Skip to content

Bump the minor-and-patches group across 1 directory with 20 updates#683

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patches-c91a794a8e
Open

Bump the minor-and-patches group across 1 directory with 20 updates#683
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patches-c91a794a8e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patches group with 18 updates in the / directory:

Package From To
@sentry/tracing 7.22.0 7.120.4
@tensorflow/tfjs-node 4.21.0 4.22.0
@vector-im/matrix-bot-sdk 0.8.0-element.2 0.9.0-element.0
axios 1.15.2 1.16.1
humanize-duration 3.27.2 3.33.2
@types/humanize-duration 3.27.1 3.27.4
js-yaml 4.1.1 4.2.0
@types/js-yaml 4.0.5 4.0.9
nsfwjs 4.1.0 4.3.0
parse-duration 2.1.3 2.1.6
pg 8.8.0 8.21.0
@types/pg 8.6.5 8.20.0
shell-quote 1.7.3 1.8.4
@types/shell-quote 1.7.1 1.7.5
yaml 2.8.3 2.9.0
@types/crypto-js 4.0.2 4.2.2
@types/nedb 1.8.12 1.8.16
@types/simple-oauth2 5.0.7 5.0.8

Updates @sentry/tracing from 7.22.0 to 7.120.4

Release notes

Sourced from @​sentry/tracing's releases.

7.120.4

  • fix(v7/cdn): Stop using Object.assign to be ES5 compatible (#17080)

7.120.4-alpha.1

No user-facing changes, only internal changes.

Changelog

Sourced from @​sentry/tracing's changelog.

7.120.4

  • fix(v7/cdn): Stop using Object.assign to be ES5 compatible (#17080)

7.120.4-alpha.1

No user-facing changes, only internal changes.

7.120.4-alpha.0

  • fix(v7/cdn): Stop using Object.assign to be ES5 compatible (#17080)

7.120.3

  • fix(v7/publish): Ensure discontinued packages are published with latest tag (#14926)

7.120.2

  • fix(tracing-internal): Fix case when lrp keys offset is 0 (#14615)

Work in this release contributed by @​LubomirIgonda1. Thank you for your contribution!

7.120.1

  • fix(v7/cdn): Ensure _sentryModuleMetadata is not mangled (#14357)

Work in this release contributed by @​gilisho. Thank you for your contribution!

7.120.0

  • feat(v7/browser): Add moduleMetadataIntegration lazy loading support (#13822)

Work in this release contributed by @​gilisho. Thank you for your contribution!

7.119.2

  • chore(nextjs/v7): Bump rollup to 2.79.2

7.119.1

  • fix(browser/v7): Ensure wrap() only returns functions (#13838 backport)

Work in this release contributed by @​legobeat. Thank you for your contribution!

7.119.0

  • backport(tracing): Report dropped spans for transactions (#13343)

7.118.0

... (truncated)

Commits

Updates @tensorflow/tfjs-node from 4.21.0 to 4.22.0

Release notes

Sourced from @​tensorflow/tfjs-node's releases.

tfjs-v4.22.0

Core (4.21.0 ==> 4.22.0)

Misc

Data (4.21.0 ==> 4.22.0)

Misc

Layers (4.21.0 ==> 4.22.0)

Misc

Converter (4.21.0 ==> 4.22.0)

Misc

  • Update lockfiles branch tfjs_4.22.0_lockfiles lock files. (#8420). Thanks, @​dbcp1.
  • Update monorepo to 4.22.0. (#8419). Thanks, @​dbcp1.

Node (4.21.0 ==> 4.22.0)

Misc

Wasm (4.21.0 ==> 4.22.0)

Misc

  • Update lockfiles branch tfjs_4.22.0_lockfiles lock files. (#8420). Thanks, @​dbcp1.
  • Update monorepo to 4.22.0. (#8419). Thanks, @​dbcp1.

Cpu (4.21.0 ==> 4.22.0)

Misc

Webgl (4.21.0 ==> 4.22.0)

Misc

  • Update lockfiles branch tfjs_4.22.0_lockfiles lock files. (#8420). Thanks, @​dbcp1.
  • Update monorepo to 4.22.0. (#8419). Thanks, @​dbcp1.

WebGPU (4.21.0 ==> 4.22.0)

... (truncated)

Commits

Updates @vector-im/matrix-bot-sdk from 0.8.0-element.2 to 0.9.0-element.0

Release notes

Sourced from @​vector-im/matrix-bot-sdk's releases.

0.9.0-element.0

This release adds support for cross-signing bot devices.

What's Changed

New Contributors

Full Changelog: element-hq/matrix-bot-sdk@0.8.0-element.3...0.9.0-element.0

0.8.0-element.3

This release should now support using encrypted appservices under Matrix OIDC / MAS.

What's Changed

New Contributors

Full Changelog: element-hq/matrix-bot-sdk@0.8.0-element.2...0.8.0-element.3

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vector-im/matrix-bot-sdk since your current version.


Updates axios from 1.15.2 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

  • Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
  • Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
  • CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

  • Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
  • Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
  • XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
  • Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
  • Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
  • URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

  • Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
  • composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
  • AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
  • Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
  • Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
  • Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Changelog

Sourced from axios's changelog.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

  • Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
  • Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
  • CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

  • Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
  • Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
  • XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
  • Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
  • Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
  • URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

  • Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
  • composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
  • AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
  • Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
  • Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
  • Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Commits
  • 1337d6b chore(release): prepare release 1.16.1 (#10877)
  • 858a790 fix: remove all caches (#10882)
  • 34adfd9 revert: "fix: support URL object as config.url input (#10866)" (#10874)
  • 847d89b fix: support URL object as config.url input (#10866)
  • 4094886 fix(progress): guard malformed XHR upload events (#10868)
  • 44f0c5b chore: change sponsorship link and add Twicsy advertisement (#10869)
  • 64e1095 chore: update PR and issue template to use h2 (#10865)
  • 3e6b4e1 fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...
  • c4453ba fix: add the ability to add additional sponsors to the process sponsors scrip...
  • caa00a9 fix: https data in cleartext to proxy (#10858)
  • Additional commits viewable in compare view

Updates express from 4.20.0 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

... (truncated)

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

4.21.2 / 2024-11-06

  • deps: path-to-regexp@0.1.12
    • Fix backtracking protection
  • deps: path-to-regexp@0.1.11
    • Throws an error on invalid path values

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

  • Deprecate res.location("back") and res.redirect("back") magic string
  • deps: serve-static@1.16.2
    • includes send@0.19.0
  • deps: finalhandler@1.3.1
  • deps: qs@6.13.0
Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates humanize-duration from 3.27.2 to 3.33.2

Changelog

Sourced from humanize-duration's changelog.

3.33.2 / 2025-12-07

  • fix: Romanian now correctly uses "de" before nouns for numbers >= 20 such as "20 de minute" instead of "20 minute" (see #235)

3.33.1 / 2025-09-15

  • change: shrink size slightly

3.33.0 / 2025-06-05

  • new: Serbian Latin support (sr_Latn)

3.32.2 / 2025-05-12

  • fix: use "週間" instead of "週" in Japanese (see #230)

3.32.1 / 2024-05-25

  • fix: hide unit count if 2 in Arabic (see #222)

3.32.0 / 2024-03-29

  • new: Amharic support (am)
  • change: use Object.assign internally on newer runtimes, which should be slightly faster

3.31.0 / 2023-11-10

  • new: Central Kurdish support (ckb)

3.30.0 / 2023-09-17

  • new: Uzbek support (uz and uz_CYR)

3.29.0 / 2023-07-09

  • new: digitReplacements option
  • change: cleaned up documentation
  • change: shrank package size slightly

3.28.0 / 2023-01-14

  • new: Mongolian support (mn)

3.27.3 / 2022-08-26

  • fix: ordering for Swahili (see #207)
Commits
  • c48d0e6 3.33.2
  • 54ee090 Update changelog and bower.json for 3.33.2 release
  • ddc208b Update devDependencies to latest versions
  • 7477b29 Update changelog with reference to recent patch
  • 5b231fb Simplify Romanian unit function arguments
  • 1d6c3a7 Use "de" in Romanian for numbers >= 20
  • d418b69 Update devDependencies to latest versions
  • 6904e7a Add some JSDoc comments
  • 7d96bbc 3.33.1
  • 8e7cf83 Update changelog and bower.json for 3.33.1 release
  • Additional commits viewable in compare view

Updates @types/humanize-duration from 3.27.1 to 3.27.4

Commits

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates @types/js-yaml from 4.0.5 to 4.0.9

Commits

Updates nsfwjs from 4.1.0 to 4.3.0

Release notes

Sourced from nsfwjs's releases.

v4.2.1

  • Added trailing slash to Buffer import in index.ts (#898) 93667b0

infinitered/nsfwjs@v4.2.0...v4.2.1

Updating ESM Bundling

  • ESM related fixes (#897 by @​haZya) 2f60c4e
  • build(deps-dev): bump @​tensorflow/tfjs from 4.20.0 to 4.21.0 (#884) ba33553
  • build(deps-dev): bump typescript from 5.5.4 to 5.6.2 (#887) 6d4e47a
  • build(deps-dev): bump terser from 5.31.3 to 5.33.0 (#889) 8914307
  • build(deps-dev): bump terser from 5.31.1 to 5.31.3 (#871) 5ce2a08
  • build(deps-dev): bump np from 10.0.6 to 10.0.7 (#872) 991f1ce
  • build(deps-dev): bump typescript from 5.5.2 to 5.5.4 (#874) 1a35b66
  • build(deps-dev): bump typescript from 5.4.3 to 5.5.2 (#865) 4a81f6a
  • build(deps-dev): bump np from 10.0.2 to 10.0.6 (#864) e3fe0dc
  • build(deps-dev): bump terser from 5.30.2 to 5.31.1 (#862) c0b0a5c
  • build(deps-dev): bump @​tensorflow/tfjs from 4.17.0 to 4.20.0 (#861) b07ac90
  • updating README text (#851) b9527bc
  • build(deps-dev): bump terser from 5.30.0 to 5.30.2 (#846) 92828a9
  • build(deps-dev): bump typescript from 5.3.3 to 5.4.3 (#840) bb3ce2a
  • build(deps-dev): bump np from 10.0.0 to 10.0.2 (#841) 9e7e6fa
  • build(deps-dev): bump terser from 5.29.2 to 5.30.0 (#842) 914ce72
  • Improved some sections, adding helpful info found from my own testing . (#844) cecfca6
  • build(deps-dev): bump terser from 5.29.1 to 5.29.2 (#839) 939b512

infinitered/nsfwjs@v4.1.0...v4.2.0

Commits
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates parse-duration from 2.1.3 to 2.1.6

Commits

Updates pg from 8.8.0 to 8.21.0

Changelog

Sourced from pg's changelog.

pg@8.21.0

pg@8.20.0

  • Add onConnect callback to pg.Pool constructor options allowing for async initialization of newly created & connected pooled clients.

pg@8.19.0

pg@8.18.0

pg@8.17.0

  • Throw correct error if database URL parsing fails.

pg@8.16.0

pg@8.15.0

  • Add support for esm importing. CommonJS importing is still also supported.

pg@8.14.0

pg@8.13.0

pg@8.12.0

pg-pool@8.10.0

  • Emit release event when client is returned to the pool.

pg@8.9.0

... (truncated)

Commits

Bumps the minor-and-patches group with 18 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@sentry/tracing](https://github.com/getsentry/sentry-javascript) | `7.22.0` | `7.120.4` |
| [@tensorflow/tfjs-node](https://github.com/tensorflow/tfjs/tree/HEAD/tfjs-node) | `4.21.0` | `4.22.0` |
| [@vector-im/matrix-bot-sdk](https://github.com/element-hq/matrix-bot-sdk) | `0.8.0-element.2` | `0.9.0-element.0` |
| [axios](https://github.com/axios/axios) | `1.15.2` | `1.16.1` |
| [humanize-duration](https://github.com/EvanHahn/HumanizeDuration.js) | `3.27.2` | `3.33.2` |
| [@types/humanize-duration](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/humanize-duration) | `3.27.1` | `3.27.4` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` |
| [@types/js-yaml](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/js-yaml) | `4.0.5` | `4.0.9` |
| [nsfwjs](https://github.com/infinitered/nsfwjs) | `4.1.0` | `4.3.0` |
| [parse-duration](https://github.com/jkroso/parse-duration) | `2.1.3` | `2.1.6` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.8.0` | `8.21.0` |
| [@types/pg](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/pg) | `8.6.5` | `8.20.0` |
| [shell-quote](https://github.com/ljharb/shell-quote) | `1.7.3` | `1.8.4` |
| [@types/shell-quote](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/shell-quote) | `1.7.1` | `1.7.5` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.3` | `2.9.0` |
| [@types/crypto-js](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/crypto-js) | `4.0.2` | `4.2.2` |
| [@types/nedb](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nedb) | `1.8.12` | `1.8.16` |
| [@types/simple-oauth2](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/simple-oauth2) | `5.0.7` | `5.0.8` |



Updates `@sentry/tracing` from 7.22.0 to 7.120.4
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.120.4/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@7.22.0...7.120.4)

Updates `@tensorflow/tfjs-node` from 4.21.0 to 4.22.0
- [Release notes](https://github.com/tensorflow/tfjs/releases)
- [Commits](https://github.com/tensorflow/tfjs/commits/tfjs-v4.22.0/tfjs-node)

Updates `@vector-im/matrix-bot-sdk` from 0.8.0-element.2 to 0.9.0-element.0
- [Release notes](https://github.com/element-hq/matrix-bot-sdk/releases)
- [Commits](element-hq/matrix-bot-sdk@0.8.0-element.2...0.9.0-element.0)

Updates `axios` from 1.15.2 to 1.16.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.2...v1.16.1)

Updates `express` from 4.20.0 to 4.22.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md)
- [Commits](expressjs/express@4.20.0...v4.22.1)

Updates `humanize-duration` from 3.27.2 to 3.33.2
- [Changelog](https://github.com/EvanHahn/HumanizeDuration.js/blob/main/HISTORY.md)
- [Commits](EvanHahn/HumanizeDuration.js@v3.27.2...v3.33.2)

Updates `@types/humanize-duration` from 3.27.1 to 3.27.4
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/humanize-duration)

Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

Updates `@types/js-yaml` from 4.0.5 to 4.0.9
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/js-yaml)

Updates `nsfwjs` from 4.1.0 to 4.3.0
- [Release notes](https://github.com/infinitered/nsfwjs/releases)
- [Commits](infinitered/nsfwjs@v4.1.0...v4.3.0)

Updates `parse-duration` from 2.1.3 to 2.1.6
- [Release notes](https://github.com/jkroso/parse-duration/releases)
- [Commits](jkroso/parse-duration@v2.1.3...v2.1.6)

Updates `pg` from 8.8.0 to 8.21.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.21.0/packages/pg)

Updates `@types/pg` from 8.6.5 to 8.20.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/pg)

Updates `shell-quote` from 1.7.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.7.3...v1.8.4)

Updates `@types/shell-quote` from 1.7.1 to 1.7.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/shell-quote)

Updates `yaml` from 2.8.3 to 2.9.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.3...v2.9.0)

Updates `@types/crypto-js` from 4.0.2 to 4.2.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/crypto-js)

Updates `@types/express` from 4.17.13 to 4.17.21
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express)

Updates `@types/humanize-duration` from 3.27.1 to 3.27.4
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/humanize-duration)

Updates `@types/js-yaml` from 4.0.5 to 4.0.9
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/js-yaml)

Updates `@types/nedb` from 1.8.12 to 1.8.16
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nedb)

Updates `@types/pg` from 8.6.5 to 8.20.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/pg)

Updates `@types/shell-quote` from 1.7.1 to 1.7.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/shell-quote)

Updates `@types/simple-oauth2` from 5.0.7 to 5.0.8
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/simple-oauth2)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-version: 7.120.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@tensorflow/tfjs-node"
  dependency-version: 4.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@vector-im/matrix-bot-sdk"
  dependency-version: 0.9.0-element.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: axios
  dependency-version: 1.16.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: express
  dependency-version: 4.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: humanize-duration
  dependency-version: 3.33.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/humanize-duration"
  dependency-version: 3.27.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/js-yaml"
  dependency-version: 4.0.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: nsfwjs
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: parse-duration
  dependency-version: 2.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: pg
  dependency-version: 8.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/pg"
  dependency-version: 8.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/shell-quote"
  dependency-version: 1.7.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: yaml
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/crypto-js"
  dependency-version: 4.2.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/express"
  dependency-version: 4.17.21
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: "@types/humanize-duration"
  dependency-version: 3.27.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: "@types/js-yaml"
  dependency-version: 4.0.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: "@types/nedb"
  dependency-version: 1.8.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: "@types/pg"
  dependency-version: 8.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patches
- dependency-name: "@types/shell-quote"
  dependency-version: 1.7.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
- dependency-name: "@types/simple-oauth2"
  dependency-version: 5.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patches
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 16, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 16, 2026 00:36
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants