changed

  • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
  • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
  • dev: switch tests from Jest to node:test test runner (#2463)

Deleted

  • Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

[15.0.0-0] (2026-02-22)

(Released as 15.0.0)

Commits

Updates mariadb from 3.5.2 to 3.5.3

Release notes

Sourced from mariadb's releases.

MariaDB Connector/Node.js 3.5.3

3.5.3 (Jun1 2026)

Full Changelog

Notable changes

  • Minimum supported Node.js version is now 20 (was 18; Node 18 went EOL in April 2025)
  • CONJS-346: Add RowsWithMeta<T> and WithMeta<T> helper types for typing query() / execute() result shapes — RowsWithMeta<T> for the default rows-array-with-meta shape, WithMeta<T> for the metaAsArray: true tuple form (types-only, no runtime change)

Issues Fixed

  • CONJS-354: Reject a server-initiated LOAD DATA LOCAL INFILE request when permitLocalInfile is disabled (report by tharavel)
  • CONJS-353: PAM (dialog) authentication now requires a secure connection (TLS or a local unix socket), since it transmits the password in clear text (report by fg0x0)
  • CONJS-351: Use constant-time comparison when validating the server certificate fingerprint token, preventing a timing side-channel that could leak the token to a man-in-the-middle
  • CONJS-350: Fixed possible SQL injection in Buffer parameter escaping under big5/gbk/sjis/cp932/gb18030 client charset (report by fg0x0)
  • CONJS-344: Restore dual ESM/CJS support after the 3.5 ESM migration (#346):
    • TypeScript types now compile under moduleResolution: "Node16" / "NodeNext" / "Bundler" — fixes TS2846 / TS2834 reported in 3.5.1 and 3.5.2
    • Ship paired .d.cts declarations for the require condition
    • Ship a real CJS bundle in dist/ so require('mariadb') works on Node 20+ without --experimental-require-module or ExperimentalWarning
    • Restore the default ESM export, so import mariadb from 'mariadb' works again (matches 3.4.x behavior)
Changelog

Sourced from mariadb's changelog.

3.5.3 (Jun1 2026)

Full Changelog

Notable changes

  • Minimum supported Node.js version is now 20 (was 18; Node 18 went EOL in April 2025)
  • CONJS-346: Add RowsWithMeta<T> and WithMeta<T> helper types for typing query() / execute() result shapes — RowsWithMeta<T> for the default rows-array-with-meta shape, WithMeta<T> for the metaAsArray: true tuple form (types-only, no runtime change)

Issues Fixed

  • CONJS-354: Reject a server-initiated LOAD DATA LOCAL INFILE request when permitLocalInfile is disabled (report by tharavel)
  • CONJS-353: PAM (dialog) authentication now requires a secure connection (TLS or a local unix socket), since it transmits the password in clear text (report by fg0x0)
  • CONJS-351: Use constant-time comparison when validating the server certificate fingerprint token, preventing a timing side-channel that could leak the token to a man-in-the-middle
  • CONJS-350: Fixed possible SQL injection in Buffer parameter escaping under big5/gbk/sjis/cp932/gb18030 client charset (report by fg0x0)
  • CONJS-344: Restore dual ESM/CJS support after the 3.5 ESM migration (#346):
    • TypeScript types now compile under moduleResolution: "Node16" / "NodeNext" / "Bundler" — fixes TS2846 / TS2834 reported in 3.5.1 and 3.5.2
    • Ship paired .d.cts declarations for the require condition
    • Ship a real CJS bundle in dist/ so require('mariadb') works on Node 20+ without --experimental-require-module or ExperimentalWarning
    • Restore the default ESM export, so import mariadb from 'mariadb' works again (matches 3.4.x behavior)

3.4.6 (Jun 2026)

Full Changelog

Issues Fixed

  • CONJS-331: Corrected parsec authentication plugin handling
  • CONJS-350: Fixed possible SQL injection in Buffer parameter escaping under big5/gbk/sjis/cp932/gb18030 client charset (report by fg0x0)
  • CONJS-349: Fixed cleartext password disclosure to a man-in-the-middle when relying on certificate fingerprint validation (self-signed trust mode)
  • CONJS-351: Use constant-time comparison when validating the server certificate fingerprint token, preventing a timing side-channel that could leak the token to a man-in-the-middle
  • CONJS-353: PAM (dialog) authentication now requires a secure connection (TLS or a local unix socket), since it transmits the password in clear text (report by fg0x0)
  • CONJS-354: Reject a server-initiated LOAD DATA LOCAL INFILE request when permitLocalInfile is disabled (report by tharavel)
  • Refuse sending the password in clear (mysql_clear_password) over an unencrypted connection

3.3.3 (Jun 2026)

Full Changelog

Issues Fixed

  • CONJS-350: Fixed possible SQL injection in Buffer parameter escaping under big5/gbk/sjis/cp932/gb18030 client charset (report by fg0x0)
  • CONJS-349: Fixed cleartext password disclosure to a man-in-the-middle when relying on certificate fingerprint validation (self-signed trust mode)
  • CONJS-351: Use constant-time comparison when validating the server certificate fingerprint token, preventing a timing side-channel that could leak the token to a man-in-the-middle
  • CONJS-353: PAM (dialog) authentication now requires a secure connection (TLS or a local unix socket), since it transmits the password in clear text (report by fg0x0)
  • CONJS-354: Reject a server-initiated LOAD DATA LOCAL INFILE request when permitLocalInfile is disabled (report by tharavel)
  • Refuse sending the password in clear (mysql_clear_password) over an unencrypted connection

3.2.4 (Jun 2026)

Full Changelog

Issues Fixed

  • CONJS-350: Fixed possible SQL injection in Buffer parameter escaping under big5/gbk/sjis/cp932/gb18030 client charset (report by fg0x0)
  • CONJS-353: PAM (dialog) authentication now requires a secure connection (TLS or a local unix socket), since it transmits the password in clear text (report by fg0x0)

... (truncated)

Commits
  • 14e0f16 [misc] Update CHANGELOG.md to include recent security fixes for PAM authentic...
  • cd00457 Merge branch 'develop'
  • f34b785 [misc] test stability: poll debug log until flushed instead of fixed wait
  • 2df7c26 [CONJS-354] Reject server-initiated LOAD DATA LOCAL INFILE when permitLocalIn...
  • 7d6e44a [misc] Cap the length of server-sent numeric strings before BigInt parsing, p...
  • 53b3042 [CONJS-353] PAM (dialog) authentication now requires a secure connection (TLS...
  • 41eec7f [CONJS-351] Implement constant-time comparison in validateFingerPrint to prev...
  • aa50c50 Update CHANGELOG.md for version 3.4.6, 3.3.3 and 3.2.4, adding fixed issues a...
  • 6c10db5 [misc] test stability correction
  • 5d5293a [misc] Refuse mysql_clear_password over an insecure connection
  • Additional commits viewable in compare view

Updates mysql2 from 3.20.0 to 3.22.5

Release notes

Sourced from mysql2's releases.

v3.22.5

3.22.5 (2026-06-06)

Bug Fixes

  • keep 00:00:00 time for TIMESTAMP in binary protocol with dateStrings (#4327) (2af33a1)

v3.22.4

3.22.4 (2026-05-24)

Bug Fixes

v3.22.3

3.22.3 (2026-04-24)

Bug Fixes

  • allow resetOnRelease in connection config validation (#4278) (e72f923)

v3.22.2

3.22.2 (2026-04-21)

Bug Fixes

  • promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

v3.22.1

3.22.1 (2026-04-17)

Bug Fixes

  • async stack traces not pointing to correct source, regression introduced by #4257 (#4265) (5b6206c)
  • packet: return INVALID_DATE for zero dates with numeric timezone offset (#1019) (#4258) (cb5adcc)

v3.22.0

3.22.0 (2026-04-10)

Features

  • disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
  • implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.22.5 (2026-06-06)

Bug Fixes

  • keep 00:00:00 time for TIMESTAMP in binary protocol with dateStrings (#4327) (2af33a1)

3.22.4 (2026-05-26)

Bug Fixes

3.22.3 (2026-04-24)

Bug Fixes

  • allow resetOnRelease in connection config validation (#4278) (e72f923)

3.22.2 (2026-04-21)

Bug Fixes

  • promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

3.22.1 (2026-04-17)

Bug Fixes

  • async stack traces not pointing to correct source, regression introduced by #4257 (#4265) (5b6206c)
  • packet: return INVALID_DATE for zero dates with numeric timezone offset (#1019) (#4258) (cb5adcc)

3.22.0 (2026-04-10)

Features

  • disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
  • implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

Performance Improvements

  • defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

3.21.1 (2026-04-09)

... (truncated)

Commits
  • 14a479b chore(master): release 3.22.5 (#4328)
  • 2af33a1 fix: keep 00:00:00 time for TIMESTAMP in binary protocol with dateStrings (#4...
  • f3ce399 docs: add Cursor Cloud development environment instructions
  • b895afe build(deps-dev): bump rollup in the dev-dependencies group (#4326)
  • b8131c5 build(deps-dev): bump the dev-dependencies group with 5 updates (#4322)
  • 63a8803 build(deps): bump the react group across 1 directory with 2 updates (#4323)
  • 188a342 build(deps-dev): bump tsx (#4324)
  • 8fc97ba build(deps): bump @​easyops-cn/docusaurus-search-local in /website (#4325)
  • dd1fc93 build(deps-dev): bump eslint-plugin-prettier (#4318)
  • 3fbadbd build(deps): bump postcss from 8.5.6 to 8.5.15 in /website (#4320)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for mysql2 since your current version.


Updates pg from 8.20.0 to 8.21.0

Changelog

Sourced from pg's changelog.

pg@8.21.0

Commits
  • 544b1ce Publish
  • cc03fa5 Add scramMaxIterations option to limit SCRAM iteration count (#3677)
  • f776327 Remove compatibility code for unsupported versions of Node (<16) (#3678)
  • f252870 cleanup: pg utils (#3675)
  • c8da6ab Assorted test cleanup (#3673)
  • fa47e73 fix: Client#end callback being called multiple times when first is no-op (#...
  • 88a7e60 cleanup: Move declaration to more natural place
  • 2095247 cleanup: Combine duplicated code in Client#query and avoid unneeded early n...
  • 0ac3edd fix: apply SASLprep (RFC 4013) to passwords before SCRAM-SHA-256 PBKDF2 (#3669)
  • be880d4 Assorted test fixes and cleanup (#3672)
  • Additional commits viewable in compare view

Updates @types/node from 25.5.2 to 25.9.2

Commits

Updates @swc/core from 1.15.24 to 1.15.41

Changelog

Sourced from @​swc/core's changelog.

[1.15.41] - 2026-06-09

Bug Fixes

  • (bindings/node) Preserve source context for AST transforms (#11920) (b6dfa74)

  • (es/codegen) Emit export as namespace correctly (#11923) (4e1f832)

  • (es/codegen) Emit export as namespace minified correctly (#11924) (7157499)

  • (es/compat) Rewrite this in destructuring defaults (#11909) (68af779)

  • (es/decorators) Delay 2022 decorator initializers after private fields (#11847) (3f1a4f5)

  • (es/decorators) Handle import types in decorator metadata (#11916) (f411429)

  • (es/fixer) Preserve new tagged template callee parens (#11922) (242a03a)

  • (es/minifier) Handle unknown member props (#11927) (e59ba68)

  • (es/parser) Handle Flow async generic arrows (#11926) (b9b8993)

  • (es/renamer) Avoid duplicate mangled names across eval scope boundaries (#11913) (4a1af84)

  • (plugin) Avoid importing __free from env (#11908) (4584296)

  • (swc) Preserve plugin error context (#11904) (4e2e9fc)

  • (swc_common) Fix sourcemap panic for multibyte mapping positions (#11918) (40c1601)

Documentation

... (truncated)

Commits
  • 7a72340 chore: Publish 1.15.41 with swc_core v68.0.6
  • 82ae083 chore: Publish 1.15.41-nightly-20260609.1 with swc_core v68.0.6
  • b6dfa74 fix(bindings/node): Preserve source context for AST transforms (#11920)
  • 112729b chore: Publish 1.15.40 with swc_core v66.0.5
  • 13a5608 chore: Publish 1.15.40-nightly-20260523.1 with swc_core v66.0.5
  • bc6ee83 chore: Publish 1.15.39-nightly-20260523.1 with swc_core v66.0.5
  • 3a68ad5 chore: Publish 1.15.38-nightly-20260522.1 with swc_core v66.0.5
  • d0f0d5a chore: Publish 1.15.37-nightly-20260522.1 with swc_core v66.0.5
  • 969df79 chore: Publish 1.15.36-nightly-20260522.1 with swc_core v66.0.5
  • 38c2a44 chore: Publish 1.15.35-nightly-20260522.1 with swc_core v66.0.4
  • Additional commits viewable in compare view

Updates jest from 30.3.0 to 30.4.2

Release notes

Sourced from jest's releases.

v30.4.2

Fixes

  • [jest-runtime] Fix named imports from CJS modules whose module.exports is a function with own-property exports (#16150)

Full Changelog: jestjs/jest@v30.4.1...v30.4.2

v30.4.1

Features

  • [jest-config, jest-core, jest-runner, jest-schemas, jest-types] Allow custom runner configuration options via tuple format ['runner-path', {options}] (#16141)

Fixes

  • [jest-runtime] Align CJS-from-ESM default export with Node: module.exports is always the ESM default, __esModule unwrapping is no longer applied (#16143)

Full Changelog: jestjs/jest@v30.4.0...v30.4.1

v30.4.0

Big release! 😀

Main feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work require(esm) module is now supported on Node 24.9+ (still requires --experimental-vm-modules like before).

In addition we now support fake timers for the recently released Temporal API in Node v26.

React 19 is also supported properly in pretty-format, meaning snapshots of React components now work like they should.

Due to all the changes, there might be regressions that snuck in. Please report them!

Full list of changes below

Features

  • [babel-jest] Support collecting coverage from .mts, .cts (and other) files (#15994)
  • [jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types] Add --collect-tests flag to discover and list tests without executing them (#16006)
  • [jest-config, jest-runner, jest-worker] Add workerGracefulExitTimeout config option to control how long workers are given to exit before being force-killed (#15984)
  • [jest-config] Add support for jest.config.mts as a valid configuration file (#16005)
  • [jest-config, jest-core, jest-reporters, jest-runner] verbose and silent can now be set per-project; the project-level value overrides the global value for that project's tests (#16133)
  • [@jest/fake-timers] Accept Temporal.Duration in jest.advanceTimersByTime() and jest.advanceTimersByTimeAsync() (#16128)
  • [@jest/fake-timers] Accept Temporal.Instant and Temporal.ZonedDateTime in jest.setSystemTime() and useFakeTimers({now}) (#16128)
  • [@jest/fake-timers] Support faking Temporal.Now.* (#16131)
  • [jest-mock] Add clearMocksOnScope(scope) on ModuleMocker for clearing every mock function exposed on a scope object (#16088)
  • [jest-resolve] Add canResolveSync() on Resolver so callers can detect when a user-configured resolver only exports an async hook (#16064)
  • [jest-runtime] Use synchronous evaluate() for ES modules without top-level await on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#16062)
  • [jest-runtime] Support require() of ES modules on Node v24.9+ (#16074)
  • [jest-runtime] Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#16127)
  • [@jest/transform] Add canTransformSync(filename) on ScriptTransformer so callers can pick the sync vs async transform path (#16062)
  • [jest-util] Add isError helper (#16076)

... (truncated)

Changelog

Sourced from jest's changelog.

30.4.2

Fixes

  • [jest-runtime] Fix named imports from CJS modules whose module.exports is a function with own-property exports (#16150)

30.4.1

Features

  • [jest-config, jest-core, jest-runner, jest-schemas, jest-types] Allow custom runner configuration options via tuple format ['runner-path', {options}] (#16141)

Fixes

  • [jest-runtime] Align CJS-from-ESM default export with Node: module.exports is always the ESM default, __esModule unwrapping is no longer applied (#16143)

30.4.0

Features

  • [babel-jest] Support collecting coverage from .mts, .cts (and other) files (#15994)
  • [jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types] Add --collect-tests flag to discover and list tests without executing them (#16006)
  • [jest-config, jest-runner, jest-worker] Add workerGracefulExitTimeout config option to control how long workers are given to exit before being force-killed (#15984)
  • [jest-config] Add support for jest.config.mts as a valid configuration file (#16005)
  • [jest-config, jest-core, jest-reporters, jest-runner] verbose and silent can now be set per-project; the project-level value overrides the global value for that project's tests (#16133)
  • [@jest/fake-timers] Accept Temporal.Duration in jest.advanceTimersByTime() and jest.advanceTimersByTimeAsync() (#16128)
  • [@jest/fake-timers] Accept Temporal.Instant and Temporal.ZonedDateTime in jest.setSystemTime() and useFakeTimers({now}) (#16128)
  • [@jest/fake-timers] Support faking Temporal.Now.* (#16131)
  • [jest-mock] Add clearMocksOnScope(scope) on ModuleMocker for clearing every mock function exposed on a scope object (#16088)
  • [jest-resolve] Add canResolveSync() on Resolver so callers can detect when a user-configured resolver only exports an async hook (#16064)
  • [jest-runtime] Use synchronous evaluate() for ES modules without top-level await on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#16062)
  • [jest-runtime] Support require() of ES modules on Node v24.9+ (#16074)
  • [jest-runtime] Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#16127)
  • [@jest/transform] Add canTransformSync(filename) on ScriptTransformer so callers can pick the sync vs async transform path (#16062)
  • [jest-util] Add isError helper (#16076)
  • [pretty-format] Support React 19 (#16123)

Fixes

  • [expect-utils] Fix toStrictEqual failing on structuredClone results due to cross-realm constructor mismatch (#15959)
  • [@jest/expect-utils] Prevent toMatchObject/subset matching from throwing when encountering exotic iterables (#15952)
  • [fake-timers] Convert Date to milliseconds before passing to @sinonjs/fake-timers (#16029)
  • [jest] Export GlobalConfig and ProjectConfig TypeScript types (#16132)
  • [jest-circus] Prevent crash when asyncError is undefined for non-Error throws (#16003)
  • [jest-circus, jest-jasmine2] Include Error.cause in JSON failureMessages output (#15967)
  • [jest-config] Fix preset path resolution on Windows when the preset uses subpath exports (#15961)
  • [jest-config] Allow collectCoverage and coverageProvider in project config without a validation warning (#16132)
  • [jest-config] Project config validator now emits "is not supported in an individual project configuration" instead of "probably a typing mistake" for known global-only options (#16132)
  • [jest-environment-node] Fix --localstorage-file warning on Node 25+ (#16086)
  • [jest-reporters] Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (#16137)

... (truncated)

Commits

Updates rollup from 4.60.1 to 4.61.1

Release notes

Sourced from rollup's releases.

v4.61.1

4.61.1

2026-06-04

Bug Fixes

  • Avoid extraneous newlines when adding headers via plugins (#6403)
  • Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

v4.61.0

4.61.0

2026-06-01

Features

  • Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

v4.60.4

4.60.4

2026-05-14

Bug Fixes

... (truncated)

Changelog

Sourced from rollup's changelog.

4.61.1

2026-06-04

Bug Fixes

  • Avoid extraneous newlines when adding headers via plugins (#6403)
  • Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

4.61.0

2026-06-01

Features

  • Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

…9 updates

Bumps the npm-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [commander](https://github.com/tj/commander.js) | `14.0.3` | `15.0.0` |
| [mariadb](https://github.com/mariadb-corporation/mariadb-connector-nodejs) | `3.5.2` | `3.5.3` |
| [mysql2](https://github.com/sidorares/node-mysql2) | `3.20.0` | `3.22.5` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.20.0` | `8.21.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.2` | `25.9.2` |
| [@swc/core](https://github.com/swc-project/swc/tree/HEAD/packages/core) | `1.15.24` | `1.15.41` |
| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.3.0` | `30.4.2` |
| [rollup](https://github.com/rollup/rollup) | `4.60.1` | `4.61.1` |
| [typescript](https://github.com/microsoft/TypeScript) | `6.0.2` | `6.0.3` |



Updates `commander` from 14.0.3 to 15.0.0
- [Release notes](https://github.com/tj/commander.js/releases)
- [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
- [Commits](tj/commander.js@v14.0.3...v15.0.0)

Updates `mariadb` from 3.5.2 to 3.5.3
- [Release notes](https://github.com/mariadb-corporation/mariadb-connector-nodejs/releases)
- [Changelog](https://github.com/mariadb-corporation/mariadb-connector-nodejs/blob/main/CHANGELOG.md)
- [Commits](mariadb-corporation/mariadb-connector-nodejs@3.5.2...3.5.3)

Updates `mysql2` from 3.20.0 to 3.22.5
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v3.20.0...v3.22.5)

Updates `pg` from 8.20.0 to 8.21.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.21.0/packages/pg)

Updates `@types/node` from 25.5.2 to 25.9.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@swc/core` from 1.15.24 to 1.15.41
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/commits/v1.15.41/packages/core)

Updates `jest` from 30.3.0 to 30.4.2
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest)

Updates `rollup` from 4.60.1 to 4.61.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.60.1...v4.61.1)

Updates `typescript` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v6.0.2...v6.0.3)

---
updated-dependencies:
- dependency-name: commander
  dependency-version: 15.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: mariadb
  dependency-version: 3.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: mysql2
  dependency-version: 3.22.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: pg
  dependency-version: 8.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@types/node"
  dependency-version: 25.9.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@swc/core"
  dependency-version: 1.15.41
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: jest
  dependency-version: 30.4.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: rollup
  dependency-version: 4.61.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants