Skip to content

build(deps): bump the production-patch group across 1 directory with 8 updates#1535

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-patch-5f7e6ac49b
Open

build(deps): bump the production-patch group across 1 directory with 8 updates#1535
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-patch-5f7e6ac49b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the production-patch group with 8 updates in the / directory:

Package From To
@bufbuild/protobuf 2.12.0 2.12.1
protobufjs 8.6.4 8.6.5
@scalar/express-api-reference 0.10.4 0.10.6
graphql-tools 9.0.28 9.0.29
axios 1.18.0 1.18.1
bullmq 5.79.0 5.79.2
bson 7.3.0 7.3.1
mongoose 9.7.1 9.7.3

Updates @bufbuild/protobuf from 2.12.0 to 2.12.1

Release notes

Sourced from @​bufbuild/protobuf's releases.

v2.12.1

What's Changed

New Contributors

Full Changelog: bufbuild/protobuf-es@v2.12.0...v2.12.1

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​bufbuild/protobuf since your current version.


Updates protobufjs from 8.6.4 to 8.6.5

Release notes

Sourced from protobufjs's releases.

protobufjs: v8.6.5

8.6.5 (2026-06-23)

Bug Fixes

Changelog

Sourced from protobufjs's changelog.

8.6.5 (2026-06-23)

Bug Fixes

Commits

Updates @scalar/express-api-reference from 0.10.4 to 0.10.6

Changelog

Sourced from @​scalar/express-api-reference's changelog.

0.10.6

0.10.5

Commits

Updates graphql-tools from 9.0.28 to 9.0.29

Changelog

Sourced from graphql-tools's changelog.

9.0.29

Patch Changes

  • Updated dependencies []:
    • @​graphql-tools/schema@​10.0.34
Commits
  • c7f20ac chore(release): update monorepo packages versions (#8157)
  • 1fb1076 build(deps): bump the actions-deps group across 1 directory with 15 updates (...
  • f0caccf build(deps): bump the actions-deps group across 1 directory with 9 updates (#...
  • See full diff in compare view

Updates axios from 1.18.0 to 1.18.1

Release notes

Sourced from axios's releases.

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

🔧 Maintenance & Chores

  • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

  • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Changelog

Sourced from axios's changelog.

Changelog

Commits
  • a209bfb chore(release): prepare release 1.18.1 (#11027)
  • fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
  • 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
  • a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
  • cf1306a docs: add Deno to install instructions (#11023)
  • b32880a fix: incorrect use of error (#11021)
  • 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
  • 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
  • 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
  • e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
  • Additional commits viewable in compare view

Updates bullmq from 5.79.0 to 5.79.2

Release notes

Sourced from bullmq's releases.

v5.79.2

5.79.2 (2026-06-27)

Bug Fixes

  • flow: use correct data structure when retrying failed child using ignoreDependencyOnFailure fixes #4235 (#4236) (6f1b2e3)

v5.79.1

5.79.1 (2026-06-21)

Bug Fixes

  • node-redis: accept plain createClient result without cast (#4201) (#4209) (1aefd5b)
Commits
  • 6f1b2e3 fix(flow): use correct data structure when retrying failed child using ignore...
  • d65a2b4 chore(deps): update dependency msgpackr to v2.0.4 [security] (#4233)
  • 57fd783 chore(deps): update dependency msgpack to v1.2.1 [security] (#4230)
  • 2a377a7 chore(deps): update dependency semver to v7.8.5 (#4214)
  • fdc084c chore(release): 5.79.1 (#4231)
  • 1aefd5b fix(node-redis): accept plain createClient result without cast (#4201) (#4209)
  • dab9d19 chore(deps): update eslint to v8.61.1 [security] (#4213)
  • c343c21 ci(release): consider slashes when ignoring commits (#4228)
  • 3f15ce1 chore(release): 5.79.0 (#4227)
  • See full diff in compare view

Updates bson from 7.3.0 to 7.3.1

Release notes

Sourced from bson's releases.

v7.3.1

7.3.1 (2026-06-23)

The MongoDB Node.js team is pleased to announce version 7.3.1 of the bson package!

Release Notes

ObjectId initialization now tolerates partial process polyfills

Adds optional chaining to Node.js startup snapshot API calls in ObjectId so that environments with a stubbed or partial process global no longer throw a TypeError at startup.

Bug Fixes

  • NODE-7630: make startup snapshot calls more defensive (#899) (99433cd)

Documentation

We invite you to try the bson library immediately, and report any issues to the NODE project.

Changelog

Sourced from bson's changelog.

7.3.1 (2026-06-23)

Bug Fixes

  • NODE-7630: make startup snapshot calls more defensive (#899) (99433cd)
Commits

Updates mongoose from 9.7.1 to 9.7.3

Release notes

Sourced from mongoose's releases.

9.7.3 / 2026-06-26

  • types(model): correct Model.validate() return type to Promise #16340 #16338
  • types: use @​standard-schema/spec for StandardSchema types rather than inlining #16341 #16339

9.7.2 / 2026-06-22

  • fix(documentarray): reindex subdocs after array reordering and removal so subsequent nested changes save using the correct path #16282 AbdelrahmanHafez
  • fix(document): avoid accessing special properties in Document.prototype.get()
  • fix(schema): only return own properties in schematype lookups and disallow setting schema paths under special properties
  • docs: update homepage sponsor layout
Changelog

Sourced from mongoose's changelog.

9.7.3 / 2026-06-26

  • types(model): correct Model.validate() return type to Promise #16340 #16338
  • types: use @​standard-schema/spec for StandardSchema types rather than inlining #16341 #16339

9.7.2 / 2026-06-22

  • fix(documentarray): reindex subdocs after array reordering and removal so subsequent nested changes save using the correct path #16282 AbdelrahmanHafez
  • fix(document): avoid accessing special properties in Document.prototype.get()
  • fix(schema): only return own properties in schematype lookups and disallow setting schema paths under special properties
  • docs: update homepage sponsor layout
Commits
  • df72bff chore: release 9.7.3
  • 97f0f36 Merge pull request #16341 from Automattic/vkarpov15/gh-16339
  • aa58b76 types: use @​standard-schema/spec for StandardSchema types rather than inlining
  • 0734de7 fix(types): correct Model.validate() return type to Promise<TRawDocType> (#16...
  • 87ade9b chore: release 9.7.2
  • 4e12786 Merge branch 'vkarpov15/fix-security-20260609-master'
  • b3dd12a docs: flex wrap for major sponsors
  • d48fee3 fix(documentarray): reindex subdocs after reordering (#16282)
  • 3e0e079 fix(types): correct Model.validate() return type to Promise<TRawDocType>
  • 03bedea docs: add mongodb as sponsor on homepage
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 29, 2026
@dependabot
build(deps): bump the production-patch group across 1 directory with …
518495b 
…8 updates

Bumps the production-patch group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@bufbuild/protobuf](https://github.com/bufbuild/protobuf-es/tree/HEAD/packages/protobuf) | `2.12.0` | `2.12.1` |
| [protobufjs](https://github.com/protobufjs/protobuf.js) | `8.6.4` | `8.6.5` |
| [@scalar/express-api-reference](https://github.com/scalar/scalar/tree/HEAD/integrations/express) | `0.10.4` | `0.10.6` |
| [graphql-tools](https://github.com/ardatan/graphql-tools/tree/HEAD/packages/graphql-tools) | `9.0.28` | `9.0.29` |
| [axios](https://github.com/axios/axios) | `1.18.0` | `1.18.1` |
| [bullmq](https://github.com/taskforcesh/bullmq) | `5.79.0` | `5.79.2` |
| [bson](https://github.com/mongodb/js-bson) | `7.3.0` | `7.3.1` |
| [mongoose](https://github.com/Automattic/mongoose) | `9.7.1` | `9.7.3` |



Updates `@bufbuild/protobuf` from 2.12.0 to 2.12.1
- [Release notes](https://github.com/bufbuild/protobuf-es/releases)
- [Commits](https://github.com/bufbuild/protobuf-es/commits/v2.12.1/packages/protobuf)

Updates `protobufjs` from 8.6.4 to 8.6.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v8.6.4...protobufjs-v8.6.5)

Updates `@scalar/express-api-reference` from 0.10.4 to 0.10.6
- [Release notes](https://github.com/scalar/scalar/releases)
- [Changelog](https://github.com/scalar/scalar/blob/main/integrations/express/CHANGELOG.md)
- [Commits](https://github.com/scalar/scalar/commits/HEAD/integrations/express)

Updates `graphql-tools` from 9.0.28 to 9.0.29
- [Release notes](https://github.com/ardatan/graphql-tools/releases)
- [Changelog](https://github.com/ardatan/graphql-tools/blob/master/packages/graphql-tools/CHANGELOG.md)
- [Commits](https://github.com/ardatan/graphql-tools/commits/graphql-tools@9.0.29/packages/graphql-tools)

Updates `axios` from 1.18.0 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.18.0...v1.18.1)

Updates `bullmq` from 5.79.0 to 5.79.2
- [Release notes](https://github.com/taskforcesh/bullmq/releases)
- [Commits](taskforcesh/bullmq@v5.79.0...v5.79.2)

Updates `bson` from 7.3.0 to 7.3.1
- [Release notes](https://github.com/mongodb/js-bson/releases)
- [Changelog](https://github.com/mongodb/js-bson/blob/main/HISTORY.md)
- [Commits](mongodb/js-bson@v7.3.0...v7.3.1)

Updates `mongoose` from 9.7.1 to 9.7.3
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](Automattic/mongoose@9.7.1...9.7.3)

---
updated-dependencies:
- dependency-name: "@bufbuild/protobuf"
  dependency-version: 2.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-patch
- dependency-name: "@scalar/express-api-reference"
  dependency-version: 0.10.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-patch
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-patch
- dependency-name: bson
  dependency-version: 7.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-patch
- dependency-name: bullmq
  dependency-version: 5.79.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-patch
- dependency-name: graphql-tools
  dependency-version: 9.0.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-patch
- dependency-name: mongoose
  dependency-version: 9.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-patch
- dependency-name: protobufjs
  dependency-version: 8.6.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-patch-5f7e6ac49b branch from 9ff30cd to 518495b Compare June 29, 2026 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants