Bump the minor-patch-dependencies group across 1 directory with 21 updates

[dependabot]

Bumps the minor-patch-dependencies group with 21 updates in the / directory:

Package	From	To
better-sqlite3	12.6.0	12.8.0
mysql2	3.16.0	3.20.0
@cspell/eslint-plugin	9.4.0	9.7.0
@eslint/compat	2.0.1	2.0.3
@eslint/eslintrc	3.3.3	3.3.5
@types/node	25.0.6	25.5.0
@types/pg	8.16.0	8.18.0
@typescript-eslint/eslint-plugin	8.52.0	8.57.0
@typescript-eslint/parser	8.52.0	8.57.0
@vitest/coverage-v8	4.0.16	4.1.0
@vitest/ui	4.0.16	4.1.0
bun	1.3.5	1.3.10
@types/bun	1.3.5	1.3.10
bun-types	1.3.5	1.3.10
dayjs	1.11.19	1.11.20
drizzle-kit	0.31.8	0.31.9
eslint-plugin-no-unsanitized	4.1.4	4.1.5
eslint-plugin-prettier	5.5.4	5.5.5
prettier	3.7.4	3.8.1
type-fest	5.3.1	5.4.4
vitest	4.0.16	4.1.0

Updates better-sqlite3 from 12.6.0 to 12.8.0

Release notes

Sourced from better-sqlite3's releases.

v12.8.0

What's Changed

• Readme: requires Node.js v20 or later by @​Prinzhorn in WiseLibs/better-sqlite3#1443
• Update SQLite to version 3.51.3 in WiseLibs/better-sqlite3#1460
• fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 by @​tstone-1 in WiseLibs/better-sqlite3#1459

New Contributors

• @​tstone-1 made their first contribution in WiseLibs/better-sqlite3#1459

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

Full Changelog: WiseLibs/better-sqlite3@v12.7.1...v12.8.0

v12.7.1

Also not a viable release

The V8 API change was more bonkers than expected. See v12.8.0.

What's Changed

• fix: use Holder() instead of This() for Electron 41 compatibility by @​mceachen in WiseLibs/better-sqlite3#1456
• Roll back to SQLite to version 3.51.2 in WiseLibs/better-sqlite3#1457

Full Changelog: WiseLibs/better-sqlite3@v12.7.0...v12.7.1

v12.7.0

CAUTION: NOT A VIABLE RELEASE

Two (!!) reasons:

1. Electron v41 bit us and removed functions we were using, so a bunch of prebuilds are missing
2. From the SQLite team:

   Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

What's Changed

• chore(build.yml): update Electron version support to include v41 by @​mceachen in WiseLibs/better-sqlite3#1452
• Fix Node v25 test errors by @​m4heshd in WiseLibs/better-sqlite3#1454
• Update SQLite to version 3.52.0 in WiseLibs/better-sqlite3#1449
• Revert "Fix Node v25 test errors" by @​mceachen in WiseLibs/better-sqlite3#1455

Full Changelog: WiseLibs/better-sqlite3@v12.6.2...v12.7.0

... (truncated)

Commits

• fe774f5 12.8.0
• 8617ed6 fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 (#1459)
• 959a018 Update SQLite to version 3.51.3 (#1460)
• 43729c0 Readme: requires Node.js v20 or later (#1443)
• 27dc751 12.7.1
• db1119c Update SQLite to version 3.51.2 (#1457)
• d2c4815 fix: use Holder() instead of This() for Electron 41 compatibility (#1456)
• ef9ffce 12.7.0
• 3be46ff Revert "Fix Node v25 test errors" (#1455)
• f3a44a4 Update SQLite to version 3.52.0 (#1449)
• Additional commits viewable in compare view

Updates mysql2 from 3.16.0 to 3.20.0

Release notes

Sourced from mysql2's releases.

v3.20.0

3.20.0 (2026-03-15)

Features

• add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

• explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
• prevent double release from corrupting the connection pool (#4186) (7e57db6)
• restore PoolConnection as subclass of Connection (#4183) (97855a6)

v3.19.1

3.19.1 (2026-03-09)

Security Bug Fixes

• bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
• handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
• prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
• validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

v3.19.0

3.19.0 (2026-03-05)

Features

• use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

• fix precision loss for large decimal values (#4135) (099beea)

v3.18.2

3.18.2 (2026-02-26)

Bug Fixes

• types: add supportBigNumbers, bigNumberStrings, dateStrings, and timezone options to QueryOptions (#4127) (b274e72)
• types: extend QueryValues to callback-based methods (#4129) (2ad5f0b)
• types: improve ExecuteValues "nested" params (#4133) (3f94950)
• types: support Raw and Uint8Array params (#4132) (bde9aec)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.20.0 (2026-03-15)

Features

• add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

• explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
• prevent double release from corrupting the connection pool (#4186) (7e57db6)
• restore PoolConnection as subclass of Connection (#4183) (97855a6)

3.19.1 (2026-03-09)

Bug Fixes

• bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
• handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
• prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
• validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

3.19.0 (2026-03-05)

Features

• use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

• fix precision loss for large decimal values (#4135) (099beea)

3.18.2 (2026-02-26)

Bug Fixes

• types: add supportBigNumbers, bigNumberStrings, dateStrings, and timezone options to QueryOptions (#4127) (b274e72)
• types: extend QueryValues to callback-based methods (#4129) (2ad5f0b)
• types: improve ExecuteValues "nested" params (#4133) (3f94950)
• types: support Raw and Uint8Array params (#4132) (bde9aec)

3.18.1 (2026-02-25)

Bug Fixes

... (truncated)

Commits

• 6d0ba45 chore(master): release 3.20.0 (#4180)
• 5ac5563 fix: explicitly specify in auth plugins (#4175) (#4187)
• 1993624 ci: improve workflows triggering (#4189)
• ff839c2 docs: improve LLM Agents instructions (#4188)
• 7e57db6 fix: prevent double release from corrupting the connection pool (#4186)
• 92d0724 docs: include instructions to LLM agents (#4185)
• f4ce16a refactor: simplify TracingChannel logic (#4184)
• 97855a6 fix: restore PoolConnection as subclass of Connection (#4183)
• 90a0677 refactor: prevent unintentional breaking change after TracingChannel support ...
• 5b61d86 ci: improve coverage (#4181)
• Additional commits viewable in compare view

Updates @cspell/eslint-plugin from 9.4.0 to 9.7.0

Release notes

Sourced from @​cspell/eslint-plugin's releases.

v9.7.0

Features

feat: Substitution Part 4 - enable substitutions during document check (#8630)

Pull request overview

This PR enables substitution-based text transformations during document spell checking, allowing configured text patterns to be replaced before validation occurs.

Changes:

• Added substitution transformer support to the text validation pipeline
• Enhanced SubstitutionTransformer to handle both string and MappedText inputs with source map merging
• Refactored settingsToValidateOptions to explicitly map all validation option fields

---

feat: Substitution Part 3 (#8616)

Pull request overview

This PR updates the SourceMap encoding/handling to use relative span-length pairs (instead of absolute offset pairs) so transformations can be composed more reliably, while updating affected parsers, mappers, and tests across the monorepo.

Changes:

• Redefines SourceMap documentation/usage to represent relative [srcSpanLen, dstSpanLen] segments (with non-linear segment semantics).
• Introduces new SourceMap utilities in cspell-lib and refactors TextMap/mapping code and tests to use them.
• Updates TypeScript grammar parsing/mappers to emit relative maps and adjusts fixtures/tests accordingly.

[!CAUTION] Internal breaking: SourceMaps are now span lengths instead of being offsets. This makes them invariant during translation, making concatenation, and slicing much easier. A minor version change was chosen instead of a major version change since it was only used with the experimental TypeScript parser.

---

feat: Substitution Part 2 (#8599)

Pull request overview

... (truncated)

Changelog

Sourced from @​cspell/eslint-plugin's changelog.

v9.7.0 (2026-02-23)

Features

• feat: Substitution Part 4 - enable substitutions during document check (#8630)

• feat: Substitution Part 3 (#8616)

• feat: Substitution Part 2 (#8599)

• feat: Support text substitutions prior to spell checking - part 1 (#8592)

Fixes

• fix: Publish 9.7 (#8634)

• fix: Support ESLint 10 (#8620)

• fix: Prepare to support substitutions (#8584)

• fix: cspell-rpc - reduce the size of an RPC result. (#8574)

• fix: Add convertToBtrie method to trie-lib (#8562)

• refactor: Use standard dispose (#8559)

• refactor: Experiment with bundling default dictionaries (#8556)

• fix: Enable reading dictionaries from cspell-vfs (#8553)

• fix: Work on a bundler for CSpell Dictionaries (#8532)

• fix: Add support for MemVfs to cspell-io (#8543)

• fix: Add mergeConfig (#8539)

• fix: stemming rules part 1 (#8527)

Dictionary Updates

• fix: Workflow Bot -- Update Dictionaries (main) (#8570)
• fix: Workflow Bot -- Update Dictionaries (main) (#8542)

v9.6.4 (2026-02-04)

Fixes

• fix: add --no-dictionary option to lint command (#8514)
• fix: Correctly report blocked dictionaries (#8506)

v9.6.3 (2026-02-02)

Fixes

• fix: Add engines setting (#8491)

• refactor: consolidate reporting to file. (#8481)

• fix: Move cspell-lib/rpc into its own package (#8468)

... (truncated)

Commits

• 48f64e0 v9.7.0
• d894739 chore: Prepare Release v9.7.0 (auto-deploy) (#8635)
• 143bfed chore: Prepare Release v9.7.0 (auto-deploy) (#8521)
• 19ab125 chore: bump jsonc-eslint-parser from 2.4.2 to 3.0.0 (#8605)
• ef4bbe6 ci: Workflow Bot -- Update ALL Dependencies (main) (#8617)
• 403f912 chore: bump @eslint/js to 10 (#8623)
• a4b6fa0 test: support upgrade to jsonc-eslint-parser v3 (#8624)
• 158f3f2 fix: Support ESLint 10 (#8620)
• d29d262 ci: Workflow Bot -- Update ALL Dependencies (main) (#8609)
• bed74f5 chore: bump the development-dependencies group with 4 updates (#8602)
• Additional commits viewable in compare view

Updates @eslint/compat from 2.0.1 to 2.0.3

Release notes

Sourced from @​eslint/compat's releases.

compat: v2.0.3

2.0.3 (2026-03-06)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.0 to ^1.1.1

migrate-config: v2.0.3

2.0.3 (2026-03-06)

Bug Fixes

• update dependency @​eslint/eslintrc to ^3.3.4 (#382) (cecf46e)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/compat bumped from ^2.0.2 to ^2.0.3
  • devDependencies
    • @​eslint/core bumped from ^1.1.0 to ^1.1.1

compat: v2.0.2

2.0.2 (2026-01-29)

Bug Fixes

• add eslint 10 as peer dependency (#361) (ecb37dc)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.0.1 to ^1.1.0

migrate-config: v2.0.2

2.0.2 (2026-01-29)

Dependencies

• The following workspace dependencies were updated
  • dependencies

... (truncated)

Changelog

Sourced from @​eslint/compat's changelog.

2.0.3 (2026-03-06)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.0 to ^1.1.1

2.0.2 (2026-01-29)

Bug Fixes

• add eslint 10 as peer dependency (#361) (ecb37dc)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.0.1 to ^1.1.0

Commits

• 41eb19f chore: release main (#380)
• 5c42055 docs: Update README sponsors
• b13b482 docs: Update README sponsors
• 53d0bc3 docs: Update README sponsors
• bc1da95 docs: Update README sponsors
• 542bc6b docs: Update README sponsors
• 7cb43b6 build: standardize test scripts (#357)
• 98521c2 docs: Update README sponsors
• 7960653 chore: release main (#356)
• ecb37dc fix: add eslint 10 as peer dependency (#361)
• Additional commits viewable in compare view

Updates @eslint/eslintrc from 3.3.3 to 3.3.5

Release notes

Sourced from @​eslint/eslintrc's releases.

eslintrc: v3.3.5

3.3.5 (2026-03-04)

Bug Fixes

• update dependency minimatch to ^3.1.5 (#227) (3dc2381)

eslintrc: v3.3.4

3.3.4 (2026-02-22)

Bug Fixes

• update ajv to 6.14.0 to address security vulnerabilities (#221) (9139140)
• update minimatch to 3.1.3 to address security vulnerabilities (#224) (30339d0)

Changelog

Sourced from @​eslint/eslintrc's changelog.

3.3.5 (2026-03-04)

Bug Fixes

• update dependency minimatch to ^3.1.5 (#227) (3dc2381)

3.3.4 (2026-02-22)

Bug Fixes

• update ajv to 6.14.0 to address security vulnerabilities (#221) (9139140)
• update minimatch to 3.1.3 to address security vulnerabilities (#224) (30339d0)

Commits

• 5135df1 chore: release 3.3.5 🚀 (#228)
• c109d69 docs: Update README sponsors
• 3dc2381 fix: update dependency minimatch to ^3.1.5 (#227)
• 81385b6 ci: pin Node.js 25.6.1 (#226)
• 4c45e24 chore: release 3.3.4 🚀 (#223)
• 30339d0 fix: update minimatch to 3.1.3 to address security vulnerabilities (#224)
• 9139140 fix: update ajv to 6.14.0 to address security vulnerabilities (#221)
• 245ada5 docs: Update README sponsors
• 78b1a0e docs: Update README sponsors
• df32fff docs: Update README sponsors
• Additional commits viewable in compare view

Updates @types/node from 25.0.6 to 25.5.0

Commits

• See full diff in compare view

Updates @types/pg from 8.16.0 to 8.18.0

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.52.0 to 8.57.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.57.0

8.57.0 (2026-03-09)

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

• eslint-plugin: [strict-void-return] false positives with overloads (#12055)
• eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
• eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
• eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
• eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
• typescript-estree: switch back to use ts.getModifiers() (#12034)
• typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

• Brad Zacher @​bradzacher
• Brian Schlenker @​bschlenk
• Evyatar Daud @​StyleShit
• fisker Cheung @​fisker
• James Henry @​JamesHenry
• Josh Goldberg
• Kirk Waiblinger @​kirkwaiblinger
• Moses Odutusin @​thebolarin
• Newton Yuan @​NewtonYuan
• SungHyun627 @​SungHyun627
• Younsang Na @​nayounsang

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

• chore(deps): update dependency minimatch to v10.2.2 by @​benmccann in typescript-eslint/typescript-eslint#12074

You can read about our versioning strategy and releases on our website.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.57.0 (2026-03-09)

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

• eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
• eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
• typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)
• eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
• eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
• eslint-plugin: [strict-void-return] false positives with overloads (#12055)

❤️ Thank You

• Brad Zacher @​bradzacher
• Brian Schlenker @​bschlenk
• Evyatar Daud @​StyleShit
• James Henry @​JamesHenry
• Josh Goldberg
• Kirk Waiblinger @​kirkwaiblinger
• Moses Odutusin @​thebolarin
• Newton Yuan @​NewtonYuan
• SungHyun627 @​SungHyun627
• Younsang Na @​nayounsang

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.1 (2026-02-23)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

... (truncated)

Commits

• 2c6aeee chore(release): publish 8.57.0
• 46bf066 docs(eslint-plugin): document no-unnecessary-condition limitation with object...
• f696dad chore: use pnpm catalog (#12047)
• 2029c78 fix(eslint-plugin): [no-base-to-string] fix false positive for toString with ...
• 0f4f101 fix(eslint-plugin): [prefer-promise-reject-errors] add allow `TypeOrValueSpec...
• 53f473b fix(typescript-estree): if the template literal is tagged and the text has an...
• 2291b81 docs: minor grammar adjustment (#12112)
• fc5cd09 fix(eslint-plugin): guard against negative paramIndex in no-useless-default-a...
• adc2aad fix(eslint-plugin): handle statically analyzable computed keys in prefer-read...
• 85badff fix(eslint-plugin): [strict-void-return] false positives with overloads (#12055)
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.52.0 to 8.57.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.57.0

8.57.0 (2026-03-09)

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

• eslint-plugin: [strict-void-return] false positives with overloads (#12055)
• eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
• eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
• eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
• eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
• typescript-estree: switch back to use ts.getModifiers() (#12034)
• typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

• Brad Zacher @​bradzacher
• Brian Schlenker @​bschlenk
• Evyatar Daud @​StyleShit
• fisker Cheung @​fisker
• James Henry @​JamesHenry
• Josh Goldberg
• Kirk Waiblinger @​kirkwaiblinger
• Moses Odutusin @​thebolarin
• Newton Yuan @​NewtonYuan
• SungHyun627 @​SungHyun627
• Younsang Na @​nayounsang

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

• chore(deps): update dependency minimatch to v10.2.2 by @​benmccann in typescript-eslint/typescript-eslint#12074

You can read about our versioning strategy and releases on our website.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.57.0 (2026-03-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.1 (2026-02-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

❤️ Thank You

• Brad Zacher @​bradzacher
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.55.0 (2026-02-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.54.0 (2026-01-26)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.53.1 (2026-01-19)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

... (truncated)

Commits

• 2c6aeee chore(release): publish 8.57.0
• f696dad chore: use pnpm catalog (#12047)
• a09921e chore: update vitest to 4.x (#12071)
• 96a04a9 chore(release): publish 8.56.1
• 8b8b68f chore(release): publish 8.56.0
• 68a074f feat: support ESLint v10 (#12057)
• fedfe86 chore(release): publish 8.55.0
• b931f8c chore: use workspace refs for workspace deps (#12018)

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.