Bump the prod-minor-updates group across 1 directory with 6 updates

[dependabot]

Bumps the prod-minor-updates group with 6 updates in the /backend directory:

Package	From	To
better-sqlite3	12.6.2	12.8.0
knex	3.1.0	3.2.4
liquidjs	10.24.0	10.25.1
mysql2	3.18.2	3.20.0
otplib	13.3.0	13.4.0
pg	8.19.0	8.20.0

Updates better-sqlite3 from 12.6.2 to 12.8.0

Release notes

Sourced from better-sqlite3's releases.

v12.8.0

What's Changed

• Readme: requires Node.js v20 or later by @​Prinzhorn in WiseLibs/better-sqlite3#1443
• Update SQLite to version 3.51.3 in WiseLibs/better-sqlite3#1460
• fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 by @​tstone-1 in WiseLibs/better-sqlite3#1459

New Contributors

• @​tstone-1 made their first contribution in WiseLibs/better-sqlite3#1459

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

Full Changelog: WiseLibs/better-sqlite3@v12.7.1...v12.8.0

v12.7.1

Also not a viable release

The V8 API change was more bonkers than expected. See v12.8.0.

What's Changed

• fix: use Holder() instead of This() for Electron 41 compatibility by @​mceachen in WiseLibs/better-sqlite3#1456
• Roll back to SQLite to version 3.51.2 in WiseLibs/better-sqlite3#1457

Full Changelog: WiseLibs/better-sqlite3@v12.7.0...v12.7.1

v12.7.0

CAUTION: NOT A VIABLE RELEASE

Two (!!) reasons:

1. Electron v41 bit us and removed functions we were using, so a bunch of prebuilds are missing
2. From the SQLite team:

   Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

What's Changed

• chore(build.yml): update Electron version support to include v41 by @​mceachen in WiseLibs/better-sqlite3#1452
• Fix Node v25 test errors by @​m4heshd in WiseLibs/better-sqlite3#1454
• Update SQLite to version 3.52.0 in WiseLibs/better-sqlite3#1449
• Revert "Fix Node v25 test errors" by @​mceachen in WiseLibs/better-sqlite3#1455

Full Changelog: WiseLibs/better-sqlite3@v12.6.2...v12.7.0

... (truncated)

Commits

• fe774f5 12.8.0
• 8617ed6 fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 (#1459)
• 959a018 Update SQLite to version 3.51.3 (#1460)
• 43729c0 Readme: requires Node.js v20 or later (#1443)
• 27dc751 12.7.1
• db1119c Update SQLite to version 3.51.2 (#1457)
• d2c4815 fix: use Holder() instead of This() for Electron 41 compatibility (#1456)
• ef9ffce 12.7.0
• 3be46ff Revert "Fix Node v25 test errors" (#1455)
• f3a44a4 Update SQLite to version 3.52.0 (#1449)
• Additional commits viewable in compare view

Updates knex from 3.1.0 to 3.2.4

Release notes

Sourced from knex's releases.

3.2.3

What's Changed

• Prepare to release 3.2.3 hotfix by @​kibertoad in knex/knex#6401

Full Changelog: knex/knex@3.2.1...3.2.3

3.2.1

What's Changed

• docs: add VitePress blog with archive and UTC post dates by @​mercmobily in knex/knex#6397
• Fix docs build: add missing docs tsconfig and schema snippets by @​mercmobily in knex/knex#6398
• Add missing semver package by @​joshkel in knex/knex#6387
• Expore relevant submodules by @​kibertoad in knex/knex#6400

New Contributors

• @​joshkel made their first contribution in knex/knex#6387

Full Changelog: knex/knex@3.2.0...3.2.1

3.2.0

What's Changed

• Add migration lifecycle hooks by @​timorthi in knex/knex#5541
• Move website by @​rluvaton in knex/knex#5792
• fix docs deployment by @​rluvaton in knex/knex#5870
• trigger change in docs folder for website deployment by @​rluvaton in knex/knex#6029
• fix docs edit branch link and trigger website deployment on workflow changes as well by @​rluvaton in knex/knex#6030
• update publish directory by @​rluvaton in knex/knex#6031
• Fix whereILike issue with sqlite (#5604) by @​mohammedbalila in knex/knex#5687
• fix: recover from broken connection by @​beltschatsar in knex/knex#5774
• Run CI on Node 22 and remove dtslint by @​kibertoad in knex/knex#6165
• Specify behavior of first on 0 matches by @​WebFreak001 in knex/knex#6164
• fix: Fix The operator "<=>" is not permitted in MySQL by @​AdrienPoupa in knex/knex#6158
• update upsert documentation with support in MySQL by @​voda in knex/knex#6150
• Import knex as type in TS seed template by @​OliverWales in knex/knex#6094
• Pin MySQL version in Docker by @​kibertoad in knex/knex#6166
• query-builder.md fix section title by @​luckv in knex/knex#6180
• fix: add @​types/minimatch to fix TypeScript build by @​mercmobily in knex/knex#6240
• Update ESLint rules to allow modern syntax supported by knex's minimum node version by @​myndzi in knex/knex#6318
• Fix test:cli tests by @​myndzi in knex/knex#6310
• Fix various failing tests by @​myndzi in knex/knex#6313
• Ensure CRDB has the expected database before running integration tests by @​myndzi in knex/knex#6311
• Fix migration CLI and cli tests by @​myndzi in knex/knex#6264
• Fix where in query with raw column by @​myndzi in knex/knex#6323
• Update to non-screamy versions of dependencies that have npm audit failures by @​myndzi in knex/knex#6324
• fix(docs): mark function as code by @​janpio in knex/knex#6019
• add MariaDB to README by @​robertsilen in knex/knex#6120
• Fix links to documentation in README.md by @​DavidBruant in knex/knex#6055
• fix link to pg-query-stream by @​VincentHardouin in knex/knex#6121
• New, vastly improved web site by @​mercmobily in knex/knex#6332
• Fix VitePress build in CI (WebCrypto) by @​mercmobily in knex/knex#6339

... (truncated)

Changelog

Sourced from knex's changelog.

Master (Unreleased)

3.2.1 - 22 March, 2026

Bug fixes

• Fix subpath imports broken by exports field added in 3.2.0. Packages relying on deep imports (e.g. knex/lib/dialects/sqlite3/index) were blocked by the restrictive exports map

Docs

• Add VitePress blog with archive and UTC post dates (#6397)

3.2.0 - 22 March, 2026

New features

• Add migration lifecycle hooks (#5541)
• Add SIMILAR TO operator (#5303)
• Add dropUniqueIfExists (#6069)
• Add 'validate' pool option (#5120)
• PostgreSQL: default datetime/timestamp precision setting added (#5311)
• Better-SQLite3: Support defaultSafeIntegers option (#6320)
• Better-SQLite3: Improve safeIntegers support (#6352)
• SQLite: Refactor transactions to allow setting the foreign_keys pragma for a transaction (#6315)

Bug fixes

• Fix where in query with raw column (#6323)
• Fix migrate up with completed migration (#6342)
• Fix ESM export and typings (#6227)
• Fix migration CLI and cli tests (#6264)
• Fix recover from broken connection (#5774)
• Prevent unexpected combinations of statements and clauses groups from executing (#6314)
• Improve CLI error reporting in some edge cases (#6265)
• PostgreSQL: clearer error when pg-query-stream is missing (#6362)
• PostgreSQL: Fix streaming compatibility with pg-query-stream 4.14+ (#6396)
• MySQL: Fix the operator "<=>" is not permitted (#6158)
• MSSQL: Optimize stream.write (#5693)
• SQLite: Fix whereILike issue (#5687)

Types

• Fix usage of object type that is too broad (#5373)
• Fix pluck typing issue when CompositeTableType is used (#4609)
• Make types no longer allow knex to be called without tablename (#6188)
• Add missing type definition for orderBy with a raw column/expression (#5803)
• Add additional typing for column.index (#5371)
• Update typings for increment/decrement (#5674)
• Use syntax import from instead of import = require() (#5258)
• Import knex as type in TS seed template (#6094)

... (truncated)

Commits

• See full diff in compare view

Updates liquidjs from 10.24.0 to 10.25.1

Release notes

Sourced from liquidjs's releases.

v10.25.1

10.25.1 (2026-03-22)

Bug Fixes

• mem limiter for invalid ranges (95ddefc)
• treat args for replace_first as literal (35d5230)

v10.25.0

10.25.0 (2026-03-07)

Bug Fixes

• path traversal vulnerability, #851 (#855) (3cd024d)

Features

• export error types, resolving #837 (#840) (71aa1b1)

Changelog

Sourced from liquidjs's changelog.

10.25.1 (2026-03-22)

Bug Fixes

• mem limiter for invalid ranges (95ddefc)
• treat args for replace_first as literal (35d5230)

10.25.0 (2026-03-07)

Bug Fixes

• path traversal vulnerability, #851 (#855) (3cd024d)

Features

• export error types, resolving #837 (#840) (71aa1b1)

Commits

• 97d8291 chore(release): 10.25.1 [skip ci]
• 35d5230 fix: treat args for replace_first as literal
• 94440a0 chore: more strict mem limit for string filters
• 95ddefc fix: mem limiter for invalid ranges
• 1b85fda docs: update contact in security.md (#862)
• 93c38c7 chore(release): 10.25.0 [skip ci]
• c7a291b chore: update semantic-release dependencies (#861)
• eb4683e chore: update to NPM Trusted Release (#860)
• f1fc573 docs: state differences regarding inspect array/hash, #852, #853 (#858)
• 524cd92 docs: add peaktwilight as a contributor for code (#857)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for liquidjs since your current version.

Updates mysql2 from 3.18.2 to 3.20.0

Release notes

Sourced from mysql2's releases.

v3.20.0

3.20.0 (2026-03-15)

Features

• add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

• explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
• prevent double release from corrupting the connection pool (#4186) (7e57db6)
• restore PoolConnection as subclass of Connection (#4183) (97855a6)

v3.19.1

3.19.1 (2026-03-09)

Security Bug Fixes

• bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
• handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
• prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
• validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

v3.19.0

3.19.0 (2026-03-05)

Features

• use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

• fix precision loss for large decimal values (#4135) (099beea)

Changelog

Sourced from mysql2's changelog.

3.20.0 (2026-03-15)

Features

• add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

• explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
• prevent double release from corrupting the connection pool (#4186) (7e57db6)
• restore PoolConnection as subclass of Connection (#4183) (97855a6)

3.19.1 (2026-03-09)

Bug Fixes

• bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
• handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
• prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
• validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

3.19.0 (2026-03-05)

Features

• use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

• fix precision loss for large decimal values (#4135) (099beea)

Commits

• 6d0ba45 chore(master): release 3.20.0 (#4180)
• 5ac5563 fix: explicitly specify in auth plugins (#4175) (#4187)
• 1993624 ci: improve workflows triggering (#4189)
• ff839c2 docs: improve LLM Agents instructions (#4188)
• 7e57db6 fix: prevent double release from corrupting the connection pool (#4186)
• 92d0724 docs: include instructions to LLM agents (#4185)
• f4ce16a refactor: simplify TracingChannel logic (#4184)
• 97855a6 fix: restore PoolConnection as subclass of Connection (#4183)
• 90a0677 refactor: prevent unintentional breaking change after TracingChannel support ...
• 5b61d86 ci: improve coverage (#4181)
• Additional commits viewable in compare view

Updates otplib from 13.3.0 to 13.4.0

Release notes

Sourced from otplib's releases.

v13.4.0

What's Changed

• fix(deps): resolve markdown-it ReDoS vulnerability by @​yeojz in yeojz/otplib#798
• chore(deps-dev): bump the dev-dependencies-minor group with 3 updates by @​dependabot[bot] in yeojz/otplib#800
• chore: update dependabot to monthly cadence by @​yeojz in yeojz/otplib#802
• chore: upgrade dependencies to latest versions by @​Copilot in yeojz/otplib#804
• Upgrade pnpm to 10.30.1 to fix audit endpoint issue by @​Copilot in yeojz/otplib#805
• chore: override minimatch by @​yeojz in yeojz/otplib#806
• docs: improve package READMEs with accurate API context and usage examples by @​yeojz in yeojz/otplib#803
• Fix docs by @​BobTheShoplifter in yeojz/otplib#807
• ci: skip reporting job on fork PRs by @​yeojz in yeojz/otplib#808
• chore: override ajv to fix moderate ReDoS vulnerability by @​yeojz in yeojz/otplib#809
• feat: add IIFE/CDN build support to otplib by @​yeojz in yeojz/otplib#810
• fix: update release titles to use version-prefixed format by @​yeojz in yeojz/otplib#811
• chore: move otplib-cli to packages/ and sync versioning by @​yeojz in yeojz/otplib#812
• docs(totp): add string secrets and authenticator compatibility notes to README by @​yeojz in yeojz/otplib#813
• chore(deps-dev): bump the dev-dependencies-patch group with 5 updates by @​dependabot[bot] in yeojz/otplib#814
• chore(deps): bump the github-actions group with 3 updates by @​dependabot[bot] in yeojz/otplib#816
• chore(deps-dev): bump @​eslint/js from 9.39.2 to 9.39.3 by @​dependabot[bot] in yeojz/otplib#815
• fix: override undici package security alert by @​yeojz in yeojz/otplib#818
• release(packages): v13.4.0 by @​github-actions[bot] in yeojz/otplib#819

New Contributors

• @​BobTheShoplifter made their first contribution in yeojz/otplib#807

Full Changelog: yeojz/otplib@v13.3.0...v13.4.0

Commits

• e5490bb release(packages): v13.4.0 (#819)
• 3352eeb docs(totp): add string secrets and authenticator compatibility notes to READM...
• 9038272 feat: add IIFE/CDN build support to otplib (#810)
• 4fd86b5 chore: update readme tip/important blocks
• 6c9ed1c docs: improve package READMEs with accurate API context and usage examples (#...
• See full diff in compare view

Updates pg from 8.19.0 to 8.20.0

Changelog

Sourced from pg's changelog.

pg@8.20.0

• Add onConnect callback to pg.Pool constructor options allowing for async initialization of newly created & connected pooled clients.

Commits

• c9070cc Publish
• ad36e3c fix: typo in deprecation notice for client.query() (#3618)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions