Skip to content

chore(deps): bump the prod-dependencies group across 1 directory with 9 updates#1795

Open
dependabot[bot] wants to merge 1 commit into
betafrom
dependabot/npm_and_yarn/beta/prod-dependencies-130eb95f83
Open

chore(deps): bump the prod-dependencies group across 1 directory with 9 updates#1795
dependabot[bot] wants to merge 1 commit into
betafrom
dependabot/npm_and_yarn/beta/prod-dependencies-130eb95f83

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the prod-dependencies group with 9 updates in the / directory:

Package From To
@fastify/compress 8.3.1 9.0.0
@fastify/rate-limit 10.3.0 11.0.0
better-sqlite3 12.10.0 12.11.1
fastify-plugin 5.1.0 6.0.0
node-cron 4.2.1 4.5.0
sharp 0.35.1 0.35.2
tar 7.5.16 7.5.17
i18next 26.3.1 26.3.3
react-router-dom 7.17.0 7.18.0

Updates @fastify/compress from 8.3.1 to 9.0.0

Release notes

Sourced from @​fastify/compress's releases.

v9.0.0

What's Changed

New Contributors

Full Changelog: fastify/fastify-compress@v8.3.1...v9.0.0

Commits
  • 83ee418 9.0.0
  • 62b7dc9 chore: removed types deprecated
  • 0aacfec refactor(types): migrate from tsd to tstyche (#392)
  • d61f911 chore(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#387)
  • 840d6c4 fix: replace pump/pumpify with native stream APIs and fix premature close log...
  • 96770cb chore(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#389)
  • 5e5ef6e ci(lock-threads): reduce schedule to monthly (#385)
  • 5ce6e23 ci: add lock-threads workflow (#384)
  • 3d2cfa3 chore: upgrade typescript v6.0.2 (#383)
  • 0f0c280 ci: remove stale.yml (#381)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by fdawgs, a new releaser for @​fastify/compress since your current version.


Updates @fastify/rate-limit from 10.3.0 to 11.0.0

Release notes

Sourced from @​fastify/rate-limit's releases.

v11.0.0

What's Changed

New Contributors

Full Changelog: fastify/fastify-rate-limit@v10.3.0...v11.0.0

Commits
  • 40537e6 11.0.0
  • a7115c4 Fix Unsafe SQL Queries in Knex Example Files (#446)
  • 5905f11 chore: removed types deprecated
  • 65053cb chore(.gitattributes): retain binary file eol style (#442)
  • 1020c25 refactor(types): migrate from tsd to tstyche (#443)
  • f7db8c4 ci: add lock-threads workflow (#441)
  • 47e0273 build(deps-dev): Bump sqlite3 from 5.1.7 to 6.0.1 (#439)
  • 815f720 build(deps): Bump fastify/workflows/.github/workflows/plugins-ci-redis.yml (#...
  • e9e7b29 build(deps-dev): Bump c8 from 10.1.3 to 11.0.0 (#434)
  • 43e7206 build(deps-dev): Bump neostandard from 0.12.2 to 0.13.0 (#433)
  • Additional commits viewable in compare view

Updates better-sqlite3 from 12.10.0 to 12.11.1

Release notes

Sourced from better-sqlite3's releases.

v12.11.1

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.11.0...v12.11.1

v12.11.0

⚠️CAUTION: NOT A VIABLE RELEASE

Use v12.11.1 instead.

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.10.1...v12.11.0

v12.10.1

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.10.0...v12.10.1

Commits

Updates fastify-plugin from 5.1.0 to 6.0.0

Release notes

Sourced from fastify-plugin's releases.

v6.0.0

What's Changed

New Contributors

Full Changelog: fastify/fastify-plugin@v5.1.0...v6.0.0

Commits
  • 05c1c32 6.0.0
  • a309399 chore: update depedabot setting (#292)
  • 3d43488 chore: removed interface deprecated
  • 629292b refactor: standardize entry points and project structure
  • 68ddddb refactor(types): migrate from tsd to tstyche (#288)
  • 12c07a4 ci: add lock-threads workflow (#286)
  • 8a4d1a2 build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#285)
  • 8e9e035 build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#283)
  • 41b480e chore: remove stale workflow and node reference type declaration (#281)
  • 1f378b1 chore(license): standardise license notice (#278)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by fdawgs, a new releaser for fastify-plugin since your current version.


Updates node-cron from 4.2.1 to 4.5.0

Release notes

Sourced from node-cron's releases.

v4.5.0

Added

  • lastRun() introspection getter on ScheduledTask: returns { date, result } after a successful execution, { date, error } after a failed one, or null before the first run.
  • Extended day-of-week tokens: <weekday>#<nth> (nth weekday of the month, e.g. 1#1 for the first Monday) and <weekday>L (last weekday of the month, e.g. 5L for the last Friday).

Performance

  • Cache Intl.DateTimeFormat instances per timezone instead of rebuilding on every call.
  • Parse the cron expression once per TimeMatcher instead of re-parsing in MatcherWalker.
  • Compute the GMT offset lazily (only when formatting ISO strings, not during the next-run search).
  • Replace crypto.randomBytes with crypto.randomUUID for internal ID generation.
  • Skip setTimeout jitter wrapper when maxRandomDelay is zero.
  • Bundle dist into flat files instead of preserving the module tree (reduces import time).

Fixed

  • Flaky should schedule a task test: poll for the first execution instead of asserting an exact count after a fixed sleep.

Changed

  • Renamed internal functions interprete to interpret and appendSeccondExpression to appendSecondExpression.
  • Rewritten README and package metadata to surface scheduling capabilities (overlap prevention, distributed coordination, background tasks).

v4.4.1

Patch release.

Changed

  • Renamed the distributedTtl task option to distributedLease (same meaning: the safety lease, in ms, for lease-based run coordinators). distributedTtl was the only abbreviation in the options API and shipped just days ago in 4.4.0, so it's removed without an alias. If you adopted distributedTtl from 4.4.0, rename it to distributedLease. (#551)

Full Changelog: node-cron/node-cron@v4.4.0...v4.4.1

v4.4.0

Features

  • Distributed run coordination — opt-in distributed: true runs a task on a single instance per fire across a fleet (the #477 use case). Ships a built-in NODE_CRON_RUN env-var default (one designated runner, no dependencies) and a pluggable RunCoordinator (via setRunCoordinator, or the per-task runCoordinator option) for high-availability, per-fire coordination (e.g. a Redis lock). Adds the distributedTtl option and an execution:skipped event carrying a reason ('not-elected' | 'coordinator-error'). Works for inline and background tasks. (#549, closes #477)
  • Task introspection on ScheduledTask: getNextRuns(n) (preview the next N run times), match(date), msToNext(), isBusy(), runsLeft() and getPattern(). (#547)
  • cron.parse(expression) and cron.validateDetailed(expression) — decompose an expression into its fields, or get every field-level problem (without throwing) for tooling and richer error messages. (#548)

Fixes

  • getNextMatch no longer scans every time of day on a day that matches the day-of-month but not the weekday. A dense expression constrained by both (e.g. * * * 15 * 1) could take minutes to resolve; it is now instant. (#542)

Internal

  • Cleanups with no public API change: fixed the milisecondmillisecond spelling and the convertion/conversion/ directory name. (#543)

Docs

  • New Distributed Coordination guide, plus pages for task introspection and parse/validateDetailed, at nodecron.com.

Full Changelog: node-cron/node-cron@v4.3.0...v4.4.0

v4.3.0

Features

  • L (last day of month) in the day-of-month field — e.g. 0 0 12 L * *, leap-year aware, and combinable with explicit days (15,L). (#396, closes #147 — thanks @​antonidasyang)
  • missedExecutionTolerance option (ms, default 1000): a heartbeat that wakes a little late still runs its slot instead of being reported as missed. Always capped to the gap to the next slot. (#534, closes #485)
  • startTimeout option for background tasks (ms, default 5000). (#535)

... (truncated)

Changelog

Sourced from node-cron's changelog.

[4.5.0] - 2026-06-21

Added

  • lastRun() introspection getter on ScheduledTask: returns { date, result } after a successful execution, { date, error } after a failed one, or null before the first run. (#557)
  • Extended day-of-week tokens: <weekday>#<nth> (nth weekday of the month, e.g. 1#1 for the first Monday) and <weekday>L (last weekday of the month, e.g. 5L for the last Friday). (#560)

Performance

  • Cache Intl.DateTimeFormat instances per timezone instead of rebuilding on every call. (#561)
  • Parse the cron expression once per TimeMatcher instead of re-parsing in MatcherWalker. (#562)
  • Compute the GMT offset lazily (only when formatting ISO strings, not during the next-run search). (#563)
  • Replace crypto.randomBytes with crypto.randomUUID for internal ID generation. (#564)
  • Skip setTimeout jitter wrapper when maxRandomDelay is zero. (#565)
  • Bundle dist into flat files instead of preserving the module tree (reduces import time). (#566)

Fixed

  • Flaky should schedule a task test: poll for the first execution instead of asserting an exact count after a fixed sleep.

Changed

  • Renamed internal functions interprete to interpret and appendSeccondExpression to appendSecondExpression. (#567)
  • Rewritten README and package metadata to surface scheduling capabilities (overlap prevention, distributed coordination, background tasks). (#568)

[4.4.1] - 2026-06-18

Changed

  • Renamed the distributedTtl option to distributedLease (same meaning: the safety lease, in ms, for lease-based coordinators). The old name was the only abbreviation in the options API; the new one groups with distributed. distributedTtl was introduced in 4.4.0 and is removed without an alias.

[4.4.0] - 2026-06-17

Added

  • Task introspection on ScheduledTask: getNextRuns(n) (preview the next N run times), match(date), msToNext(), isBusy(), runsLeft() and getPattern(). (#547)
  • cron.parse(expression) and cron.validateDetailed(expression): decompose an expression into its fields, or get every field-level problem (without throwing) for tooling and richer error messages. (#548)

... (truncated)

Commits
  • cd9a5a7 chore(release): 4.5.0 (#569)
  • fbdd883 Rewrite README to surface scheduling capabilities (#568)
  • c80a396 perf(build): bundle dist into flat files instead of preserving modules (#566)
  • b71b9b1 Fix typos in internal function names (#567)
  • 7c5015c perf(id): drop crypto.randomBytes from internal id generation (#564)
  • dd0a2a9 perf(pattern): parse cron expression once per TimeMatcher (#562)
  • cf69f32 perf(time): cache Intl.DateTimeFormat instances per timezone (#561)
  • dad56e1 perf(runner): run inline when no random delay is configured (#565)
  • a309d5f perf(time): compute the GMT offset lazily (#563)
  • c2db9d1 feat: support extended day-of-week tokens (# nth weekday and L last weekday) ...
  • Additional commits viewable in compare view

Updates sharp from 0.35.1 to 0.35.2

Release notes

Sourced from sharp's releases.

v0.35.2

v0.35.2-rc.2

  • TypeScript: Add mediaType to metadata response. #4492

  • Improve WebAssembly fallback detection. #4513

  • Improve code bundler support with stub binaries. #4543

  • Verify GIF effort option is an integer. #4544 @​metsw24-max

  • Verify recomb matrix entries are numbers. #4545 @​metsw24-max

  • TypeScript: Replace namespace with named exports for ESM. #4546

... (truncated)

Commits
  • c9622a3 Release v0.35.2
  • cd4568f Upgrade to sharp-libvips v1.3.1
  • 78390cf Tests: Add font file to prevent font discovery flakiness (#4550)
  • 61210b4 Verify convolve kernel values are numbers (#4549)
  • 1cb27dc Prerelease v0.35.2-rc.2
  • c7606c3 Upgrade to sharp-libvips v1.3.1-rc.0
  • 29d1e9e Prerelease v0.35.2-rc.1
  • bbba0a1 Improve code bundler support with stub binaries
  • ab52866 Bound dilate and erode width to avoid mask-size overflow (#4548)
  • 0f594dd Prerelease v0.35.2-rc.0
  • Additional commits viewable in compare view

Updates tar from 7.5.16 to 7.5.17

Commits

Updates i18next from 26.3.1 to 26.3.3

Release notes

Sourced from i18next's releases.

v26.3.3

  • fix(types): selector t($ => $.arr, { returnObjects: true, context }) on a JSON array of heterogeneous objects now preserves each element's full shape (e.g. { transKey1: string; transKey2: string }[]) instead of collapsing to a union of partial element types. Two type-level causes: (1) FilterKeys evaluated the whole array element type at once, so keyof (A | B) only saw the keys common to every element — it now distributes over the object union and filters each element independently; (2) when TypeScript merges mismatched array element types it injects phantom optional undefined keys (e.g. transKey1_withContext?: undefined on elements that don't define it), which the context-detection helpers mistook for real context variants — they now skip keys typed as undefined. Also adds a dedicated context + returnObjects: true selector overload using const Fn + ReturnType<Fn>, so Target is no longer collapsed to unknown via ApplyTarget. Resolves Problem 1 of #2398 (Problem 2 was already fixed on master). Thanks @​sauravgupta-dotcom (#2438). Fixes #2398.

v26.3.2

  • fix: chained formatters with a parenthesised option that contains the format separator (e.g. join(separator: ', ')) now work at any position in the chain, not just first. Previously the comma-in-parens reassembly only repaired formats[0], so {{v, uppercase, join(separator: ', ')}} split the join(...) option on the inner comma and never rejoined it, producing corrupt output. Replaced the first-position-only repair with a position-independent pass that re-joins fragments until each open paren closes. Thanks @​spokodev (#2437).
Changelog

Sourced from i18next's changelog.

26.3.3

  • fix(types): selector t($ => $.arr, { returnObjects: true, context }) on a JSON array of heterogeneous objects now preserves each element's full shape (e.g. { transKey1: string; transKey2: string }[]) instead of collapsing to a union of partial element types. Two type-level causes: (1) FilterKeys evaluated the whole array element type at once, so keyof (A | B) only saw the keys common to every element — it now distributes over the object union and filters each element independently; (2) when TypeScript merges mismatched array element types it injects phantom optional undefined keys (e.g. transKey1_withContext?: undefined on elements that don't define it), which the context-detection helpers mistook for real context variants — they now skip keys typed as undefined. Also adds a dedicated context + returnObjects: true selector overload using const Fn + ReturnType<Fn>, so Target is no longer collapsed to unknown via ApplyTarget. Resolves Problem 1 of #2398 (Problem 2 was already fixed on master). Thanks @​sauravgupta-dotcom (#2438). Fixes #2398.

26.3.2

  • fix: chained formatters with a parenthesised option that contains the format separator (e.g. join(separator: ', ')) now work at any position in the chain, not just first. Previously the comma-in-parens reassembly only repaired formats[0], so {{v, uppercase, join(separator: ', ')}} split the join(...) option on the inner comma and never rejoined it, producing corrupt output. Replaced the first-position-only repair with a position-independent pass that re-joins fragments until each open paren closes. Thanks @​spokodev (#2437).
Commits

Updates react-router-dom from 7.17.0 to 7.18.0

Changelog

Sourced from react-router-dom's changelog.

v7.18.0

Patch Changes

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… 9 updates

Bumps the prod-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@fastify/compress](https://github.com/fastify/fastify-compress) | `8.3.1` | `9.0.0` |
| [@fastify/rate-limit](https://github.com/fastify/fastify-rate-limit) | `10.3.0` | `11.0.0` |
| [better-sqlite3](https://github.com/WiseLibs/better-sqlite3) | `12.10.0` | `12.11.1` |
| [fastify-plugin](https://github.com/fastify/fastify-plugin) | `5.1.0` | `6.0.0` |
| [node-cron](https://github.com/node-cron/node-cron) | `4.2.1` | `4.5.0` |
| [sharp](https://github.com/lovell/sharp) | `0.35.1` | `0.35.2` |
| [tar](https://github.com/isaacs/node-tar) | `7.5.16` | `7.5.17` |
| [i18next](https://github.com/i18next/i18next) | `26.3.1` | `26.3.3` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.17.0` | `7.18.0` |



Updates `@fastify/compress` from 8.3.1 to 9.0.0
- [Release notes](https://github.com/fastify/fastify-compress/releases)
- [Commits](fastify/fastify-compress@v8.3.1...v9.0.0)

Updates `@fastify/rate-limit` from 10.3.0 to 11.0.0
- [Release notes](https://github.com/fastify/fastify-rate-limit/releases)
- [Commits](fastify/fastify-rate-limit@v10.3.0...v11.0.0)

Updates `better-sqlite3` from 12.10.0 to 12.11.1
- [Release notes](https://github.com/WiseLibs/better-sqlite3/releases)
- [Commits](WiseLibs/better-sqlite3@v12.10.0...v12.11.1)

Updates `fastify-plugin` from 5.1.0 to 6.0.0
- [Release notes](https://github.com/fastify/fastify-plugin/releases)
- [Commits](fastify/fastify-plugin@v5.1.0...v6.0.0)

Updates `node-cron` from 4.2.1 to 4.5.0
- [Release notes](https://github.com/node-cron/node-cron/releases)
- [Changelog](https://github.com/node-cron/node-cron/blob/main/CHANGELOG.md)
- [Commits](node-cron/node-cron@v4.2.1...v4.5.0)

Updates `sharp` from 0.35.1 to 0.35.2
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.35.1...v0.35.2)

Updates `tar` from 7.5.16 to 7.5.17
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.16...v7.5.17)

Updates `i18next` from 26.3.1 to 26.3.3
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next@v26.3.1...v26.3.3)

Updates `react-router-dom` from 7.17.0 to 7.18.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.0/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.0/packages/react-router-dom)

---
updated-dependencies:
- dependency-name: "@fastify/compress"
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-dependencies
- dependency-name: "@fastify/rate-limit"
  dependency-version: 11.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-dependencies
- dependency-name: better-sqlite3
  dependency-version: 12.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: fastify-plugin
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-dependencies
- dependency-name: node-cron
  dependency-version: 4.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: sharp
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: tar
  dependency-version: 7.5.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: i18next
  dependency-version: 26.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: react-router-dom
  dependency-version: 7.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants