Skip to content

Bump the prod-minor-updates group across 1 directory with 4 updates#5408

Open
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/backend/prod-minor-updates-0f64c1012c
Open

Bump the prod-minor-updates group across 1 directory with 4 updates#5408
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/backend/prod-minor-updates-0f64c1012c

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026

Bumps the prod-minor-updates group with 4 updates in the /backend directory: better-sqlite3, liquidjs, mysql2 and pg.

Updates better-sqlite3 from 12.6.2 to 12.8.0

Release notes

Sourced from better-sqlite3's releases.

v12.8.0

What's Changed

New Contributors

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

Full Changelog: WiseLibs/better-sqlite3@v12.7.1...v12.8.0

v12.7.1

Also not a viable release

The V8 API change was more bonkers than expected. See v12.8.0.

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.7.0...v12.7.1

v12.7.0

CAUTION: NOT A VIABLE RELEASE

Two (!!) reasons:

  1. Electron v41 bit us and removed functions we were using, so a bunch of prebuilds are missing
  2. From the SQLite team:

    Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.6.2...v12.7.0

... (truncated)

Commits

Updates liquidjs from 10.24.0 to 10.25.0

Release notes

Sourced from liquidjs's releases.

v10.25.0

10.25.0 (2026-03-07)

Bug Fixes

Features

Changelog

Sourced from liquidjs's changelog.

10.25.0 (2026-03-07)

Bug Fixes

Features

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for liquidjs since your current version.


Updates mysql2 from 3.18.2 to 3.20.0

Release notes

Sourced from mysql2's releases.

v3.20.0

3.20.0 (2026-03-15)

Features

  • add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

  • explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
  • prevent double release from corrupting the connection pool (#4186) (7e57db6)
  • restore PoolConnection as subclass of Connection (#4183) (97855a6)

v3.19.1

3.19.1 (2026-03-09)

Security Bug Fixes

  • bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
  • handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
  • prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
  • validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

v3.19.0

3.19.0 (2026-03-05)

Features

  • use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

  • fix precision loss for large decimal values (#4135) (099beea)
Changelog

Sourced from mysql2's changelog.

3.20.0 (2026-03-15)

Features

  • add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

  • explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
  • prevent double release from corrupting the connection pool (#4186) (7e57db6)
  • restore PoolConnection as subclass of Connection (#4183) (97855a6)

3.19.1 (2026-03-09)

Bug Fixes

  • bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
  • handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
  • prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
  • validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

3.19.0 (2026-03-05)

Features

  • use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

  • fix precision loss for large decimal values (#4135) (099beea)
Commits

Updates pg from 8.19.0 to 8.20.0

Changelog

Sourced from pg's changelog.

pg@8.20.0

  • Add onConnect callback to pg.Pool constructor options allowing for async initialization of newly created & connected pooled clients.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the prod-minor-updates group across 1 directory with 4 updates
747171d 
Bumps the prod-minor-updates group with 4 updates in the /backend directory: [better-sqlite3](https://github.com/WiseLibs/better-sqlite3), [liquidjs](https://github.com/harttle/liquidjs), [mysql2](https://github.com/sidorares/node-mysql2) and [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg).


Updates `better-sqlite3` from 12.6.2 to 12.8.0
- [Release notes](https://github.com/WiseLibs/better-sqlite3/releases)
- [Commits](WiseLibs/better-sqlite3@v12.6.2...v12.8.0)

Updates `liquidjs` from 10.24.0 to 10.25.0
- [Release notes](https://github.com/harttle/liquidjs/releases)
- [Changelog](https://github.com/harttle/liquidjs/blob/master/CHANGELOG.md)
- [Commits](harttle/liquidjs@v10.24.0...v10.25.0)

Updates `mysql2` from 3.18.2 to 3.20.0
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v3.18.2...v3.20.0)

Updates `pg` from 8.19.0 to 8.20.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.20.0/packages/pg)

---
updated-dependencies:
- dependency-name: better-sqlite3
  dependency-version: 12.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
- dependency-name: liquidjs
  dependency-version: 10.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
- dependency-name: mysql2
  dependency-version: 3.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
- dependency-name: pg
  dependency-version: 8.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 16, 2026
@nginxproxymanagerci
Copy link

nginxproxymanagerci bot commented Mar 16, 2026

Docker Image for build 1 is available on DockerHub:

nginxproxymanager/nginx-proxy-manager-dev:pr-5408

Note

Ensure you backup your NPM instance before testing this image! Especially if there are database changes.
This is a different docker image namespace than the official image.

Warning

Changes and additions to DNS Providers require verification by at least 2 members of the community!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants