Skip to content

chore(deps): bump the patch-updates group across 1 directory with 15 updates#2758

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/patch-updates-9aac18e279
Open

chore(deps): bump the patch-updates group across 1 directory with 15 updates#2758
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/patch-updates-9aac18e279

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026

Bumps the patch-updates group with 3 updates in the / directory: drizzle-orm, didwebvh-ts and nock.

Updates drizzle-orm from 0.45.1 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

  • Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

Commits

Updates didwebvh-ts from 2.7.2 to 2.7.3

Changelog

Sourced from didwebvh-ts's changelog.

2.7.3 (2026-04-18)

Bug Fixes

Commits
  • 08412ce chore(release): 2.7.3 [skip ci]
  • c2d6481 Merge pull request #94 from aviarytech/main
  • cf948fe fix: entry hash bug
  • 51852e6 Merge pull request #91 from swcurran/fix-tests
  • a0a9b6f Merge pull request #92 from swcurran/add-Claude
  • e706883 Adds CLAUDE.md file and a .gitignore entry for a local Claude Code file
  • cf625a5 Fix tests that are failing
  • See full diff in compare view

Updates nock from 14.0.11 to 14.0.12

Release notes

Sourced from nock's releases.

v14.0.12

14.0.12 (2026-04-05)

Bug Fixes

  • prevent crash when query params have conflicting dot-notation keys (#2958) (7ea9933)
Commits
  • 7ea9933 fix: prevent crash when query params have conflicting dot-notation keys (#2958)
  • d00d371 chore(deps): bump picomatch
  • e899c49 chore(deps-dev): bump minimatch from 3.1.2 to 3.1.5
  • 9ad19ea chore(deps): bump qs and @​definitelytyped/dtslint
  • 657d9a1 chore(deps): bump actions/checkout from 5 to 6 (#2933)
  • See full diff in compare view

Updates @expo/package-manager from 1.10.3 to 1.10.4

Changelog

Sourced from @​expo/package-manager's changelog.

Changelog

Unpublished

🛠 Breaking changes

🎉 New features

🐛 Bug fixes

💡 Others

Commits

Updates @expo/xcpretty from 4.4.1 to 4.4.3

Changelog

Sourced from @​expo/xcpretty's changelog.

Changelog

This is the log of notable changes to Expo CLI and related packages.

main

🛠 Breaking changes

🎉 New features

🧹 Chores

Sun, 10 Sep 2023 17:56:11 -0700

🛠 Breaking changes

🎉 New features

  • [doctor] @​expo/metro-config deep dependency check (#4742)
  • [pod-install] show alternative message in managed projects (#4566)
  • [create-expo] Bump @​expo/package-manager for Bun support
  • [create-expo] detect bun package manager (#4752)
  • [webpack]: Bump expo to SDK 49 (#4747)
  • [schemer]: additional validation for unsupported image formats (#4764)

🧹 Chores

🐛 Bug fixes

  • [create-expo]: allow scoped template package names (#4750)

📦 Packages updated

  • create-expo@2.1.1
  • create-expo-app@2.1.1
  • @​expo/dev-tools@​0.13.187
  • expo-cli@6.3.12
  • expo-doctor@1.1.3
  • install-expo-modules@0.6.3
  • pod-install@0.1.39
  • expo-pwa@0.0.127
  • @​expo/webpack-config@​18.1.3
  • xdl@60.0.12

Wed Jul 5 17:04:00 2023 -0700

🧹 Chores

  • [install-expo-modules] Update text re: Expo CLI installation

... (truncated)

Commits
  • af41736 Publish
  • f50492b [config-plugins] Make user interface style default to light if not specified ...
  • 6e73255 Enable socket controls in run:ios and run:android (#3403)
  • 0cad88c Remove readConfigJsonAsync shim (#3402)
  • c0ce92c Update CHANGELOG and schema cache
  • 50562c7 Publish
  • 4f40c27 [config-plugins] feat: enable splash screen plugin for any SDK greater than 3...
  • 5a37de7 improve cocoapods manager (#3399)
  • 421abf5 [xdl][expo-cli] Adds action event to unified project (#3372)
  • 17b37b4 Force overwriting by default (#3395)
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates @mswjs/interceptors from 0.41.3 to 0.41.4

