Skip to content

Bump the minor-and-patches group across 1 directory with 18 updates#686

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patches-39f99e22ff
Open

Bump the minor-and-patches group across 1 directory with 18 updates#686
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patches-39f99e22ff

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patches group with 16 updates in the / directory:

Package From To
@sentry/tracing 7.22.0 7.120.4
@tensorflow/tfjs-node 4.21.0 4.22.0
@vector-im/matrix-bot-sdk 0.8.0-element.2 0.9.0-element.1
axios 1.15.2 1.18.1
humanize-duration 3.27.2 3.33.2
@types/humanize-duration 3.27.1 3.27.4
nsfwjs 4.1.0 4.3.0
parse-duration 2.1.3 2.1.6
pg 8.8.0 8.22.0
@types/pg 8.6.5 8.20.0
shell-quote 1.7.3 1.8.4
@types/shell-quote 1.7.1 1.7.5
yaml 2.8.3 2.9.0
@types/crypto-js 4.0.2 4.2.2
@types/nedb 1.8.12 1.8.16
@types/simple-oauth2 5.0.7 5.0.8

Updates @sentry/tracing from 7.22.0 to 7.120.4

Release notes

Sourced from @​sentry/tracing's releases.

7.120.4

  • fix(v7/cdn): Stop using Object.assign to be ES5 compatible (#17080)

7.120.4-alpha.1

No user-facing changes, only internal changes.

Changelog

Sourced from @​sentry/tracing's changelog.

7.120.4

  • fix(v7/cdn): Stop using Object.assign to be ES5 compatible (#17080)

7.120.4-alpha.1

No user-facing changes, only internal changes.

7.120.4-alpha.0

  • fix(v7/cdn): Stop using Object.assign to be ES5 compatible (#17080)

7.120.3

  • fix(v7/publish): Ensure discontinued packages are published with latest tag (#14926)

7.120.2

  • fix(tracing-internal): Fix case when lrp keys offset is 0 (#14615)

Work in this release contributed by @​LubomirIgonda1. Thank you for your contribution!

7.120.1

  • fix(v7/cdn): Ensure _sentryModuleMetadata is not mangled (#14357)

Work in this release contributed by @​gilisho. Thank you for your contribution!

7.120.0

  • feat(v7/browser): Add moduleMetadataIntegration lazy loading support (#13822)

Work in this release contributed by @​gilisho. Thank you for your contribution!

7.119.2

  • chore(nextjs/v7): Bump rollup to 2.79.2

7.119.1

  • fix(browser/v7): Ensure wrap() only returns functions (#13838 backport)

Work in this release contributed by @​legobeat. Thank you for your contribution!

7.119.0

  • backport(tracing): Report dropped spans for transactions (#13343)

7.118.0

... (truncated)

Commits

Updates @tensorflow/tfjs-node from 4.21.0 to 4.22.0

Release notes

Sourced from @​tensorflow/tfjs-node's releases.

tfjs-v4.22.0

Core (4.21.0 ==> 4.22.0)

Misc

Data (4.21.0 ==> 4.22.0)

Misc

Layers (4.21.0 ==> 4.22.0)

Misc

Converter (4.21.0 ==> 4.22.0)

Misc

  • Update lockfiles branch tfjs_4.22.0_lockfiles lock files. (#8420). Thanks, @​dbcp1.
  • Update monorepo to 4.22.0. (#8419). Thanks, @​dbcp1.

Node (4.21.0 ==> 4.22.0)

Misc

Wasm (4.21.0 ==> 4.22.0)

Misc

  • Update lockfiles branch tfjs_4.22.0_lockfiles lock files. (#8420). Thanks, @​dbcp1.
  • Update monorepo to 4.22.0. (#8419). Thanks, @​dbcp1.

Cpu (4.21.0 ==> 4.22.0)

Misc

Webgl (4.21.0 ==> 4.22.0)

Misc

  • Update lockfiles branch tfjs_4.22.0_lockfiles lock files. (#8420). Thanks, @​dbcp1.
  • Update monorepo to 4.22.0. (#8419). Thanks, @​dbcp1.

WebGPU (4.21.0 ==> 4.22.0)

... (truncated)

Commits

Updates @vector-im/matrix-bot-sdk from 0.8.0-element.2 to 0.9.0-element.1

Release notes

Sourced from @​vector-im/matrix-bot-sdk's releases.

0.9.0-element.1

What's Changed

New Contributors

Full Changelog: element-hq/matrix-bot-sdk@0.9.0-element.0...0.9.0-element.1

0.9.0-element.0

This release adds support for cross-signing bot devices.

What's Changed

New Contributors

Full Changelog: element-hq/matrix-bot-sdk@0.8.0-element.3...0.9.0-element.0

0.8.0-element.3

This release should now support using encrypted appservices under Matrix OIDC / MAS.

What's Changed

New Contributors

Full Changelog: element-hq/matrix-bot-sdk@0.8.0-element.2...0.8.0-element.3

Commits
  • 95ab1cc 0.9.0-element.1
  • c48e51f Bump matrix-sdk-crypto-nodejs for Node 26 support (#101)
  • bbb2e57 Update test
  • b380214 Use caret version for matrix-sdk-crypto-nodejs
  • 106b045 Bump matrix-sdk-crypto-nodejs for Node 26 support
  • 1814c18 Don't include fallbacks in rich replies (#99)
  • 7357ed7 Absorb matrix-mock-request to fix tests on Node 26 (#102)
  • 4902099 Update copyright & year
  • f9dbe1f Lint MatrixMockRequest
  • e6f6875 Absorb matrix-mock-request to fix tests on Node 26
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vector-im/matrix-bot-sdk since your current version.


Updates axios from 1.15.2 to 1.18.1

Release notes

Sourced from axios's releases.

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

🔧 Maintenance & Chores

  • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

  • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

... (truncated)

Commits
  • a209bfb chore(release): prepare release 1.18.1 (#11027)
  • fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
  • 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
  • a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
  • cf1306a docs: add Deno to install instructions (#11023)
  • b32880a fix: incorrect use of error (#11021)
  • 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
  • 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
  • 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
  • e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
  • Additional commits viewable in compare view

Updates express from 4.20.0 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

... (truncated)

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

4.21.2 / 2024-11-06

  • deps: path-to-regexp@0.1.12
    • Fix backtracking protection
  • deps: path-to-regexp@0.1.11
    • Throws an error on invalid path values

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

  • Deprecate res.location("back") and res.redirect("back") magic string
  • deps: serve-static@1.16.2
    • includes send@0.19.0
  • deps: finalhandler@1.3.1
  • deps: qs@6.13.0
Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates humanize-duration from 3.27.2 to 3.33.2

Changelog

Sourced from humanize-duration's changelog.

3.33.2 / 2025-12-07

  • fix: Romanian now correctly uses "de" before nouns for numbers >= 20 such as "20 de minute" instead of "20 minute" (see #235)

3.33.1 / 2025-09-15

  • change: shrink size slightly

3.33.0 / 2025-06-05

  • new: Serbian Latin support (sr_Latn)

3.32.2 / 2025-05-12

  • fix: use "週間" instead of "週" in Japanese (see #230)

3.32.1 / 2024-05-25

  • fix: hide unit count if 2 in Arabic (see #222)

3.32.0 / 2024-03-29

  • new: Amharic support (am)
  • change: use Object.assign internally on newer runtimes, which should be slightly faster

3.31.0 / 2023-11-10

  • new: Central Kurdish support (ckb)

3.30.0 / 2023-09-17

  • new: Uzbek support (uz and uz_CYR)

3.29.0 / 2023-07-09

  • new: digitReplacements option
  • change: cleaned up documentation
  • change: shrank package size slightly

3.28.0 / 2023-01-14

  • new: Mongolian support (mn)

3.27.3 / 2022-08-26

  • fix: ordering for Swahili (see #207)
Commits
  • c48d0e6 3.33.2
  • 54ee090 Update changelog and bower.json for 3.33.2 release
  • ddc208b Update devDependencies to latest versions
  • 7477b29 Update changelog with reference to recent patch
  • 5b231fb Simplify Romanian unit function arguments
  • 1d6c3a7 Use "de" in Romanian for numbers >= 20
  • d418b69 Update devDependencies to latest versions
  • 6904e7a Add some JSDoc comments
  • 7d96bbc 3.33.1
  • 8e7cf83 Update changelog and bower.json for 3.33.1 release
  • Additional commits viewable in compare view

Updates @types/humanize-duration from 3.27.1 to 3.27.4

Commits

Updates nsfwjs from 4.1.0 to 4.3.0

Release notes

Sourced from nsfwjs's releases.

v4.2.1

  • Added trailing slash to Buffer import in index.ts (#898) 93667b0

infinitered/nsfwjs@v4.2.0...v4.2.1

Updating ESM Bundling

  • ESM related fixes (#897 by @​haZya) 2f60c4e
  • build(deps-dev): bump @​tensorflow/tfjs from 4.20.0 to 4.21.0 (#884) ba33553
  • build(deps-dev): bump typescript from 5.5.4 to 5.6.2 (#887) 6d4e47a
  • build(deps-dev): bump terser from 5.31.3 to 5.33.0 (#889) 8914307
  • build(deps-dev): bump terser from 5.31.1 to 5.31.3 (#871) 5ce2a08
  • build(deps-dev): bump np from 10.0.6 to 10.0.7 (#872) 991f1ce
  • build(deps-dev): bump typescript from 5.5.2 to 5.5.4 (#874) 1a35b66
  • build(deps-dev): bump typescript from 5.4.3 to 5.5.2 (#865) 4a81f6a
  • build(deps-dev): bump np from 10.0.2 to 10.0.6 (#864) e3fe0dc
  • build(deps-dev): bump terser from 5.30.2 to 5.31.1 (#862) c0b0a5c
  • build(deps-dev): bump @​tensorflow/tfjs from 4.17.0 to 4.20.0 (#861) b07ac90
  • updating README text (#851) b9527bc
  • build(deps-dev): bump terser from 5.30.0 to 5.30.2 (#846) 92828a9
  • build(deps-dev): bump typescript from 5.3.3 to 5.4.3 (#840) bb3ce2a
  • build(deps-dev): bump np from 10.0.0 to 10.0.2 (#841) 9e7e6fa
  • build(deps-dev): bump terser from 5.29.2 to 5.30.0 (#842) 914ce72
  • Improved some sections, adding helpful info found from my own testing . (#844) cecfca6
  • build(deps-dev): bump terser from 5.29.1 to 5.29.2 (#839) 939b512

infinitered/nsfwjs@v4.1.0...v4.2.0

Commits
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates parse-duration from 2.1.3 to 2.1.6

Commits

Updates pg from 8.8.0 to 8.22.0

Changelog

Sourced from pg's changelog.

pg@8.22.0

pg@8.21.0

pg@8.20.0

  • Add onConnect callback to pg.Pool constructor options allowing for async initialization of newly created & connected pooled clients.

pg@8.19.0

pg@8.18.0

pg@8.17.0

  • Throw correct error if database URL parsing fails.

pg@8.16.0

pg@8.15.0

  • Add support for esm importing. CommonJS importing is still also supported.

pg@8.14.0

pg@8.13.0

pg@8.12.0

pg-pool@8.10.0

... (truncated)

Commits

Updates @types/pg from 8.6.5 to 8.20.0

Commits

Updates shell-quote from 1.7.3 to 1.8.4

Changelog

Sourced from shell-quote's changelog.

v1.8.4 - 2026-05-22

Commits

  • [Fix] quote: validate object-token shapes 4378a6e
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, npmignore 22ebec0
  • [Tests] increase coverage 9f3caa3
  • [readme] replace runkit CI badge with shields.io check-runs badge 3344a04
  • [Dev Deps] update @ljharb/eslint-config

Bumps the minor-and-patches group with 16 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@sentry/tracing](https://github.com/getsentry/sentry-javascript) | `7.22.0` | `7.120.4` |
| [@tensorflow/tfjs-node](https://github.com/tensorflow/tfjs/tree/HEAD/tfjs-node) | `4.21.0` | `4.22.0` |
| [@vector-im/matrix-bot-sdk](https://github.com/element-hq/matrix-bot-sdk) | `0.8.0-element.2` | `0.9.0-element.1` |
| [axios](https://github.com/axios/axios) | `1.15.2` | `1.18.1` |
| [humanize-duration](https://github.com/EvanHahn/HumanizeDuration.js) | `3.27.2` | `3.33.2` |
| [@types/humanize-duration](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/humanize-duration) | `3.27.1` | `3.27.4` |
| [nsfwjs](https://github.com/infinitered/nsfwjs) | `4.1.0` | `4.3.0` |
| [parse-duration](https://github.com/jkroso/parse-duration) | `2.1.3` | `2.1.6` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.8.0` | `8.22.0` |
| [@types/pg](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/pg) | `8.6.5` | `8.20.0` |
| [shell-quote](https://github.com/ljharb/shell-quote) | `1.7.3` | `1.8.4` |
| [@types/shell-quote](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/shell-quote) | `1.7.1` | `1.7.5` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.3` | `2.9.0` |
| [@types/crypto-js](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/crypto-js) | `4.0.2` | `4.2.2` |
| [@types/nedb](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nedb) | `1.8.12` | `1.8.16` |
| [@types/simple-oauth2](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/simple-oauth2) | `5.0.7` | `5.0.8` |



Updates `@sentry/tracing` from 7.22.0 to 7.120.4
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.120.4/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@7.22.0...7.120.4)

Updates `@tensorflow/tfjs-node` from 4.21.0 to 4.22.0
- [Release notes](https://github.com/tensorflow/tfjs/releases)
- [Commits](https://github.com/tensorflow/tfjs/commits/tfjs-v4.22.0/tfjs-node)

Updates `@vector-im/matrix-bot-sdk` from 0.8.0-element.2 to 0.9.0-element.1
- [Release notes](https://github.com/element-hq/matrix-bot-sdk/releases)
- [Commits](element-hq/matrix-bot-sdk@0.8.0-element.2...0.9.0-element.1)

Updates `axios` from 1.15.2 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.2...v1.18.1)

Updates `express` from 4.20.0 to 4.22.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md)
- [Commits](expressjs/express@4.20.0...v4.22.1)

Updates `humanize-duration` from 3.27.2 to 3.33.2
- [Changelog](https://github.com/EvanHahn/HumanizeDuration.js/blob/main/HISTORY.md)
- [Commits](EvanHahn/HumanizeDuration.js@v3.27.2...v3.33.2)

Updates `@types/humanize-duration` from 3.27.1 to 3.27.4
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/humanize-duration)

Updates `nsfwjs` from 4.1.0 to 4.3.0
- [Release notes](https://github.com/infinitered/nsfwjs/releases)
- [Commits](infinitered/nsfwjs@v4.1.0...v4.3.0)

Updates `parse-duration` from 2.1.3 to 2.1.6
- [Release notes](https://github.com/jkroso/parse-duration/releases)
- [Commits](jkroso/parse-duration@v2.1.3...v2.1.6)

Updates `pg` from 8.8.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

Updates `@types/pg` from 8.6.5 to 8.20.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/pg)

Updates `shell-quote` from 1.7.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.7.3...v1.8.4)

Updates `@types/shell-quote` from 1.7.1 to 1.7.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/shell-quote)

Updates `yaml` from 2.8.3 to 2.9.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.3...v2.9.0)

Updates `@types/crypto-js` from 4.0.2 to 4.2.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/crypto-js)

Updates `@types/express` from 4.17.13 to 4.17.21
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express)

Updates `@types/humanize-duration` from 3.27.1 to 3.27.4
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/humanize-duration)

Updates `@types/nedb` from 1.8.12 to 1.8.16
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nedb)

Updates `@types/pg` from 8.6.5 to 8.20.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/pg)

Updates `@types/shell-quote` from 1.7.1 to 1.7.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/shell-quote)

Updates `@types/simple-oauth2` from 5.0.7 to 5.0.8
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/simple-oauth2)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-version: 7.120.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@tensorflow/tfjs-node"
  dependency-version: 4.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@vector-im/matrix-bot-sdk"
  dependency-version: 0.9.0-element.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: express
  dependency-version: 4.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: humanize-duration
  dependency-version: 3.33.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/humanize-duration"
  dependency-version: 3.27.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: nsfwjs
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: parse-duration
  dependency-version: 2.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/pg"
  dependency-version: 8.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/shell-quote"
  dependency-version: 1.7.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: yaml
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/crypto-js"
  dependency-version: 4.2.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/express"
  dependency-version: 4.17.21
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: "@types/humanize-duration"
  dependency-version: 3.27.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: "@types/nedb"
  dependency-version: 1.8.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: "@types/pg"
  dependency-version: 8.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/shell-quote"
  dependency-version: 1.7.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: "@types/simple-oauth2"
  dependency-version: 5.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 7, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 7, 2026 00:35
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants