Skip to content

Bump the npm_and_yarn group across 1 directory with 6 updates#1

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-00ff3e1c7a
Open

Bump the npm_and_yarn group across 1 directory with 6 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-00ff3e1c7a

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 5, 2026

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package From To
moment 2.10.6 2.30.1
mongodb 2.2.36 7.1.0
mysql 2.7.0 2.18.1
pg 4.4.6 8.18.0
pg-native 1.10.1 3.5.2
semver 4.3.6 7.7.4

Updates moment from 2.10.6 to 2.30.1

Changelog

Sourced from moment's changelog.

2.30.1

2.30.0 Full changelog

  • Release Dec 26, 2023

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

... (truncated)

Commits

Updates mongodb from 2.2.36 to 7.1.0

Release notes

Sourced from mongodb's releases.

v7.1.0

7.1.0 (2026-02-02)

The MongoDB Node.js team is pleased to announce version 7.1.0 of the mongodb package!

Release Notes

🧩 Runtime and platform compatibility improvements

aws4 package no longer required for AWS authentication

The aws4 package is no longer required to use AWS authentication, reducing the dependency footprint.

Usages of util.promisify have been removed

The driver no longer relies on Node.js’s util.promisify() API, which improves compatibility with alternate runtimes.

Explicit node:process import instead of global.process

The driver now explicitly imports node:process instead of relying on global.process, allowing bundlers and alternate runtimes to supply and optimize the process implementation more consistently.

Node-specific platform APIs replaced with standards-based equivalents

The driver replaces several Node-specific APIs with standards-based equivalents:

  • process.archos.arch()
  • process.platformos.platform()
  • os.endianness()BSON.NumberUtils
  • process.hrtime()performance.now()
  • process.nextTick()queueMicrotask()

These changes reduce the number of patches required to run the driver outside of Node.js and improve compatibility with non-Node.js runtimes.

🔁 Connection resilience and retry behavior improvements

Connection churn avoidance in server overload scenarios

When server-side connection rate limiting is enabled and the rate limiter kicks in under periods of high connection establishment,the driver will additionally churn connections by clearing the pool every time the rate limiter rejects an incoming connection request.

In this new driver release, connection establishment failures no longer clear the pool, preventing unnecessary connection churn in these scenarios.

withTransaction now applies exponential backoff during transaction retries

The convenient transaction API, withTransaction, now uses exponential backoff between retries when a transaction must be retried. Under high server load, this can help prevent transaction retry storms.

Server selection deprioritizes servers during retries

When retrying a command, the driver now deprioritizes servers during server selection, improving stability and reducing the likelihood of repeatedly targeting overloaded or previously failed servers.

... (truncated)

Changelog

Sourced from mongodb's changelog.

7.1.0 (2026-02-02)

Features

  • NODE-5393: aws4 no longer required for AWS authentication (#4824) (0f46db8)
  • NODE-7121: prevent connection churn on backpressure errors when establishing connections (#4800) (4cb2b87)
  • NODE-7122: exponential backoff between retries in convenient transaction API (#4765) (e70fdc9)
  • NODE-7304: remove usages in src of promisify (#4799) (761b9bf)
  • NODE-7306: Replace global process with import node:process (#4820) (cc503cb)
  • NODE-7310: Replace process.arch with os.arch() (#4823) (f0af829)
  • NODE-7311: Replace process.platform with os.platform() (#4822) (c58ca1f)
  • NODE-7317: use BSON.NumberUtils to determine endianness (#4808) (4e9467e)
  • NODE-7319: update allowed hosts list with *.mongo.com (#4802) (bfb7160)
  • NODE-7330: deprecate RenameCollectionOptions.new_collection (#4815) (a96fa26)
  • NODE-7333: add support for deprioritized servers to all topologies (#4821) (a4211e7)

Bug Fixes

  • NODE-7290: use valueof for error code check (#4791) (1cc3d1c)
  • NODE-7298: ensure commonWireVersion is computed from server maxWireVersion (#4805) (2b2366d)
  • NODE-7307: Replace node:process.hrtime() with performance.now() (#4816) (ae2e037)
  • NODE-7308: replace process.nextTick with queueMicrotask (#4817) (b1b6e81)

7.0.0 (2025-11-06)

⚠ BREAKING CHANGES

  • NODE-7259: use alphas of all supporting packages (#4746)
  • NODE-5510: dont filter change stream options (#4723)
  • NODE-6296: remove cursor default batch size of 1000 (#4729)
  • NODE-7150: update peer dependency matrix for 3rd party peer deps (#4720)
  • NODE-7046: remove AWS uri/options support (#4689)
  • NODE-4808: remove support for stream() transform on cursors and change streams (#4728)
  • NODE-6377: remove noResponse option (#4724)
  • NODE-6473: remove MONGODB-CR auth (#4717)
  • NODE-5994: Remove metadata-related properties from public driver API (#4716)
  • NODE-7016: remove beta namespace and move resource management into driver (#4719)
  • NODE-4184: don't throw on aggregate with write concern and explain (#4718)
  • NODE-7043, NODE-7217: adopt mongodb-client-encryption v7 (#4705)
  • NODE-6065: throw MongoRuntimeError instead of MissingDependencyError in crypto connection (#4711)
  • NODE-6584: improve typing for filepaths in AutoEncryptionOptions (#4341)
  • NODE-6334: rename PoolRequstedRetry to PoolRequestedRetry (#4696)
  • NODE-7174: drop support for Node16 and Node18 (#4668)
  • NODE-7047: use custom credential provider first after URI (#4656)
  • NODE-6988: require aws sdk for aws auth (#4659)

Features

... (truncated)

Commits
  • b7cd1ef chore(main): release 7.1.0 (#4795)
  • 9151d48 test(NODE-7400): Test Node Driver 7.0.0 against latest version of BSON librar...
  • 59c2557 test(NODE-7415): sync spec test for server deprioritization with changed Serv...
  • ea31dcd ci(NODE-7025): New SBOM generation workflow on dependencies change (#4807)
  • 8b900ee test(NODE-7402): sync spec tests for CSOT (#4852)
  • d46b8d0 test(NODE-7393): sync spec tests for transaction logging (#4850)
  • 000fa0f test(NODE-7420): skip large encryption tests on mongocryptd (#4854)
  • 0358360 test(NODE-7394): add test suite that runs with TLS enabled (#4845)
  • 840c77b chore(deps): bump drivers-evergreen-tools from 61cb4e9 to c7ec372 (#4848)
  • 2b2366d fix(NODE-7298): ensure commonWireVersion is computed from server maxWireVersi...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by dbx-node, a new releaser for mongodb since your current version.


Updates mysql from 2.7.0 to 2.18.1

Changelog

Sourced from mysql's changelog.

v2.18.1 (2020-01-23)

  • Fix Amazon RDS profile for yaSSL MySQL servers with 2019 CA #2292

v2.18.0 (2020-01-21)

  • Add localInfile option to control LOAD DATA LOCAL INFILE
  • Add new Amazon RDS Root 2019 CA to Amazon RDS SSL profile #2280
  • Add new error codes up to MySQL 5.7.29
  • Fix early detection of bad callback to connection.query
  • Support Node.js 12.x #2211
  • Support Node.js 13.x
  • Support non-enumerable properties in object argument to connection.query #2253
  • Update bignumber.js to 9.0.0
  • Update readable-stream to 2.3.7

v2.17.1 (2019-04-18)

  • Update bignumber.js to 7.2.1 #2206
    • Fix npm deprecation warning

v2.17.0 (2019-04-17)

  • Add reverse type lookup for small performance gain #2170
  • Fix connection.threadId missing on handshake failure
  • Fix duplicate packet name in debug output
  • Fix no password support for old password protocol
  • Remove special case for handshake in determine packet code
  • Small performance improvement starting command sequence
  • Support auth switch in change user flow #1776
  • Support Node.js 11.x
  • Update bignumber.js to 6.0.0

v2.16.0 (2018-07-17)

  • Add Amazon RDS GovCloud SSL certificates #1876
  • Add new error codes up to MySQL 5.7.21
  • Include connection ID in debug output
  • Support Node.js 9.x
  • Support Node.js 10.x #2003 #2024 #2026 #2034
  • Update Amazon RDS SSL certificates
  • Update bignumber.js to 4.1.0
  • Update readable-stream to 2.3.6
  • Update sqlstring to 2.3.1
    • Fix incorrectly replacing non-placeholders in SQL

v2.15.0 (2017-10-05)

  • Add new Amazon RDS ca-central-1 certificate CA to Amazon RDS SSL profile #1809
  • Add new error codes up to MySQL 5.7.19

... (truncated)

Commits
  • 32a0293 2.18.1
  • 431c5e5 Fix Amazon RDS profile for yaSSL MySQL servers with 2019 CA
  • f410f91 2.18.0
  • dbb07ed Support non-enumerable properties in object argument to connection.query
  • ca84d0a Fix early detection of bad callback to connection.query
  • 1428049 Add new Amazon RDS Root 2019 CA to Amazon RDS SSL profile
  • ec382a2 docs: document PoolCluster disconnect behavior
  • d247eef build: update lts tag in travis
  • 337e87a Add localInfile option to control LOAD DATA LOCAL INFILE
  • 1e2c350 Add new error codes up to MySQL 5.7.29
  • Additional commits viewable in compare view

Updates pg from 4.4.6 to 8.18.0

Changelog

Sourced from pg's changelog.

pg@8.18.0

pg@8.17.0

  • Throw correct error if database URL parsing fails.

pg@8.16.0

pg@8.15.0

  • Add support for esm importing. CommonJS importing is still also supported.

pg@8.14.0

pg@8.13.0

pg@8.12.0

pg-pool@8.10.0

  • Emit release event when client is returned to the pool.

pg@8.9.0

pg@8.8.0

pg-pool@3.5.0

... (truncated)

Commits

Updates pg-native from 1.10.1 to 3.5.2

Changelog

Sourced from pg-native's changelog.

All major and minor releases are briefly explained below.

For richer information consult the commit log on github with referenced pull requests.

We do not include break-fix version release in this file.

pg@8.18.0

pg@8.17.0

  • Throw correct error if database URL parsing fails.

pg@8.16.0

pg@8.15.0

  • Add support for esm importing. CommonJS importing is still also supported.

pg@8.14.0

pg@8.13.0

pg@8.12.0

pg-pool@8.10.0

  • Emit release event when client is returned to the pool.

pg@8.9.0

pg@8.8.0

  • Bump minimum required version of native bindings.
  • Catch previously uncatchable errors thrown in pool.query.
  • Prevent the pool from blocking the event loop if all clients are idle (and allowExitOnIdle is enabled).
  • Support lock_timeout in client config.

... (truncated)

Commits

Updates semver from 4.3.6 to 7.7.4

Release notes

Sourced from semver's releases.

v7.7.4

7.7.4 (2026-01-16)

Bug Fixes

Documentation

Dependencies

Chores

v7.7.3

7.7.3 (2025-10-06)

Bug Fixes

Chores

v7.7.2

7.7.2 (2025-05-12)

Bug Fixes

Chores

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

v7.7.0

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

... (truncated)

Changelog

Sourced from semver's changelog.

7.7.4 (2026-01-16)

Bug Fixes

Documentation

Dependencies

Chores

7.7.3 (2025-10-06)

Bug Fixes

Chores

7.7.2 (2025-05-12)

Bug Fixes

Chores

7.7.1 (2025-02-03)

Bug Fixes

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

7.6.3 (2024-07-16)

Bug Fixes

... (truncated)

Commits
  • 5993c2e chore: release 7.7.4 (#839)
  • 120968b deps: @​npmcli/template-oss@​4.29.0 (#840)
  • a29faa5 fix(cli): pass options to semver.valid() for loose version validation (#835)
  • 1d28d5e docs: fix typos and update -n CLI option documentation (#836)
  • 5816d4c chore: bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829)
  • ab9e28a chore: bump @​npmcli/template-oss from 4.27.1 to 4.28.0 (#827)
  • 44d7130 chore: bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824)
  • 7073576 chore: reorder parameters in invalid-versions.js test (#820)
  • 16a35f5 chore: bump @​npmcli/template-oss from 4.26.0 to 4.27.1 (#823)
  • 3a3459d chore: bump @​npmcli/template-oss from 4.25.1 to 4.26.0 (#818)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for semver since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 6 updates
3c743a6 
Bumps the npm_and_yarn group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [moment](https://github.com/moment/moment) | `2.10.6` | `2.30.1` |
| [mongodb](https://github.com/mongodb/node-mongodb-native) | `2.2.36` | `7.1.0` |
| [mysql](https://github.com/mysqljs/mysql) | `2.7.0` | `2.18.1` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `4.4.6` | `8.18.0` |
| [pg-native](https://github.com/brianc/node-postgres) | `1.10.1` | `3.5.2` |
| [semver](https://github.com/npm/node-semver) | `4.3.6` | `7.7.4` |



Updates `moment` from 2.10.6 to 2.30.1
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.10.6...2.30.1)

Updates `mongodb` from 2.2.36 to 7.1.0
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v2.2.36...v7.1.0)

Updates `mysql` from 2.7.0 to 2.18.1
- [Changelog](https://github.com/mysqljs/mysql/blob/master/Changes.md)
- [Commits](mysqljs/mysql@v2.7.0...v2.18.1)

Updates `pg` from 4.4.6 to 8.18.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.18.0/packages/pg)

Updates `pg-native` from 1.10.1 to 3.5.2
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/compare/pg-protocol@1.10.1...pg-native@3.5.2)

Updates `semver` from 4.3.6 to 7.7.4
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v4.3.6...v7.7.4)

---
updated-dependencies:
- dependency-name: moment
  dependency-version: 2.30.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: mongodb
  dependency-version: 7.1.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: mysql
  dependency-version: 2.18.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: pg
  dependency-version: 8.18.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: pg-native
  dependency-version: 3.5.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-version: 7.7.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants