chore(deps): bump the production_patches group across 1 directory with 6 updates #192

dependabot · 2026-01-05T04:16:46Z

Bumps the production_patches group with 5 updates in the / directory:

Package	From	To
body-parser	`1.20.3`	`1.20.4`
commander	`14.0.1`	`14.0.2`
pino-pretty	`13.1.2`	`13.1.3`
socket.io	`4.8.1`	`4.8.3`
typeorm	`0.3.27`	`0.3.28`

Updates body-parser from 1.20.3 to 1.20.4

Release notes

Sourced from body-parser's releases.

1.20.4

What's Changed

Remove redundant depth check by @blakeembrey in expressjs/body-parser#538

ci: add support for Node.js v23 by @Phillip9587 in expressjs/body-parser#553

ci: restore CI for 1.x branch by @bjohansebas in expressjs/body-parser#665

deps: qs@^6.14.0 by @bjohansebas in expressjs/body-parser#664

deps: use tilde notation and update certain dependencies by @Phillip9587 in expressjs/body-parser#668

chore: remove SECURITY.md by @Phillip9587 in expressjs/body-parser#669

ci: add CodeQL (SAST) by @Phillip9587 in expressjs/body-parser#670

Release: 1.20.4 by @UlisesGascon in expressjs/body-parser#672

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

Changelog

Sourced from body-parser's changelog.

1.20.4 / 2025-12-01

deps: qs@~6.14.0

deps: use tilde notation for dependencies

deps: http-errors@~2.0.1

deps: raw-body@~2.5.3

Commits

7db202c 1.20.4 (#672)
d8f8adb ci: add CodeQL (SAST) (#670)
6d133c1 chore: remove SECURITY.md (#669)
fcd1535 deps: use tilde notation and update certain dependencies (#668)
ec5fa29 deps: qs@~6.14.0 (#664)
ffb95c1 ci: restore CI for 1.x branch (#665)
48a5f07 ci: add support for Node.js v23 (#553)
f20f6ad Remove redundant depth check (#538)
See full diff in compare view

Updates commander from 14.0.1 to 14.0.2

Release notes

Sourced from commander's releases.

v14.0.2

Changed

improve negative number auto-detection test (#2428)

update (dev) dependencies

Changelog

Sourced from commander's changelog.

[14.0.2] (2025-10-25)

Changed

improve negative number auto-detection test (#2428)

update (dev) dependencies

Commits

0692be5 Prepare for 14.0.2 (#2437)
88a348e Bump actions/setup-node from 5 to 6 (#2438)
3fe83d6 Bump github/codeql-action from 3 to 4 (#2435)
0b7988e Bump globals from 16.3.0 to 16.4.0 (#2429)
8005253 Bump typescript-eslint from 8.42.0 to 8.45.0 (#2430)
213e679 Bump ts-jest from 29.4.1 to 29.4.4 (#2431)
7ede91b Bump jest from 30.1.3 to 30.2.0 (#2432)
8c91f34 Bump typescript from 5.9.2 to 5.9.3 (#2433)
ff1d2ce Improve negative test (#2428)
1a6dba5 Clarify deprecated routine (#2427)
See full diff in compare view

Updates pino-pretty from 13.1.2 to 13.1.3

Release notes

Sourced from pino-pretty's releases.

v13.1.3

What's Changed

Add in the README file a snippet to use pino-pretty only for dev by @himito in pinojs/pino-pretty#623

build(deps): bump actions/setup-node from 4 to 6 by @dependabot[bot] in pinojs/pino-pretty#626

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in pinojs/pino-pretty#627

build(deps-dev): bump pino from 9.14.0 to 10.1.0 by @dependabot[bot] in pinojs/pino-pretty#628

build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 by @dependabot[bot] in pinojs/pino-pretty#629

Update format-time.js documentation to match functionality by @g-sanner in pinojs/pino-pretty#632

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in pinojs/pino-pretty#636

build(deps): bump fast-copy from 3.0.2 to 4.0.0 by @dependabot[bot] in pinojs/pino-pretty#637

fix: messageFormat print 0 value by @gutenye in pinojs/pino-pretty#635

New Contributors

@himito made their first contribution in pinojs/pino-pretty#623

@g-sanner made their first contribution in pinojs/pino-pretty#632

@gutenye made their first contribution in pinojs/pino-pretty#635

Full Changelog: pinojs/pino-pretty@v13.1.2...v13.1.3

Commits

08425cd v13.1.3
6afb524 fix: messageFormat print 0 value (#635)
70c73ea build(deps): bump fast-copy from 3.0.2 to 4.0.0 (#637)
2cd9794 build(deps): bump actions/checkout from 5 to 6 (#636)
c06e276 Update format-time.js documentation to match functionality (#632)
47ffb45 build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 (#629)
932af85 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#628)
6d48318 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#627)
3b89a0c build(deps): bump actions/setup-node from 4 to 6 (#626)
ab0ccab Add in the README file a snippet to use pino-pretty only for dev (#623)
See full diff in compare view

Updates qs from 6.14.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

[Fix] ensure arrayLength applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Updates socket.io from 4.8.1 to 4.8.3

Release notes

Sourced from socket.io's releases.

socket.io@4.8.2

The url.parse() function is now deprecated and has been replaced by new URL() (see 8af7019).

Bug Fixes

call adapter.init() when creating each namespace (f3e1f5e)

improve io.close() function (#5344) (bb0b480)

Dependencies

engine.io@~6.6.0 (no change)

ws@~8.18.3 (diff)

socket.io-client@4.8.2

Bug Fixes

bundle: do not mangle the "_placeholder" attribute (bis) (cdae019)

drain queue before emitting "connect" (#5259) (d19928e)

Dependencies

engine.io-client@~6.6.1 (no change)

ws@~8.17.1 (no change)

Commits

9978574 chore(release): socket.io@4.8.3
e9e5bed chore(release): socket.io-client@4.8.3
9581f9b fix(sio): do not throw when calling io.close() on a stopped server
579d43f refactor: remove unused files
ee9aac3 chore(release): socket.io-parser@4.2.5
968277c chore(release): socket.io-adapter@2.5.6
2bf16bd chore(release): engine.io-client@6.6.4
ad61607 docs(eio): fix link in the release notes
dd71792 chore(release): socket.io@4.8.2
bb0b480 fix(sio): improve io.close() function (#5344)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for socket.io since your current version.

Updates typeorm from 0.3.27 to 0.3.28

Release notes

Sourced from typeorm's releases.

0.3.28

What's Changed

build(deps): bump brace-expansion from 2.0.1 to 2.0.2 in /sample/playground by @dependabot[bot] in typeorm/typeorm#11522

chore: update dependencies by @alumni in typeorm/typeorm#11666

chore: fix package preview by @alumni in typeorm/typeorm#11542

fix: add multiSubnetFailover to mssql driver option types by @isaru66 in typeorm/typeorm#10804

ci: introduce jsdoc eslint plugin (warnings only) by @pkuczynski in typeorm/typeorm#11681

feat: add support for jsonpath column type in PostgreSQL by @pkuczynski in typeorm/typeorm#11684

feat: entity schema support trees by @wszgrcy in typeorm/typeorm#11606

ci: remove close stale issues GH action by @gioboa in typeorm/typeorm#11696

docs: remove unused docs example file by @pkuczynski in typeorm/typeorm#11675

docs: updated jsdoc link to PostgreSQL documentation for data types by @pkuczynski in typeorm/typeorm#11680

ci: bump actions/setup-node to v5 and benefit from automatic caching by @pkuczynski in typeorm/typeorm#11709

feat(cli/init): pick dependencies versions from our own package.json by @pkuczynski in typeorm/typeorm#11705

chore(lint/jsdoc): enable jsdoc/valid-types rule and fix offenses by @pkuczynski in typeorm/typeorm#11706

chore(docs): ehnance llms.txt by @naorpeled in typeorm/typeorm#11711

ci: bump actions/checkout version by @gioboa in typeorm/typeorm#11712

ci: harmonize MongoDB version used in CI, local development environment and init command and bump to v8 by @pkuczynski in typeorm/typeorm#11704

docs: remove contradictory statement in Active Record/Data Mapper guide by @ericmorand in typeorm/typeorm#11722

Fix typos in documentation / hacktoberfest by @survivant in typeorm/typeorm#11713

MongoDB connector now includes SOCKS5 proxy settings by @Kumar-Kishan in typeorm/typeorm#11731

docs: fix link to email, when vulnerability found by @pkuczynski in typeorm/typeorm#11667

style: remove commented out code in FindOptionsUtils by @DeeprajPandey in typeorm/typeorm#11721

docs: collect all migrations documentation in one place by @pkuczynski in typeorm/typeorm#11674

lint: fix offenses for @typescript-eslint/no-unused-vars rule in samples folder by @pkuczynski in typeorm/typeorm#11757

lint: fix offenses for @typescript-eslint/no-unused-vars rule in tests folder by @pkuczynski in typeorm/typeorm#11755

docs: fix typos in the js documentation by @pkuczynski in typeorm/typeorm#11754

fix: circular import in SapDriver.ts by @abendi in typeorm/typeorm#11750

chore(dev-deps): bump eslint and update config by @pkuczynski in typeorm/typeorm#11756

docs: fix broken migration links by @mguida22 in typeorm/typeorm#11760

ci: test if docs build and run task depending on the changes from PR by @pkuczynski in typeorm/typeorm#11761

ci: control development and CI version of Node.js via .nvmrc by @pkuczynski in typeorm/typeorm#11708

ci: add single step to validate if all tests passed by @pkuczynski in typeorm/typeorm#11763

ci: prevent running docs index on forks by @pkuczynski in typeorm/typeorm#11762

feat(mssql): support 'vector' type for MS SQL Server by @artiz in typeorm/typeorm#11732

docs: expand sponsors section and remove outdated translations by @dlhck in typeorm/typeorm#11771

docs(cockroach): fix typo in CockroachDriver jsdoc for mappedDataTypes by @Edge-Seven in typeorm/typeorm#11775

ci: migrate from nyc to c8 by @pkuczynski in typeorm/typeorm#11759

fix(deps): upgrade glob to fix CVE-2025-64756 by @PabloThiele in typeorm/typeorm#11784

build(deps): bump js-yaml in /docs by @dependabot[bot] in typeorm/typeorm#11779

ci: run tests on commits to master and next by @mguida22 in typeorm/typeorm#11783

docs: fix build status badge url by @pkuczynski in typeorm/typeorm#11790

chore: add GitHub Copilot instructions by @Copilot in typeorm/typeorm#11781

feat: export QueryPartialEntity and QueryDeepPartialEntity types by @danielsharvey in typeorm/typeorm#11748

ci(oracle): add extra sleep after container starts by @OSA413 in typeorm/typeorm#11795

chore: add Qodo config by @naorpeled in typeorm/typeorm#11791

feat: init version in postgres driver only if not set by @hfhchan-plb in typeorm/typeorm#11373

fix(cli): init command reading package.json from two folders up by @pkuczynski in typeorm/typeorm#11789

feat(mysql): add support for vector columns on MariaDB and MySQL by @alumni in typeorm/typeorm#11670

fix: typesense doc sync by @G0maa in typeorm/typeorm#11807

... (truncated)

Changelog

Sourced from typeorm's changelog.

0.3.28 (2025-12-02)

Bug Fixes

add multiSubnetFailover option for mssql (#10804) (83e3a8a)

circular import in SapDriver.ts (#11750) (bed7913)

cli: init command reading package.json from two folders up (#11789) (dd55218)

deps: upgrade glob to fix CVE-2025-64756 (#11784) (dc74f53)

mongodb: add missing findBy method to MongoEntityManager (#11814) (38715bb)

redis: version detection logic (#11815) (6f486e5)

typesense doc sync (#11807) (d0b5454)

Features

add support for jsonpath column type in PostgreSQL (#11684) (4f05718)

cli/init: pick dependencies versions from our own package.json (#11705) (b930909)

entity schema support trees (#11606) (925dee0)

export QueryPartialEntity and QueryDeepPartialEntity types (#11748) (ade198c)

init version in postgres driver only if not set (#11373) (cb1284c)

manage MongoDB SOCKS5 proxy settings (#11731) (d7867eb)

mssql: support 'vector' type for MS SQL Server (#11732) (2681051)

mysql: add pool size options for each connection (#11810) (67f793f)

mysql: add support for vector columns on MariaDB and MySQL (#11670) (cfb3d6c)

Commits

73fda41 chore: release v0.3.28 (#11816)
6f486e5 fix(redis): version detection logic (#11815)
38715bb fix(mongodb): add missing findBy method to MongoEntityManager (#11814)
ec3ea10 refactor: use pragma method in better-sqlite3 (#10684)
c4f5d12 refactor(tests): ensure test files have the .test.ts extension (#11801)
61f9e0d docs(mysql): add missing mysql credential options (#11813)
55cd8e2 feat:add utc flag to date column (#11740)
67f793f feat(mysql): add pool size options for each connection (#11810)
835647a test: use built-in wait function and fix wait times to avoid flaky tests (#11...
5461927 chore: update dependencies (#11811)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…h 6 updates Bumps the production_patches group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.3` | `1.20.4` | | [commander](https://github.com/tj/commander.js) | `14.0.1` | `14.0.2` | | [pino-pretty](https://github.com/pinojs/pino-pretty) | `13.1.2` | `13.1.3` | | [socket.io](https://github.com/socketio/socket.io) | `4.8.1` | `4.8.3` | | [typeorm](https://github.com/typeorm/typeorm) | `0.3.27` | `0.3.28` | Updates `body-parser` from 1.20.3 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.3...1.20.4) Updates `commander` from 14.0.1 to 14.0.2 - [Release notes](https://github.com/tj/commander.js/releases) - [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md) - [Commits](tj/commander.js@v14.0.1...v14.0.2) Updates `pino-pretty` from 13.1.2 to 13.1.3 - [Release notes](https://github.com/pinojs/pino-pretty/releases) - [Commits](pinojs/pino-pretty@v13.1.2...v13.1.3) Updates `qs` from 6.14.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.1) Updates `socket.io` from 4.8.1 to 4.8.3 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/socket.io@4.8.1...socket.io@4.8.3) Updates `typeorm` from 0.3.27 to 0.3.28 - [Release notes](https://github.com/typeorm/typeorm/releases) - [Changelog](https://github.com/typeorm/typeorm/blob/master/CHANGELOG.md) - [Commits](typeorm/typeorm@0.3.27...0.3.28) --- updated-dependencies: - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production_patches - dependency-name: commander dependency-version: 14.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production_patches - dependency-name: pino-pretty dependency-version: 13.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production_patches - dependency-name: qs dependency-version: 6.14.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production_patches - dependency-name: socket.io dependency-version: 4.8.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production_patches - dependency-name: typeorm dependency-version: 0.3.28 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production_patches ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 5, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the production_patches group across 1 directory with 6 updates #192

chore(deps): bump the production_patches group across 1 directory with 6 updates #192

Uh oh!

dependabot bot commented on behalf of github Jan 5, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

chore(deps): bump the production_patches group across 1 directory with 6 updates #192

Are you sure you want to change the base?

chore(deps): bump the production_patches group across 1 directory with 6 updates #192

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

1.20.4

What's Changed

1.20.4 / 2025-12-01

v14.0.2

Changed

[14.0.2] (2025-10-25)

Changed

v13.1.3

What's Changed

New Contributors

6.14.1

socket.io@4.8.2

Bug Fixes

Dependencies

socket.io-client@4.8.2

Bug Fixes

Dependencies

0.3.28

What's Changed

0.3.28 (2025-12-02)

Bug Fixes

Features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Jan 5, 2026 •

edited

Loading