Skip to content

Bump the minor-updates group with 5 updates#300

Closed
dependabot[bot] wants to merge 1 commit intotestfrom
dependabot-npm_and_yarn-test-minor-updates-b4358ebcbb
Closed

Bump the minor-updates group with 5 updates#300
dependabot[bot] wants to merge 1 commit intotestfrom
dependabot-npm_and_yarn-test-minor-updates-b4358ebcbb

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026

Bumps the minor-updates group with 5 updates:

Package From To
@babel/runtime 7.28.6 7.29.2
@natlibfi/marc-record-serializers 11.0.1 11.0.2
mysql2 3.19.0 3.20.0
@babel/preset-env 7.29.0 7.29.2
@redocly/cli 2.20.4 2.25.3

Updates @babel/runtime from 7.28.6 to 7.29.2

Release notes

Sourced from @​babel/runtime's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

  • babel-parser

🐛 Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • babel-preset-env
    • #17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@​JLHwung)

🏠 Internal

Committers: 2

v7.29.1 (2026-02-04)

🐛 Bug Fix

Committers: 2

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

  • babel-types
  • babel-standalone

🐛 Bug Fix

  • babel-parser
  • babel-traverse
    • #17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
  • babel-plugin-transform-block-scoping, babel-traverse
    • #17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

... (truncated)

Commits

Updates @natlibfi/marc-record-serializers from 11.0.1 to 11.0.2

Commits

Updates mysql2 from 3.19.0 to 3.20.0

Release notes

Sourced from mysql2's releases.

v3.20.0

3.20.0 (2026-03-15)

Features

  • add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

  • explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
  • prevent double release from corrupting the connection pool (#4186) (7e57db6)
  • restore PoolConnection as subclass of Connection (#4183) (97855a6)

v3.19.1

3.19.1 (2026-03-09)

Security Bug Fixes

  • bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
  • handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
  • prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
  • validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)
Changelog

Sourced from mysql2's changelog.

3.20.0 (2026-03-15)

Features

  • add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

  • explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
  • prevent double release from corrupting the connection pool (#4186) (7e57db6)
  • restore PoolConnection as subclass of Connection (#4183) (97855a6)

3.19.1 (2026-03-09)

Bug Fixes

  • bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
  • handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
  • prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
  • validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)
Commits

Updates @babel/preset-env from 7.29.0 to 7.29.2

Release notes

Sourced from @​babel/preset-env's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

  • babel-parser

🐛 Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • babel-preset-env
    • #17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@​JLHwung)

🏠 Internal

Committers: 2

v7.29.1 (2026-02-04)

🐛 Bug Fix

Committers: 2

Commits

Updates @redocly/cli from 2.20.4 to 2.25.3

Release notes

Sourced from @​redocly/cli's releases.

@​redocly/cli@​2.25.3

Patch Changes

  • Fixed multiple issues in the spec-discriminator-defaultMapping rule that could cause crashes or incorrect validation results. The rule now correctly resolves existing schema names, traverses composite schemas (allOf, anyOf, oneOf) to find required properties, treats defaultMapping values as $refs to schemas, resolves $refs correctly across files, and handles cyclic schema dependencies.
  • Updated @​redocly/respect-core to v2.25.3.

@​redocly/cli@​2.25.2

Patch Changes

  • Updated picomatch dependency to ^4.0.4.
  • Updated @​redocly/openapi-core to v2.25.2.

@​redocly/cli@​2.25.1

Patch Changes

  • Fixed an issue where a message about a missing configuration was shown even though the --extends option was provided.
  • Updated @​redocly/openapi-core to v2.25.1.

@​redocly/cli@​2.25.0

Minor Changes

  • Added no-mixed-number-range-constraints rule for OpenAPI 3.1+, as well as for AsyncAPI and Arazzo. This rule warns when schemas use both maximum and exclusiveMaximum or both minimum and exclusiveMinimum keywords.

Patch Changes

  • Fixed an issue where invalid discriminator mapping values could cause linting to fail.
  • Resolved high severity audit vulnerabilities by updating dependency versions.
  • Updated @​redocly/openapi-core to v2.25.0.

@​redocly/cli@​2.24.1

Patch Changes

  • Downgraded undici to resolve an issue where formData was being submitted empty.
  • Updated @​redocly/openapi-core to v2.24.1.

@​redocly/cli@​2.24.0

Patch Changes

  • Updated @​redocly/openapi-core to v2.24.0.

@​redocly/cli@​2.23.0

Minor Changes

  • Added support of targets property in scorecardClassic. Use this property to override scorecardClassic rules for a specific API.

Patch Changes

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the minor-updates group with 5 updates
63822cb 
Bumps the minor-updates group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.28.6` | `7.29.2` |
| [@natlibfi/marc-record-serializers](https://github.com/NatLibFi/marc-record-serializers) | `11.0.1` | `11.0.2` |
| [mysql2](https://github.com/sidorares/node-mysql2) | `3.19.0` | `3.20.0` |
| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.29.0` | `7.29.2` |
| [@redocly/cli](https://github.com/Redocly/redocly-cli) | `2.20.4` | `2.25.3` |


Updates `@babel/runtime` from 7.28.6 to 7.29.2
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-runtime)

Updates `@natlibfi/marc-record-serializers` from 11.0.1 to 11.0.2
- [Release notes](https://github.com/NatLibFi/marc-record-serializers/releases)
- [Commits](NatLibFi/marc-record-serializers@v11.0.1...v11.0.2)

Updates `mysql2` from 3.19.0 to 3.20.0
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v3.19.0...v3.20.0)

Updates `@babel/preset-env` from 7.29.0 to 7.29.2
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-preset-env)

Updates `@redocly/cli` from 2.20.4 to 2.25.3
- [Release notes](https://github.com/Redocly/redocly-cli/releases)
- [Commits](https://github.com/Redocly/redocly-cli/compare/@redocly/cli@2.20.4...@redocly/cli@2.25.3)

---
updated-dependencies:
- dependency-name: "@babel/runtime"
  dependency-version: 7.29.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: "@natlibfi/marc-record-serializers"
  dependency-version: 11.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-updates
- dependency-name: mysql2
  dependency-version: 3.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: "@babel/preset-env"
  dependency-version: 7.29.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-updates
- dependency-name: "@redocly/cli"
  dependency-version: 2.25.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 1, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 1, 2026 21:58
@aatuny aatuny closed this Apr 7, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 7, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot-npm_and_yarn-test-minor-updates-b4358ebcbb branch April 7, 2026 04:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aatuny