Release notes

Sourced from @​mswjs/interceptors's releases.

v0.41.4 (2026-04-18)

Bug Fixes

  • add FetchRequest utility (#773) (53651056ceabd9c3dd03558e2409915f75b3d78a) @​kettanaito
Commits

Updates brace-expansion from 1.1.12 to 1.1.14

Commits

Updates call-bind from 1.0.8 to 1.0.9

Changelog

Sourced from call-bind's changelog.

v1.0.9 - 2026-04-09

Commits

  • [Fix] correct .length computation when partial args exceed function arity 95c406d
  • [Dev Deps] update @ljharb/eslint-config, es-value-fixtures, eslint, for-each, has-strict-mode, npmignore, object-inspect 06a4e21
  • [Deps] update call-bind-apply-helpers, es-define-property, get-intrinsic 3fea81e
  • [readme] replace runkit CI badge with shields.io check-runs badge 23437d4
Commits
  • 8d6a98c v1.0.9
  • 95c406d [Fix] correct .length computation when partial args exceed function arity
  • 3fea81e [Deps] update call-bind-apply-helpers, es-define-property, get-intrinsic
  • 06a4e21 [Dev Deps] update @ljharb/eslint-config, es-value-fixtures, eslint, `fo...
  • 23437d4 [readme] replace runkit CI badge with shields.io check-runs badge
  • See full diff in compare view

Updates es-abstract from 1.24.1 to 1.24.2

Changelog

Sourced from es-abstract's changelog.

1.24.2 / 2026-04-07

  • [Fix] IfAbruptCloseIterator: handle all abrupt completions, not just throw
  • [Robustness] use +x instead of Number(x)
  • [Robustness] use isFinite/parseInt intrinsics, and isNaN helper
  • [Robustness] ensure undefined is undefined
  • [patch] add a TODO to remove an unused helper
  • [Dev Deps] update @ljharb/eslint-config, npmignore
Commits
  • 9c40412 v1.24.2
  • 5f9c0c1 [Robustness] use +x instead of Number(x)
  • 9cb3440 [Fix] IfAbruptCloseIterator: handle all abrupt completions, not just throw
  • 4a61750 [patch] add a TODO to remove an unused helper
  • e69f21a [Robustness] use isFinite/parseInt intrinsics, and isNaN helper
  • ff03c92 [Robustness] ensure undefined is undefined
  • f4fc91c [Dev Deps] update @ljharb/eslint-config, npmignore
  • See full diff in compare view

Updates fast-xml-parser from 4.5.5 to 4.5.6

Release notes

Sourced from fast-xml-parser's releases.

Summary update on all the previous releases from v4.2.4

  • Multiple minor fixes provided in the validator and parser
  • v6 is added for experimental use.
  • ignoreAttributes support function, and array of string or regex
  • Add support for parsing HTML numeric entities
  • v5 of the application is ESM module now. However, JS is also supported

Note: Release section in not updated frequently. Please check CHANGELOG or Tags for latest release information.

Commits

Updates flow-parser from 0.307.0 to 0.309.0

Release notes

Sourced from flow-parser's releases.

v0.309.0

No significant changes.

v0.308.0

Parser:

  • The 5 enum body ESTree node types (EnumBooleanBody, EnumNumberBody, EnumStringBody, EnumSymbolBody, EnumBigIntBody) have been replaced with a single EnumBody node. Its members property is a flat array of per-type member nodes (EnumBooleanMember, EnumNumberMember, EnumStringMember, EnumBigIntMember, EnumDefaultedMember). The explicitType property is now a string ("boolean", "number", "string", "symbol", "bigint") or null (previously a boolean). hasUnknownMembers remains a boolean. Several enum validation errors are no longer reported by the parser and are instead reported by the type checker.

Library Definitions:

  • Add type definition for RegExp.escape()

v0.307.1

  • Misc: Store exports index in saved state
Changelog

Sourced from flow-parser's changelog.

0.309.0

No significant changes.

0.308.0

Parser:

  • The 5 enum body ESTree node types (EnumBooleanBody, EnumNumberBody, EnumStringBody, EnumSymbolBody, EnumBigIntBody) have been replaced with a single EnumBody node. Its members property is a flat array of per-type member nodes (EnumBooleanMember, EnumNumberMember, EnumStringMember, EnumBigIntMember, EnumDefaultedMember). The explicitType property is now a string ("boolean", "number", "string", "symbol", "bigint") or null (previously a boolean). hasUnknownMembers remains a boolean. Several enum validation errors are no longer reported by the parser and are instead reported by the type checker.

Library Definitions:

  • Add type definition for RegExp.escape()

0.307.1

  • Misc: Store exports index in saved state
Commits
  • 67b02e5 [flow] Fix saved_state_reinit_libdef_change_mergebase test on macOS
  • 045a97c v0.309.0
  • 303bfc5 [flow] Try saved-state reinit before reinit_full_check on mergebase change
  • 657359f [flow] Refactor reinit to support allow_fallback
  • eecbea9 [flow] Rename require_full_check_reinit to incompatible_lib_change
  • 0d67d70 [flow] Add test for saved-state reinit on mergebase libdef change
  • f7bc8c8 [flow] Fix check-test diff comparison for Windows
  • e020b50 [flow][oxidation] Box enum to reduce the memory usage
  • 802736d [flow] Add node_modules_errors .flowconfig option
  • 8974385 [flow][tslib] Support module as synonym for namespace in .d.ts files
  • Additional commits viewable in compare view

Updates minipass-flush from 1.0.6 to 1.0.7

Commits

Updates regjsparser from 0.13.0 to 0.13.1

Release notes

Sourced from regjsparser's releases.

Release v0.13.1

What's Changed

New Contributors

Full Changelog: jviereck/regjsparser@v0.13.0...v0.13.1

Commits
  • b20d194 Merge pull request #158 from jviereck/dependabot/npm_and_yarn/flatted-3.4.2
  • 447718a chore(deps-dev): bump flatted from 3.3.1 to 3.4.2
  • a8996a7 Update eslint to v10. (#156)
  • de8ff58 Merge pull request #157 from jviereck/dependabot/npm_and_yarn/minimatch-3.1.5
  • fb48f56 chore(deps-dev): bump minimatch from 3.1.2 to 3.1.5
  • 983ac7b Merge pull request #155 from jviereck/dependabot/npm_and_yarn/js-yaml-4.1.1
  • 112c257 chore(deps-dev): bump js-yaml from 4.1.0 to 4.1.1
  • See full diff in compare view

Updates safe-array-concat from 1.1.3 to 1.1.4

Changelog

Sourced from safe-array-concat's changelog.

v1.1.4 - 2026-04-19

Commits

  • [actions] update workflows 6747b8f
  • [Dev Deps] update @arethetypeswrong/cli, @ljharb/eslint-config, @ljharb/tsconfig, @types/isarray, @types/tape, eslint, npmignore aa30c94
  • [types] improve types 21276eb
  • [Deps] update call-bound, get-intrinsic efb5138
  • [Deps] update call-bind dbe4255
  • [Dev Deps] update @ljharb/eslint-config 470988c
  • [Dev Deps] update @ljharb/eslint-config 8a8f4ec
Commits
  • 255e625 v1.1.4
  • 6747b8f [actions] update workflows
  • 21276eb [types] improve types
  • dbe4255 [Deps] update call-bind
  • 470988c [Dev Deps] update @ljharb/eslint-config
  • 8a8f4ec [Dev Deps] update @ljharb/eslint-config
  • efb5138 [Deps] update call-bound, get-intrinsic
  • aa30c94 [Dev Deps] update @arethetypeswrong/cli, @ljharb/eslint-config, `@ljharb/...
  • See full diff in compare view

Updates slugify from 1.6.8 to 1.6.9

Changelog

Sourced from slugify's changelog.

v1.6.9 (2026-04-01)

  • #171 fix: correct CommonJS export for "module": "node16" + ESM (171) (@​karlhorky)
Commits
Maintainer changes

This version was pushed to npm by joshuakgoldberg, a new releaser for slugify since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the patch-updates group across 1 directory with 15 …
2183299 
…updates

Bumps the patch-updates group with 3 updates in the / directory: [drizzle-orm](https://github.com/drizzle-team/drizzle-orm), [didwebvh-ts](https://github.com/decentralized-identity/didwebvh-ts) and [nock](https://github.com/nock/nock).


Updates `drizzle-orm` from 0.45.1 to 0.45.2
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.45.1...0.45.2)

Updates `didwebvh-ts` from 2.7.2 to 2.7.3
- [Release notes](https://github.com/decentralized-identity/didwebvh-ts/releases)
- [Changelog](https://github.com/decentralized-identity/didwebvh-ts/blob/main/CHANGELOG.md)
- [Commits](decentralized-identity/didwebvh-ts@v2.7.2...v2.7.3)

Updates `nock` from 14.0.11 to 14.0.12
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](nock/nock@v14.0.11...v14.0.12)

Updates `@expo/package-manager` from 1.10.3 to 1.10.4
- [Changelog](https://github.com/expo/expo/blob/main/packages/@expo/package-manager/CHANGELOG.md)
- [Commits](https://github.com/expo/expo/commits/HEAD/packages/@expo/package-manager)

Updates `@expo/xcpretty` from 4.4.1 to 4.4.3
- [Changelog](https://github.com/expo/expo-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/expo/expo-cli/compare/expo-cli@4.4.1...expo-cli@4.4.3)

Updates `@mswjs/interceptors` from 0.41.3 to 0.41.4
- [Release notes](https://github.com/mswjs/interceptors/releases)
- [Commits](mswjs/interceptors@v0.41.3...v0.41.4)

Updates `brace-expansion` from 1.1.12 to 1.1.14
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.14)

Updates `call-bind` from 1.0.8 to 1.0.9
- [Changelog](https://github.com/ljharb/call-bind/blob/main/CHANGELOG.md)
- [Commits](ljharb/call-bind@v1.0.8...v1.0.9)

Updates `es-abstract` from 1.24.1 to 1.24.2
- [Changelog](https://github.com/ljharb/es-abstract/blob/main/CHANGELOG.md)
- [Commits](ljharb/es-abstract@v1.24.1...v1.24.2)

Updates `fast-xml-parser` from 4.5.5 to 4.5.6
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.5.5...v4.5.6)

Updates `flow-parser` from 0.307.0 to 0.309.0
- [Release notes](https://github.com/facebook/flow/releases)
- [Changelog](https://github.com/facebook/flow/blob/main/Changelog.md)
- [Commits](facebook/flow@v0.307.0...v0.309.0)

Updates `minipass-flush` from 1.0.6 to 1.0.7
- [Commits](isaacs/minipass-flush@v1.0.6...v1.0.7)

Updates `regjsparser` from 0.13.0 to 0.13.1
- [Release notes](https://github.com/jviereck/regjsparser/releases)
- [Changelog](https://github.com/jviereck/regjsparser/blob/gh-pages/CHANGELOG)
- [Commits](jviereck/regjsparser@v0.13.0...v0.13.1)

Updates `safe-array-concat` from 1.1.3 to 1.1.4
- [Changelog](https://github.com/ljharb/safe-array-concat/blob/main/CHANGELOG.md)
- [Commits](ljharb/safe-array-concat@v1.1.3...v1.1.4)

Updates `slugify` from 1.6.8 to 1.6.9
- [Changelog](https://github.com/simov/slugify/blob/master/CHANGELOG.md)
- [Commits](https://github.com/simov/slugify/commits)

---
updated-dependencies:
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: didwebvh-ts
  dependency-version: 2.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: nock
  dependency-version: 14.0.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: "@expo/package-manager"
  dependency-version: 1.10.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: "@expo/xcpretty"
  dependency-version: 4.4.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: "@mswjs/interceptors"
  dependency-version: 0.41.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: brace-expansion
  dependency-version: 1.1.14
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: call-bind
  dependency-version: 1.0.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: es-abstract
  dependency-version: 1.24.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: fast-xml-parser
  dependency-version: 4.5.6
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: flow-parser
  dependency-version: 0.309.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: patch-updates
- dependency-name: minipass-flush
  dependency-version: 1.0.7
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: regjsparser
  dependency-version: 0.13.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: safe-array-concat
  dependency-version: 1.1.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: slugify
  dependency-version: 1.6.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file npm labels Apr 20, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 20, 2026 07:57
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file npm labels Apr 20, 2026
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Apr 20, 2026

⚠️ No Changeset found

Latest commit: 2183299

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file npm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants