chore(deps): bump the test-versions group across 3 directories with 5 updates #7101

dependabot · 2025-12-15T00:28:16Z

Bumps the test-versions group with 1 update in the /integration-tests/appsec/iast-esbuild-cjs directory: esbuild.
Bumps the test-versions group with 1 update in the /integration-tests/appsec/iast-esbuild-esm directory: esbuild.
Bumps the test-versions group with 4 updates in the /integration-tests/esbuild directory: express, @koa/router, aws-sdk and openai.

Updates esbuild from 0.25.12 to 0.27.1

Release notes

Sourced from esbuild's releases.

v0.27.1
Fix bundler bug with var nested inside if (#4348)

This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.
Fix minifier bug with for inside try inside label (#4351)

This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:
// Original code
d: {
  e: {
    try {
      while (1) { break d }
    } catch { break e; }
  }
}
// Old output (with --minify)
a:try{e:for(;;)break a}catch{break e}
// New output (with --minify)
a:e:try{for(;;)break a}catch{break e}
Inline IIFEs containing a single expression (#4354)

Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:
// Original code
const foo = () => {
  const cb = () => {
    console.log(x())
  }
  return cb()
}
// Old output (with --minify)
const foo=()=>(()=>{console.log(x())})();
// New output (with --minify)
const foo=()=>{console.log(x())};
The minifier now strips empty finally clauses (#4353)

This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.1
Fix bundler bug with var nested inside if (#4348)

This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.
Fix minifier bug with for inside try inside label (#4351)

This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:
// Original code
d: {
  e: {
    try {
      while (1) { break d }
    } catch { break e; }
  }
}
// Old output (with --minify)
a:try{e:for(;;)break a}catch{break e}
// New output (with --minify)
a:e:try{for(;;)break a}catch{break e}
Inline IIFEs containing a single expression (#4354)

Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:
// Original code
const foo = () => {
  const cb = () => {
    console.log(x())
  }
  return cb()
}
// Old output (with --minify)
const foo=()=>(()=>{console.log(x())})();
// New output (with --minify)
const foo=()=>{console.log(x())};
The minifier now strips empty finally clauses (#4353)

This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

... (truncated)

Commits

5e0e56d publish 0.27.1 to npm
5a89732 fix #4354: improve IIFE inlining for expressions
b940218 minify: move unused expr simplification later
c46d498 fix #4353: remove empty try/finally clauses
7a72735 fix #4348: bundler bug with var inside if
4e4e177 fix #4351: label + try + for minifier bug
d6427c9 fix: deno release url wrong comment (#4326)
48e3e19 calling Symbol.for with a primitive never throws
4ff88d0 update decorator-tests.js snapshot
1877e60 calling Symbol with a primitive will never throw
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.

Updates esbuild from 0.25.12 to 0.27.1

Release notes

Sourced from esbuild's releases.

v0.27.1
Fix bundler bug with var nested inside if (#4348)

This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.
Fix minifier bug with for inside try inside label (#4351)

This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:
// Original code
d: {
  e: {
    try {
      while (1) { break d }
    } catch { break e; }
  }
}
// Old output (with --minify)
a:try{e:for(;;)break a}catch{break e}
// New output (with --minify)
a:e:try{for(;;)break a}catch{break e}
Inline IIFEs containing a single expression (#4354)

Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:
// Original code
const foo = () => {
  const cb = () => {
    console.log(x())
  }
  return cb()
}
// Old output (with --minify)
const foo=()=>(()=>{console.log(x())})();
// New output (with --minify)
const foo=()=>{console.log(x())};
The minifier now strips empty finally clauses (#4353)

This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.1
Fix bundler bug with var nested inside if (#4348)

This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.
Fix minifier bug with for inside try inside label (#4351)

This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:
// Original code
d: {
  e: {
    try {
      while (1) { break d }
    } catch { break e; }
  }
}
// Old output (with --minify)
a:try{e:for(;;)break a}catch{break e}
// New output (with --minify)
a:e:try{for(;;)break a}catch{break e}
Inline IIFEs containing a single expression (#4354)

Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:
// Original code
const foo = () => {
  const cb = () => {
    console.log(x())
  }
  return cb()
}
// Old output (with --minify)
const foo=()=>(()=>{console.log(x())})();
// New output (with --minify)
const foo=()=>{console.log(x())};
The minifier now strips empty finally clauses (#4353)

This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

... (truncated)

Commits

5e0e56d publish 0.27.1 to npm
5a89732 fix #4354: improve IIFE inlining for expressions
b940218 minify: move unused expr simplification later
c46d498 fix #4353: remove empty try/finally clauses
7a72735 fix #4348: bundler bug with var inside if
4e4e177 fix #4351: label + try + for minifier bug
d6427c9 fix: deno release url wrong comment (#4326)
48e3e19 calling Symbol.for with a primitive never throws
4ff88d0 update decorator-tests.js snapshot
1877e60 calling Symbol with a primitive will never throw
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.

Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 4.22.1 by @UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for [email protected] by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: [email protected] by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: [email protected]

Commits

12fae14 4.22.1
5ddf311 Revert "sec: security patch for CVE-2024-51999"
49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
6a23d34 deps: use tilde notation for qs (#6919)
8c12cdf deps: [email protected] (#6909)
7fea74f deps: use tilde notation for certain dependencies (#6905)
dac7a04 chore: wider range for query test skip (#6513)
997919b ci: add node.js 24 to test matrix (#6506)
36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
Additional commits viewable in compare view

Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 4.22.1 by @UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for [email protected] by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: [email protected] by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: [email protected]

Commits

12fae14 4.22.1
5ddf311 Revert "sec: security patch for CVE-2024-51999"
49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
6a23d34 deps: use tilde notation for qs (#6919)
8c12cdf deps: [email protected] (#6909)
7fea74f deps: use tilde notation for certain dependencies (#6905)
dac7a04 chore: wider range for query test skip (#6513)
997919b ci: add node.js 24 to test matrix (#6506)
36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
Additional commits viewable in compare view

Updates @koa/router from 14.0.0 to 15.0.0

Release notes

Sourced from @koa/router's releases.

v15.0.0

chore: add full migration guide to v15 91a0ce2

feat: re-writing in TS + fix all reported bugs + add all effective enhancments + rock to v15 d53e17f

Revert "Fix: Ensure .use() middleware works when path or prefix contains para…" (#204) e64b164

Fix: Ensure .use() middleware works when path or prefix contains parameters (#203) 3ca5aa6

Check the full docs here, and the full migration here!

koajs/router@v14.0.0...v15.0.0

Commits

b65d6ae v15.0.0
91a0ce2 chore: add full migration guide to v15
d53e17f feat: re-writing in TS + fix all reported bugs + add all effective enhancment...
e64b164 Revert "Fix: Ensure .use() middleware works when path or prefix contains para...
3ca5aa6 Fix: Ensure .use() middleware works when path or prefix contains parameters (...
See full diff in compare view

Maintainer changes

This version was pushed to npm by 3imed-jaberi, a new releaser for @koa/router since your current version.

Updates aws-sdk from 2.1692.0 to 2.1693.0

Release notes

Sourced from aws-sdk's releases.

Release v2.1693.0

See changelog for more information.

Commits

9d3c66e Updates SDK to v2.1693.0
c039567 test(client-elastictranscoder): remove feature test (#4711)
f5b1a6f docs: end-of-support (#4706)
657d6fe chore: use ssh private key for git sync (#4705)
c12585b chore: remove regression label management (#4699)
See full diff in compare view

Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 4.22.1 by @UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for [email protected] by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: [email protected] by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: [email protected]

Commits

12fae14 4.22.1
5ddf311 Revert "sec: security patch for CVE-2024-51999"
49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
6a23d34 deps: use tilde notation for qs (#6919)
8c12cdf deps: [email protected] (#6909)
7fea74f deps: use tilde notation for certain dependencies (#6905)
dac7a04 chore: wider range for query test skip (#6513)
997919b ci: add node.js 24 to test matrix (#6506)
36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
Additional commits viewable in compare view

Updates openai from 6.9.1 to 6.10.0

Release notes

Sourced from openai's releases.

v6.10.0

6.10.0 (2025-12-04)

Full Changelog: v6.9.1...v6.10.0

Features

api: gpt-5.1-codex-max and responses/compact (935f79e)

Chores

client: fix logger property type (fdc671f)

internal: upgrade eslint (9de0f90)

Changelog

Sourced from openai's changelog.

6.10.0 (2025-12-04)

Full Changelog: v6.9.1...v6.10.0

Features

api: gpt-5.1-codex-max and responses/compact (935f79e)

Chores

client: fix logger property type (fdc671f)

internal: upgrade eslint (9de0f90)

Commits

0732dd6 release: 6.10.0
025ca83 feat(api): gpt-5.1-codex-max and responses/compact
80b87bb chore(internal): upgrade eslint
fb42526 chore(client): fix logger property type
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

codecov · 2025-12-15T00:28:49Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.14%. Comparing base (971bdd5) to head (1a03354).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #7101   +/-   ##
=======================================
  Coverage   85.14%   85.14%           
=======================================
  Files         532      532           
  Lines       22897    22897           
=======================================
  Hits        19495    19495           
  Misses       3402     3402

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

github-actions · 2025-12-15T00:29:05Z

Overall package size

Self size: 4.41 MB
Deduped: 5.24 MB
No deduping: 5.24 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 2.0.0 | 68.46 kB | 797.03 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

pr-commenter · 2025-12-15T00:41:53Z

Benchmarks

Benchmark execution time: 2026-01-20 01:09:40

Comparing candidate commit 1a03354 in PR branch dependabot/npm_and_yarn/integration-tests/appsec/iast-esbuild-cjs/test-versions-935c7ab38e with baseline commit 971bdd5 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 229 metrics, 31 unstable metrics.

BridgeAR · 2025-12-16T14:58:17Z

@dependabot rebase

… updates Bumps the test-versions group with 1 update in the /integration-tests/appsec/iast-esbuild-cjs directory: [esbuild](https://github.com/evanw/esbuild). Bumps the test-versions group with 1 update in the /integration-tests/appsec/iast-esbuild-esm directory: [esbuild](https://github.com/evanw/esbuild). Bumps the test-versions group with 4 updates in the /integration-tests/esbuild directory: [express](https://github.com/expressjs/express), [@koa/router](https://github.com/koajs/router), [aws-sdk](https://github.com/aws/aws-sdk-js) and [openai](https://github.com/openai/openai-node). Updates `esbuild` from 0.25.12 to 0.27.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.25.12...v0.27.1) Updates `esbuild` from 0.25.12 to 0.27.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.25.12...v0.27.1) Updates `express` from 4.21.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.21.2...v4.22.1) Updates `express` from 4.21.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.21.2...v4.22.1) Updates `@koa/router` from 14.0.0 to 15.0.0 - [Release notes](https://github.com/koajs/router/releases) - [Commits](koajs/router@v14.0.0...v15.0.0) Updates `aws-sdk` from 2.1692.0 to 2.1693.0 - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Commits](aws/aws-sdk-js@v2.1692.0...v2.1693.0) Updates `express` from 4.21.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.21.2...v4.22.1) Updates `openai` from 6.9.1 to 6.10.0 - [Release notes](https://github.com/openai/openai-node/releases) - [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md) - [Commits](openai/openai-node@v6.9.1...v6.10.0) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.27.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-versions - dependency-name: esbuild dependency-version: 0.27.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-versions - dependency-name: express dependency-version: 4.22.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-versions - dependency-name: express dependency-version: 4.22.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-versions - dependency-name: "@koa/router" dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: test-versions - dependency-name: aws-sdk dependency-version: 2.1693.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-versions - dependency-name: express dependency-version: 4.22.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-versions - dependency-name: openai dependency-version: 6.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-versions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependabot dependencies javascript Pull requests that update javascript code semver-patch labels Dec 15, 2025

dependabot bot requested a review from a team as a code owner December 15, 2025 00:28

dependabot bot added the dependencies label Dec 15, 2025

dependabot bot requested a review from a team as a code owner December 15, 2025 00:28

dependabot bot added javascript Pull requests that update javascript code dependabot labels Dec 15, 2025

dependabot bot force-pushed the dependabot/npm_and_yarn/integration-tests/appsec/iast-esbuild-cjs/test-versions-935c7ab38e branch from 94d8e70 to 89034d4 Compare December 16, 2025 00:32

dependabot bot force-pushed the dependabot/npm_and_yarn/integration-tests/appsec/iast-esbuild-cjs/test-versions-935c7ab38e branch 6 times, most recently from 00e6587 to 3c42265 Compare December 23, 2025 00:25

dependabot bot force-pushed the dependabot/npm_and_yarn/integration-tests/appsec/iast-esbuild-cjs/test-versions-935c7ab38e branch 2 times, most recently from 54416d8 to 4ed3bfa Compare December 25, 2025 00:23

dependabot bot force-pushed the dependabot/npm_and_yarn/integration-tests/appsec/iast-esbuild-cjs/test-versions-935c7ab38e branch 6 times, most recently from 8f59b05 to a850e96 Compare January 9, 2026 01:06

dependabot bot force-pushed the dependabot/npm_and_yarn/integration-tests/appsec/iast-esbuild-cjs/test-versions-935c7ab38e branch 2 times, most recently from e5e443c to d0dfd41 Compare January 13, 2026 04:40

dependabot bot force-pushed the dependabot/npm_and_yarn/integration-tests/appsec/iast-esbuild-cjs/test-versions-935c7ab38e branch 4 times, most recently from 0a840f6 to c2bc598 Compare January 19, 2026 01:06

dependabot bot force-pushed the dependabot/npm_and_yarn/integration-tests/appsec/iast-esbuild-cjs/test-versions-935c7ab38e branch from c2bc598 to 1a03354 Compare January 20, 2026 00:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the test-versions group across 3 directories with 5 updates #7101

chore(deps): bump the test-versions group across 3 directories with 5 updates #7101

dependabot bot commented on behalf of github Dec 15, 2025 •

edited

Loading

Uh oh!

codecov bot commented Dec 15, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Dec 15, 2025 •

edited

Loading

Uh oh!

pr-commenter bot commented Dec 15, 2025 •

edited

Loading

Uh oh!

BridgeAR commented Dec 16, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

chore(deps): bump the test-versions group across 3 directories with 5 updates #7101

Are you sure you want to change the base?

chore(deps): bump the test-versions group across 3 directories with 5 updates #7101

Conversation

dependabot bot commented on behalf of github Dec 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.27.1

0.27.1

v0.27.1

0.27.1

v4.22.1

What's Changed

4.22.0

Important: Security

What's Changed

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

v4.22.1

What's Changed

4.22.0

Important: Security

What's Changed

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

v15.0.0

Release v2.1693.0

v4.22.1

What's Changed

4.22.0

Important: Security

What's Changed

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

v6.10.0

6.10.0 (2025-12-04)

Features

Chores

6.10.0 (2025-12-04)

Features

Chores

Uh oh!

codecov bot commented Dec 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

github-actions bot commented Dec 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Overall package size

Uh oh!

pr-commenter bot commented Dec 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmarks

Uh oh!

BridgeAR commented Dec 16, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Dec 15, 2025 •

edited

Loading

codecov bot commented Dec 15, 2025 •

edited

Loading

github-actions bot commented Dec 15, 2025 •

edited

Loading

pr-commenter bot commented Dec 15, 2025 •

edited

Loading