Skip to content

Bump the prod-dependencies group across 1 directory with 9 updates#4882

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/prod-dependencies-4b429e3121
Open

Bump the prod-dependencies group across 1 directory with 9 updates#4882
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/prod-dependencies-4b429e3121

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps the prod-dependencies group with 8 updates in the / directory:

Package From To
@codemirror/commands 6.10.3 6.10.4
@codemirror/language 6.12.3 6.12.4
@codemirror/search 6.7.0 6.7.1
@codemirror/view 6.43.1 6.43.3
body-parser 2.2.2 2.3.0
less 4.6.4 4.6.7
mongoose 9.7.0 9.7.2
nanoid 5.1.11 5.1.16

Updates @codemirror/commands from 6.10.3 to 6.10.4

Commits

Updates @codemirror/language from 6.12.3 to 6.12.4

Commits

Updates @codemirror/search from 6.7.0 to 6.7.1

Commits

Updates @codemirror/state from 6.6.0 to 6.7.0

Commits

Updates @codemirror/view from 6.43.1 to 6.43.3

Commits

Updates body-parser from 2.2.2 to 2.3.0

Release notes

Sourced from body-parser's releases.

v2.3.0

What's Changed

New Contributors

Full Changelog: expressjs/body-parser@v2.2.2...v2.3.0

Changelog

Sourced from body-parser's changelog.

2.3.0 / 2026-06-15

  • fix: use static exports instead of lazy getters to improve ESM compatibility
  • feat: add subpath exports for individual parsers
  • fix: improve limit option validation (#698)
    • Invalid limit values (e.g. unparseable strings or NaN) now throw instead of being silently ignored, which previously disabled size limit enforcement
    • null and undefined fall back to the default 100kb limit
  • deps:
    • content-type@^2.0.0
    • http-errors@^2.0.1
    • iconv-lite^0.7.2
    • qs@^6.15.2
    • raw-body@^3.0.2
    • type-is@^2.1.0
Commits
  • d0f2ace 2.3.0 (#735)
  • 7d03f2f chore: updated deps to latest (#733)
  • 8024ba7 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#732)
  • 32b4ed4 build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 (#731)
  • ff0f6b9 docs: update outdated reference to MDN docs (#730)
  • 14d001a refactor: switch to const/let and enable eslint no-var rule (#729)
  • 37f36a2 deps: update content-type and type-is (#728)
  • e1c244b build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 (#723)
  • e01087f build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#724)
  • a7698d3 build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#725)
  • Additional commits viewable in compare view

Updates less from 4.6.4 to 4.6.7

Release notes

Sourced from less's releases.

Release v4.6.7

Changes

See CHANGELOG.md for details.

Installation

npm install less@4.6.7

Release v4.6.6

Changes

See CHANGELOG.md for details.

Installation

npm install less@4.6.6

Release v4.6.5

Changes

See CHANGELOG.md for details.

Installation

npm install less@4.6.5
Changelog

Sourced from less's changelog.

v4.6.7 (2026-06-20)

Changes

  • #4457 Fix failing "Request Copilot review" CI job (@​app/copilot-swe-agent)
  • #4451 chore: release v4.6.6 (@​app/github-actions)

v4.6.6 (2026-06-14)

Changes

v4.6.5 (2026-06-13)

Bug Fixes

Maintenance

Commits

Updates mongoose from 9.7.0 to 9.7.2

Release notes

Sourced from mongoose's releases.

9.7.2 / 2026-06-22

  • fix(documentarray): reindex subdocs after array reordering and removal so subsequent nested changes save using the correct path #16282 AbdelrahmanHafez
  • fix(document): avoid accessing special properties in Document.prototype.get()
  • fix(schema): only return own properties in schematype lookups and disallow setting schema paths under special properties
  • docs: update homepage sponsor layout

9.7.1 / 2026-06-17

  • perf(document+model): improve save performance by avoiding unnecessary promise allocations and reducing path/default/dirty-state overhead #16331
  • fix(schema): include ObjectId regex pattern in toJSONSchema() output #16335 #16334 AbdelrahmanHafez
  • fix(populate): split populate into separate queries per document if the resulting $in filter has more than 50k elements to reduce risk of BSON size errors #16333 #5890
  • docs: add assistant sidebar with MongoDB Knowledge integration #16311 #16283
  • docs: update docs copy buttons, edit links, homepage alignment, and llms.txt generation #16326 #16327 #16329
Changelog

Sourced from mongoose's changelog.

9.7.2 / 2026-06-22

  • fix(documentarray): reindex subdocs after array reordering and removal so subsequent nested changes save using the correct path #16282 AbdelrahmanHafez
  • fix(document): avoid accessing special properties in Document.prototype.get()
  • fix(schema): only return own properties in schematype lookups and disallow setting schema paths under special properties
  • docs: update homepage sponsor layout

9.7.1 / 2026-06-17

  • perf(document+model): improve save performance by avoiding unnecessary promise allocations and reducing path/default/dirty-state overhead #16331
  • fix(schema): include ObjectId regex pattern in toJSONSchema() output #16335 #16334 AbdelrahmanHafez
  • fix(populate): split populate into separate queries per document if the resulting $in filter has more than 50k elements to reduce risk of BSON size errors #16333 #5890
  • docs: add assistant sidebar with MongoDB Knowledge integration #16311 #16283
  • docs: update docs copy buttons, edit links, homepage alignment, and llms.txt generation #16326 #16327 #16329
Commits
  • 87ade9b chore: release 9.7.2
  • 4e12786 Merge branch 'vkarpov15/fix-security-20260609-master'
  • b3dd12a docs: flex wrap for major sponsors
  • d48fee3 fix(documentarray): reindex subdocs after reordering (#16282)
  • 03bedea docs: add mongodb as sponsor on homepage
  • 8fa2365 fix(document): additional defensive checks in Document.prototype.get()
  • 35a3f33 fix(schema): only return own properties in schematype lookups
  • d2a725f chore: fix eslint ignore to exclude old docs files
  • 7fee4b5 chore: release 9.7.1
  • 1e81fcc Merge pull request #16333 from Automattic/vkarpov15/gh-5890-2
  • Additional commits viewable in compare view

Updates nanoid from 5.1.11 to 5.1.16

Release notes

Sourced from nanoid's releases.

5.1.16

5.1.15

  • Fixed random pool corruption on big ID sizes.

5.1.14

  • Fixed npm package size regression.

5.1.13

  • Fixed npm package size regression.

5.1.12

  • Moved to npm Provenance and Staged Publishing.
Changelog

Sourced from nanoid's changelog.

5.1.16

5.1.15

  • Fixed random pool corruption on big ID sizes.

5.1.14

  • Fixed npm package size regression.

5.1.13

  • Fixed npm package size regression.

5.1.12

  • Moved to npm Provenance and Staged Publishing.
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for nanoid since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the prod-dependencies group across 1 directory with 9 updates
dcddb81 
Bumps the prod-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@codemirror/commands](https://github.com/codemirror/commands) | `6.10.3` | `6.10.4` |
| [@codemirror/language](https://github.com/codemirror/language) | `6.12.3` | `6.12.4` |
| [@codemirror/search](https://github.com/codemirror/search) | `6.7.0` | `6.7.1` |
| [@codemirror/view](https://github.com/codemirror/view) | `6.43.1` | `6.43.3` |
| [body-parser](https://github.com/expressjs/body-parser) | `2.2.2` | `2.3.0` |
| [less](https://github.com/less/less.js) | `4.6.4` | `4.6.7` |
| [mongoose](https://github.com/Automattic/mongoose) | `9.7.0` | `9.7.2` |
| [nanoid](https://github.com/ai/nanoid) | `5.1.11` | `5.1.16` |



Updates `@codemirror/commands` from 6.10.3 to 6.10.4
- [Changelog](https://github.com/codemirror/commands/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/commands/commits)

Updates `@codemirror/language` from 6.12.3 to 6.12.4
- [Changelog](https://github.com/codemirror/language/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/language/commits)

Updates `@codemirror/search` from 6.7.0 to 6.7.1
- [Changelog](https://github.com/codemirror/search/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/search/commits)

Updates `@codemirror/state` from 6.6.0 to 6.7.0
- [Changelog](https://github.com/codemirror/state/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/state/commits)

Updates `@codemirror/view` from 6.43.1 to 6.43.3
- [Changelog](https://github.com/codemirror/view/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/view/commits)

Updates `body-parser` from 2.2.2 to 2.3.0
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@v2.2.2...v2.3.0)

Updates `less` from 4.6.4 to 4.6.7
- [Release notes](https://github.com/less/less.js/releases)
- [Changelog](https://github.com/less/less.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/less/less.js/commits/v4.6.7)

Updates `mongoose` from 9.7.0 to 9.7.2
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](Automattic/mongoose@9.7.0...9.7.2)

Updates `nanoid` from 5.1.11 to 5.1.16
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@5.1.11...5.1.16)

---
updated-dependencies:
- dependency-name: "@codemirror/commands"
  dependency-version: 6.10.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: "@codemirror/language"
  dependency-version: 6.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: "@codemirror/search"
  dependency-version: 6.7.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: "@codemirror/state"
  dependency-version: 6.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: "@codemirror/view"
  dependency-version: 6.43.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: body-parser
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: less
  dependency-version: 4.6.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: mongoose
  dependency-version: 9.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: nanoid
  dependency-version: 5.1.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@calculuschild