Skip to content

chore(deps): bump uuid, @azure/msal-node, typeorm, @apollo/server, @testcontainers/postgresql, jest-junit and testcontainers in /backend#1808

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/backend/multi-23e66a828a
Open

chore(deps): bump uuid, @azure/msal-node, typeorm, @apollo/server, @testcontainers/postgresql, jest-junit and testcontainers in /backend#1808
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/backend/multi-23e66a828a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 21, 2026

Bumps uuid to 14.0.0 and updates ancestor dependencies uuid, @azure/msal-node, typeorm, @apollo/server, @testcontainers/postgresql, jest-junit and testcontainers. These dependencies need to be updated together.

Updates uuid from 11.1.0 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

  • expect crypto to be global everywhere (requires node@20+) (#935)
  • drop node@18 support (#934)

Features

Bug Fixes

  • expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
  • Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

  • rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

Bug Fixes

v12.0.1

12.0.1 (2026-04-29)

... (truncated)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

  • Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

  • crypto is now expected to be globally defined (requires node@20+) (#935)
  • drop node@18 support (#934)
  • upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

Bug Fixes

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

  • update to typescript@5.2 (#887)
  • remove CommonJS support (#886)
  • drop node@16 support (#883)

Features

Bug Fixes

Commits
  • 7c1ea08 chore(main): release 14.0.0 (#926)
  • 3d2c5b0 Merge commit from fork
  • f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
  • 529ef08 chore: upgrade TypeScript and fixup types (#927)
  • 086fd79 chore: update dependencies (#933)
  • dc4ddb8 feat!: drop node@18 support (#934)
  • 0f1f9c9 chore: switch to Biome for parsing and linting (#932)
  • e2879e6 chore: use maintained version of npm-run-all (#930)
  • ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
  • 0423d49 docs: remove obsolete v1 option notes (#915)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.


Updates @azure/msal-node from 5.1.1 to 5.2.2

Release notes

Sourced from @​azure/msal-node's releases.

@​azure/msal-angular v5.2.2

5.2.2

Tue, 28 Apr 2026 21:30:33 GMT

Patches

  • Bump @​azure/msal-browser to v5.9.0 (beachball)

@​azure/msal-node-extensions v5.2.2

5.2.2

Tue, 19 May 2026 19:29:14 GMT

Patches

  • Bump @​azure/msal-common to v16.6.2 (beachball)

@​azure/msal-node v5.2.2

5.2.2

Tue, 19 May 2026 19:29:14 GMT

Patches

  • Bump @​azure/msal-common to v16.6.2 (beachball)

@​azure/msal-react v5.2.1

5.2.1

Wed, 01 Apr 2026 20:09:00 GMT

Patches

@​azure/msal-angular v5.2.1

5.2.1

Tue, 21 Apr 2026 22:41:19 GMT

Patches

  • Bump @​azure/msal-browser to v5.8.0 (beachball)

@​azure/msal-node-extensions v5.2.1

5.2.1

Mon, 11 May 2026 21:48:15 GMT

... (truncated)

Commits
  • 738ade6 check account loginHint before idTokenClaims setting logoutHint (#8591)
  • 1fff290 Add allowPlatformBrokerWithDOM experimental config flag (#8589)
  • 99e0895 Custom Auth: add requestInterceptor for custom x-* request headers (#8587)
  • ce50f41 Post-release PR (#8585)
  • c661401 Complete test tenant migration (#8584)
  • bbcc105 Add browser compatibility guidelines and review instructions for msal-browser...
  • d7a7eb5 Add issuer validation check whenever MSAL JS performs OIDC endpoint discovery...
  • 9884a71 Post-release PR (#8583)
  • b4e498c Stop looking in localStorage for temporary cache (#8579)
  • 1b261b4 Bump uuid and @​actions/core in /.github/actions/issue_template_bot (#8571)
  • Additional commits viewable in compare view

Updates typeorm from 0.3.28 to 1.0.0

Release notes

Sourced from typeorm's releases.

1.0.0

TypeORM v1.0 is here! 🥳

👉 For a structured walk-through of the changes in v1.0 — breaking changes, new features, security fixes, and the upgrade path from 0.3.x — see the v1.0 Release Notes.

This release includes breaking changes. See the v1.0 Upgrade Guide

What's Changed

... (truncated)

Changelog

Sourced from typeorm's changelog.

1.0.0 (2026-05-19)

👉 For a structured walk-through of the changes in v1.0 — breaking changes, new features, security fixes, and the upgrade path from 0.3.x — see the v1.0 Release Notes.

The list below is the set of commits between 0.3.30 and 1.0.0 — fixes already shipped on the 0.3.x line are listed under their respective 0.3.x entries below.

Bug Fixes

  • cascade: propagate withDeleted to relation-id loader for many-to-many recover (#12287) (cfba9e7)
  • cascade: support cascade remove for OneToMany relations with composite PKs (#12286) (09183c8)
  • cli: preserve devDependencies needed by init command in published package (#12281) (c3b771c)
  • cockroachdb: preserve structured query results during txn retry replay (#11861) (09db48c)
  • codemod: apply find-options select/relations rewrites to .exists() too (#12399) (4461063)
  • codemod: correct relation-count guidance and flag loadRelationCountAndMap (#12374) (5de5490)
  • codemod: cover ColumnMetadata args.options in column option rewrites (#12400) (7a68cf2)
  • codemod: exclude type declarations from build (#12292) (4c645f0)
  • codemod: handle aliases, quoted keys, and ObjectProperty variants (#12377) (2d15644)
  • codemod: handle lock option objects correctly and increase test coverage (#12353) (b871719)
  • codemod: handle typeof type queries and use getStringValue consistently (#12379) (dedea37)
  • codemod: harden destructure and DI accessor rewrites for connection to dataSource rename (#12398) (057ddbc)
  • codemod: harden scope and type-name detection across more AST shapes (#12394) (9d1fd8d)
  • codemod: harden scope, idempotency, and import-strip semantics (#12391) (ed5a19b)
  • codemod: recognize typeorm deep-path imports (#12382) (a96b097)
  • codemod: rename .connection on EntityMetadata, ColumnMetadata, IndexMetadata (#12383) (8a51e30), closes #12249
  • codemod: rewrite typeorm re-exports in barrel files (#12373) (25f0b5f)
  • codemod: scope v1 transforms to typeorm imports and skip .d.ts files (#12372) (a34fdb2)
  • codemod: track DataSource accessor chains for typed-variable renames (#12385) (14a3132)
  • copy cordova query rows affected into query result (#10873) (ad22c10)
  • disable global order for aggregate functions (#11925) (2efb2a1)
  • do not run npm install during CLI init (#12386) (66aa930)
  • docs: add lunr as explicit dependency for pnpm strict hoisting (f4d435e)
  • docs: align code style (#12081) (5f6eb4c)
  • docs: complete Typesense removal missed during cherry-pick (eb7a5b6)
  • docs: update docs pnpm lockfile for new dependencies (4123db9)
  • eager load relation strategy (#11326) (5797d97)
  • enhance upsert functionality for proper sql generation with table alias (#11915) (42ce630)
  • expo: auto-load expo-sqlite driver via loadDependencies() (#12363) (212c8ef)
  • fix up change detection with date transformer (#11963) (e3e3c97)
  • fix up generated query with .update() (#11993) (fe6c072)
  • fix up join attributes inside bracket (#11218) (d233daa)
  • fix up map objects comparison (#10990) (f66eee7)
  • fix up save with eagerly loaded relation (#11975) (f5cea95)
  • fix working with tables with quotes in the names for postgres and cockroachdb (#10993) (e5a8afb)
  • handle re-save of postgres geometric types (#11857) (65dea3c)
  • handle relation ids in nested embedded entities (#11942) (5237bee)
  • include joined entity primary keys in pagination subquery (#11669) (4ffe666)
  • make shorten method to properly work with camelCase_aliases (#11283) (8a9a376)
  • merging into an entity now respects null values (#11154) (1676484)

... (truncated)

Commits
  • cf3f13f docs: restyle version dropdown for v1 release (#12514)
  • 6997b23 chore: release v1.0.0 (#12510)
  • df09802 fix(cockroachdb): adjust join in loadTables to load correct table columns (#1...
  • f5cc456 fix(find-options): allow array values in JsonContains (#12420)
  • 9440998 fix(mysql)!: use index identifiers instead of raw SQL in QB.useIndex() (#12...
  • a4f26af chore(deps): bump the github-actions-official group with 3 updates (#12483)
  • ac2ffc6 chore(deps): bump the github-actions-third-party group with 3 updates (#12484)
  • 62948a3 revert: fix up limit with joins (#12478)
  • c2b788f ci: pin all GitHub Actions to commit SHAs (#12481)
  • 9284c16 fix(security): validate limit() in Update/SoftDelete query builders (#12436)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for typeorm since your current version.


Updates @apollo/server from 5.5.0 to 5.5.1

Release notes

Sourced from @​apollo/server's releases.

@​apollo/server-integration-testsuite@​5.5.1

Patch Changes

  • Updated dependencies [3f46c51]:
    • @​apollo/server@​5.5.1

@​apollo/server@​5.5.1

Patch Changes

Changelog

Sourced from @​apollo/server's changelog.

5.5.1

Patch Changes

Commits

Updates @testcontainers/postgresql from 11.14.0 to 12.0.0

Release notes

Sourced from @​testcontainers/postgresql's releases.

v12.0.0

🚨 Breaking Changes

  1. Node 20 is EOL. Minimum engine requirement is now >= 22.22, matching the constraints from our dependencies.

  2. Previously, when no wait strategy was configured, Testcontainers defaulted to Wait.forListeningPorts().

    The new default wait strategy uses a Docker healthcheck when one is configured on the container image or service, falling back to Wait.forListeningPorts() when no healthcheck is available.

    To keep the previous behaviour, configure Wait.forListeningPorts() explicitly:

    import { DockerComposeEnvironment, GenericContainer, Wait } from "testcontainers";
// Container: opt back into the previous default of waiting for listening ports
const container = await new GenericContainer("my-image:latest")
.withExposedPorts(8080)
.withWaitStrategy(Wait.forListeningPorts())
.start();
// Compose: apply the previous default to all services
const environment = await new DockerComposeEnvironment(composeFilePath, "docker-compose.yml")
.withDefaultWaitStrategy(Wait.forListeningPorts())
.up();
// Compose: or apply it to a specific compose container
const environment = await new DockerComposeEnvironment(composeFilePath, "docker-compose.yml")
.withWaitStrategy("api-1", Wait.forListeningPorts())
.up();

Changes

🚀 Features

🐛 Bug Fixes

📖 Documentation

🧹 Maintenance

... (truncated)

Commits
  • 80d537a Fix npm publish version updates (#1330)
  • 5e9bfff Use configured health checks as the default wait strategy (#1096)
  • 7f40327 Bump ghcr.io/devcontainers/features/node in the dependencies group (#1318)
  • df148bb Bump the dependencies group across 18 directories with 20 updates (#1321)
  • 1b7d67f Bump the dependencies group across 1 directory with 30 updates (#1322)
  • b25bbea Read RYUK_CONTAINER_IMAGE lazily so dotenv / other runtime overrides work (...
  • cec8a5f Bump the dependencies group across 1 directory with 23 updates (#1300)
  • 78975ef Bump the dependencies group across 16 directories with 18 updates (#1299)
  • 303430f Use /tmp for Kafka startup script (#1302)
  • 38fb397 Clarify PR defaults in AGENTS.md (#1303)
  • Additional commits viewable in compare view

Updates jest-junit from 16.0.0 to 17.0.0

Release notes

Sourced from jest-junit's releases.

v17.0.0

Upgrade uuid package to latest - jest-community/jest-junit#284

Commits
  • 20d8f14 v17.0.0
  • c91dd20 Merge pull request #284 from palmerj3/upgrade-uuid-14
  • 8ff39ee Upgrade uuid to 14.0.0
  • e866b5f Add CODEOWNERS
  • 33a5a8b Merge pull request #278 from jest-community/update-ci-versions
  • f33e1f2 Update to Jest 30.2.0 and regenerate snapshots
  • 81c9775 NPM audit fix
  • 50e2666 Convert from yarn to npm
  • b4a7e14 Add snapshot update command to CLAUDE.md
  • b56a503 Simplify CI to test only Jest 30.x
  • Additional commits viewable in compare view

Updates testcontainers from 11.14.0 to 12.0.0

Release notes

Sourced from testcontainers's releases.

v12.0.0

🚨 Breaking Changes

  1. Node 20 is EOL. Minimum engine requirement is now >= 22.22, matching the constraints from our dependencies.

  2. Previously, when no wait strategy was configured, Testcontainers defaulted to Wait.forListeningPorts().

    The new default wait strategy uses a Docker healthcheck when one is configured on the container image or service, falling back to Wait.forListeningPorts() when no healthcheck is available.

    To keep the previous behaviour, configure Wait.forListeningPorts() explicitly:

    import { DockerComposeEnvironment, GenericContainer, Wait } from "testcontainers";
// Container: opt back into the previous default of waiting for listening ports
const container = await new GenericContainer("my-image:latest")
.withExposedPorts(8080)
.withWaitStrategy(Wait.forListeningPorts())
.start();
// Compose: apply the previous default to all services
const environment = await new DockerComposeEnvironment(composeFilePath, "docker-compose.yml")
.withDefaultWaitStrategy(Wait.forListeningPorts())
.up();
// Compose: or apply it to a specific compose container
const environment = await new DockerComposeEnvironment(composeFilePath, "docker-compose.yml")
.withWaitStrategy("api-1", Wait.forListeningPorts())
.up();

Changes

🚀 Features

🐛 Bug Fixes

📖 Documentation

🧹 Maintenance

... (truncated)

Commits
  • 80d537a Fix npm publish version updates (#1330)
  • 5e9bfff Use configured health checks as the default wait strategy (#1096)
  • 7f40327 Bump ghcr.io/devcontainers/features/node in the dependencies group (#1318)
  • df148bb Bump the dependencies group across 18 directories with 20 updates (#1321)
  • 1b7d67f Bump the dependencies group across 1 directory with 30 updates (#1322)
  • b25bbea Read RYUK_CONTAINER_IMAGE lazily so dotenv / other runtime overrides work (...
  • cec8a5f Bump the dependencies group across 1 directory with 23 updates (#1300)
  • 78975ef Bump the dependencies group across 16 directories with 18 updates (#1299)
  • 303430f Use /tmp for Kafka startup script (#1302)
  • 38fb397 Clarify PR defaults in AGENTS.md (#1303)
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
uuid [>= 13.a, < 14]
uuid [>= 12.a, < 13]
uuid [>= 14.a, < 15]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump uuid, @azure/msal-node, typeorm, @apollo/server, @t…
47485ff 
…estcontainers/postgresql, jest-junit and testcontainers

Bumps [uuid](https://github.com/uuidjs/uuid) to 14.0.0 and updates ancestor dependencies [uuid](https://github.com/uuidjs/uuid), [@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js), [typeorm](https://github.com/typeorm/typeorm), [@apollo/server](https://github.com/apollographql/apollo-server/tree/HEAD/packages/server), [@testcontainers/postgresql](https://github.com/testcontainers/testcontainers-node), [jest-junit](https://github.com/jest-community/jest-junit) and [testcontainers](https://github.com/testcontainers/testcontainers-node). These dependencies need to be updated together.


Updates `uuid` from 11.1.0 to 14.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v11.1.0...v14.0.0)

Updates `@azure/msal-node` from 5.1.1 to 5.2.2
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-js/releases)
- [Commits](AzureAD/microsoft-authentication-library-for-js@msal-node-v5.1.1...msal-node-v5.2.2)

Updates `typeorm` from 0.3.28 to 1.0.0
- [Release notes](https://github.com/typeorm/typeorm/releases)
- [Changelog](https://github.com/typeorm/typeorm/blob/master/CHANGELOG.md)
- [Commits](typeorm/typeorm@0.3.28...1.0.0)

Updates `@apollo/server` from 5.5.0 to 5.5.1
- [Release notes](https://github.com/apollographql/apollo-server/releases)
- [Changelog](https://github.com/apollographql/apollo-server/blob/main/packages/server/CHANGELOG.md)
- [Commits](https://github.com/apollographql/apollo-server/commits/@apollo/server@5.5.1/packages/server)

Updates `@testcontainers/postgresql` from 11.14.0 to 12.0.0
- [Release notes](https://github.com/testcontainers/testcontainers-node/releases)
- [Commits](testcontainers/testcontainers-node@v11.14.0...v12.0.0)

Updates `jest-junit` from 16.0.0 to 17.0.0
- [Release notes](https://github.com/jest-community/jest-junit/releases)
- [Commits](jest-community/jest-junit@v16.0.0...v17.0.0)

Updates `testcontainers` from 11.14.0 to 12.0.0
- [Release notes](https://github.com/testcontainers/testcontainers-node/releases)
- [Commits](testcontainers/testcontainers-node@v11.14.0...v12.0.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 14.0.0
  dependency-type: direct:production
- dependency-name: "@azure/msal-node"
  dependency-version: 5.2.2
  dependency-type: indirect
- dependency-name: typeorm
  dependency-version: 1.0.0
  dependency-type: direct:production
- dependency-name: "@apollo/server"
  dependency-version: 5.5.1
  dependency-type: indirect
- dependency-name: "@testcontainers/postgresql"
  dependency-version: 12.0.0
  dependency-type: direct:development
- dependency-name: jest-junit
  dependency-version: 17.0.0
  dependency-type: direct:development
- dependency-name: testcontainers
  dependency-version: 12.0.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants