chore(deps): bump the patch-and-minor group across 1 directory with 20 updates by dependabot[bot] · Pull Request #3 · crysnovax/CODY

dependabot · 2026-05-16T13:32:52Z

Updates the requirements on groq-sdk, @crysnovax/baileys, deasync, ffmpeg-static, mumaker, adm-zip, js-confuser, ruhend-scraper, axios, terser, dotenv, express, fflate, jimp, mathjs, moment-timezone, openai, pdfkit, uuid and @itsliaaa/baileys to permit the latest version.
Updates groq-sdk from 1.1.2 to 1.2.0

Release notes

Sourced from groq-sdk's releases.

v1.2.0

1.2.0 (2026-05-08)

Full Changelog: v1.1.2...v1.2.0

Features

support setting headers via env (4141bb0)

Bug Fixes

ci: set NODE_AUTH_TOKEN for npm OIDC trusted publisher auth (#259) (67f676b)

Chores

format: run eslint and prettier separately (32c1a70)

internal: codegen related update (f4bca6a)

internal: codegen related update (22ebc5e)

internal: codegen related update (da82d5d)

internal: codegen related update (d8648d9)

internal: more robust bootstrap script (991fe2c)

internal: update multipart form array serialization (d0681d2)

redact api-key headers in debug logs (3640895)

tests: bump steady to v0.20.1 (4f47a2d)

tests: bump steady to v0.20.2 (ceeeeea)

tests: bump steady to v0.22.1 (59eabab)

Documentation

improve examples (d8f62df)

Changelog

Sourced from groq-sdk's changelog.

1.2.0 (2026-05-08)

Full Changelog: v1.1.2...v1.2.0

Features

support setting headers via env (4141bb0)

Bug Fixes

ci: set NODE_AUTH_TOKEN for npm OIDC trusted publisher auth (#259) (67f676b)

Chores

format: run eslint and prettier separately (32c1a70)

internal: codegen related update (f4bca6a)

internal: codegen related update (22ebc5e)

internal: codegen related update (da82d5d)

internal: codegen related update (d8648d9)

internal: more robust bootstrap script (991fe2c)

internal: update multipart form array serialization (d0681d2)

redact api-key headers in debug logs (3640895)

tests: bump steady to v0.20.1 (4f47a2d)

tests: bump steady to v0.20.2 (ceeeeea)

tests: bump steady to v0.22.1 (59eabab)

Documentation

improve examples (d8f62df)

Commits

90d2938 release: 1.2.0 (#260)
67f676b fix(ci): set NODE_AUTH_TOKEN for npm OIDC trusted publisher auth (#259)
See full diff in compare view

Updates @crysnovax/baileys to 2.5.0

Updates deasync to 0.1.31

Commits

83f4133 node 24
See full diff in compare view

Updates ffmpeg-static to 5.3.0

Commits

See full diff in compare view

Updates mumaker to 2.0.0

Commits

See full diff in compare view

Updates adm-zip from 0.5.16 to 0.5.17

Release notes

Sourced from adm-zip's releases.

v0.5.17

What's Changed

entryHeader time setter more tolerant by @thomasheritage in cthackers/adm-zip#540

Add check for local desc flag in crc check by @issacgerges in cthackers/adm-zip#543

Create only if the directory does not exist by @DennisHill in cthackers/adm-zip#557

Fix issue with absolute paths by @kwolfy in cthackers/adm-zip#559

New Contributors

@thomasheritage made their first contribution in cthackers/adm-zip#540

@issacgerges made their first contribution in cthackers/adm-zip#543

@DennisHill made their first contribution in cthackers/adm-zip#557

@kwolfy made their first contribution in cthackers/adm-zip#559

Full Changelog: cthackers/adm-zip@v0.5.16...v0.5.17

Commits

094d08c Incremented package version
23c5e1d Added readUInt64LE test
2818b03 Downgraded rimraf version to maintain node compatibility
7c77752 Fixed readUInt64LE
220f817 Updated vulnerable dependencies
c8c20fd Merge pull request #559 from kwolfy/master
840bfdf Merge pull request #557 from DennisHill/DennisHill-patch-1
fdf64a4 fix issue with absolute paths
6f0af5b Create only if the directory does not exist
1cd32f7 Merge pull request #543 from issacgerges/master
Additional commits viewable in compare view

Updates js-confuser from 2.0.0 to 2.0.1

Release notes

Sourced from js-confuser's releases.

Fixes

Fixed #167

Fixed #180

Fixed #190

The option preserveFunctionLength is now disabled by default

Improved Control Flow Flattening

Fixed implicit return bug causing incorrect return values

The switch-case transitions now are computed by other state variables

No longer lifted by nullableVoidPtr's deobfuscator - a complete CFF-in-CFF and JS-Confuser solver
// Input code:
console.log(1)
// 2.0.0
case 245:
console"log";
((c += -311), (d += 251), (e += 346));
break;
// 2.0.1
case 245:
console"log";
((c += e - -174), (d += e - -114), (e += c - 329));
break;
Added page for "Best Practices" on JS-Confuser.com. Link here

Changelog

Sourced from js-confuser's changelog.

2.0.1

Fixes

Fixed #167

Fixed #180

Fixed #190

The option preserveFunctionLength is now disabled by default

Improved Control Flow Flattening

Fixed implicit return bug causing incorrect return values

The switch-case transitions now are computed by other state variables

No longer lifted by nullableVoidPtr's deobfuscator - a complete CFF-in-CFF solver
// Input code:
console.log(1)
// 2.0.0
case 245:
console"log";
((c += -311), (d += 251), (e += 346));
break;
// 2.0.1
case 245:
console"log";
((c += e - -174), (d += e - -114), (e += c - 329));
break;

Commits

b0f9356 Add notes
bee539e Merge pull request #193 from MichaelXF/development
bd8e9f9 2.0.1
7e821fe Improve CFF's transitions to be state-dependant, fix return bug
e96fea1 Typescript Fixes
7038295 Update version
ff8a42a Fixes for Windows
1f59647 Fix #167
50e7679 Fix #190
761d16b Improve Minify: Const defined as undefined fix
Additional commits viewable in compare view

Updates ruhend-scraper to 9.0.8

Commits

See full diff in compare view

Updates axios from 1.14.0 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)

Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)

CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)

Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)

XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)

Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)

Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)

URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)

composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)

AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)

Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)

Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)

Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@hpinmetaverse (#10836)

@tommyhgunz14 (#7413)

@abhu85 (#10829)

@divyanshuraj1095 (#10853)

@sagodi97 (#10856)

@rkdfx (#10868)

@Liuwei1125 (#10866)

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (#10795)

Proxy requests now preserve user-supplied Host headers. Previously, the proxy path could overwrite a custom Host. Virtual-host-style routing through a proxy will now behave correctly. (#10822)

Basic auth credentials embedded in URLs are now URL-decoded. If you have percent-encoded credentials in a URL (e.g. https://user:p%40ss@host), the decoded value is what now goes on the wire. (#10825)

parseProtocol now strictly requires a colon in the protocol separator. Strings that loosely parsed as protocols before may no longer match. (#10729)

Deprecated unescape() replaced with modern UTF-8 encoding. Non-ASCII URL handling is now spec-correct; consumers depending on legacy unescape() quirks may see different output bytes. (#7378)

transformRequest input typing change was reverted. The typing change introduced in #10745 was reverted in #10810 after follow-up review — net behavior is unchanged from 1.15.2. (#10745, #10810)

🚀 New Features

QUERY HTTP Method: Added support for the QUERY HTTP method across adapters and type definitions. (#10802)

ECONNREFUSED Error Constant: Exposed ECONNREFUSED as a constant on AxiosError so callers can match connection-refused failures without comparing string literals (closes #6485). (#10680)

Encode Helper Export: Exported the internal encode helper from buildURL so userland param serializers can reuse the same encoding logic that axios uses internally. (#6897)

🐛 Bug Fixes

HTTP Adapter — Redirects & Headers: Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing requestDetails argument on beforeRedirect, preserved user-supplied Host headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (#10794, #10800, #6241, #10822, #10825)

HTTP Adapter — Streams & Timeouts: Preserved the partial response object on AxiosError when a stream is aborted after headers arrive, honoured the timeout option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and maxRedirects: 0. (#10708, #10819, #7149)

Fetch Adapter: Enforced maxBodyLength / maxContentLength in the fetch adapter, set the User-Agent header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a TypeError in restricted environments. (#10795, #10772, #10806, #7260)

XHR Adapter: Unsubscribed the cancelToken and AbortSignal listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (#10787)

Error Handling: Attached the parsed response to AxiosError when JSON.parse fails inside dispatchRequest, prevented settle from emitting undefined error codes, and tightened the parseProtocol regex to require a colon in the protocol separator. (#10724, #7276, #10729)

Types & Exports: Aligned the CommonJS CancelToken typings with the ESM build, fixed a compiler error caused by RawAxiosHeaders, and re-exported create from the package index. (#7414, #6389, #6460)

UTF-8 Encoding: Replaced the deprecated unescape() call with a modern UTF-8 encoding implementation. (#7378)

Misc Cleanup: Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (#10833)

🔧 Maintenance & Chores

Refactor — ES6 Modernisation: Modernised the utils module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (#10588, #7419)

Tests: Hardened the HTTP test server lifecycle to fix flaky FormData EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (#10820, #10791, #10796)

Docs: Documented paramsSerializer.encode for strict RFC 3986 query encoding, updated the parseReviver TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (#10821, #10782, #10759, #10804)

Reverted: Reverted the transformRequest input typing change from #10745 after follow-up review. (#10745, #10810)

Dependencies: Bumped actions/setup-node, the github-actions group, and postcss (in /docs) to their latest versions. (#10785, #10813, #10814)

Release: Updated changelog and packages, and prepared the 1.16.0 release. (#10790, #10834)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@singhankit001 (#10588)

@cuiweixie (#7419)

@iruizsalinas (#10787)

... (truncated)

Commits

1337d6b chore(release): prepare release 1.16.1 (#10877)
858a790 fix: remove all caches (#10882)
34adfd9 revert: "fix: support URL object as config.url input (#10866)" (#10874)
847d89b fix: support URL object as config.url input (#10866)
4094886 fix(progress): guard malformed XHR upload events (#10868)
44f0c5b chore: change sponsorship link and add Twicsy advertisement (#10869)
64e1095 chore: update PR and issue template to use h2 (#10865)
3e6b4e1 fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...
c4453ba fix: add the ability to add additional sponsors to the process sponsors scrip...
caa00a9 fix: https data in cleartext to proxy (#10858)
Additional commits viewable in compare view

Updates terser to 5.47.1

Changelog

Sourced from terser's changelog.

v5.47.1

Fix crash when using mangle.keep_fnames with destructuring

v5.47.0

Add builtins_ecma and builtins_pure options

Add Intl options to domprops (#1680)

v5.46.2

unused option: delete computed keys of concise methods and getters/setters.

Error.cause added to DOM properties list

Don't consider foo.bar and foo["bar"] to be equivalent when property mangler is enabled with keep_quoted=strict option.

v5.46.1

Fix extremely slow (seemed like a freeze) evaluate of method chains

Parse extremely large floating-point number literals as Infinity

Remove parens from comma expressions in computed property access (foo[(1, 2)])

v5.46.0

Add "observedAttributes" domprop (#1652)

More domprops (mostly Temporal related) suggested in #1652

v5.45.0

Produce void 0 instead of undefined, which is more safe

v5.44.1

fix bitwise optimization changing the result of &&, ||

switches: make sure var is extracted from a deleted default case

v5.44.0

Support using and await using declarations (#1635)

v5.43.1

Prevent niche optimizations that would move around block declarations

Add lhs_constants to CompressOptions type (#1621)

v5.43.0

Do not wrap callbacks in parentheses (wrap_func_args format option is now false by default)

Do not inline functions into for loops (for performance reasons)

v5.42.0

... (truncated)

Commits

bf949e7 5.47.1
23bb72e update changelog
1fd2134 fix crash when using mangle.keep_fnames with destructuring. Closes #1681
7cbd24d 5.47.0
b1bc6bd update changelog
be36c87 add "builtins" and "builtins_pure" options (#1651)
2d52ff3 add Intl option keys (DurationFormat, DateTimeFormat, RelativeTimeFormat) to ...
b929080 5.46.2
5a3dc6a update changelog
8a5b478 drop_unused: delete computed keys of concise methods and getters/setters. Clo...
Additional commits viewable in compare view

Updates dotenv from 17.3.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

Tighten up logs: ◇ injecting env (14) from .env (#1003)

Commits

f116f70 17.4.2
3a81612 fix visual order of faq
13f55a8 Merge branch 'skill'
4bbbf73 reorganize faq
c3da64b Merge pull request #1009 from motdotla/skill
6f743b1 update source
fc2c624 update skill
972315b Tighten up skill
2795fce reorganize faq
d5495d4 adjust skill
Additional commits viewable in compare view

Updates express from 4.22.1 to 4.22.2

Release notes

Sourced from express's releases.

v4.22.2

What's Changed

fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)

This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.

deps: qs@~6.15.1

deps: body-parser@~1.20.5

New Contributors

@suuuuuuminnnnnn made their first contribution in expressjs/express#7021

@SAY-5 made their first contribution in expressjs/express#7181

Full Changelog: expressjs/express@v4.22.1...v4.22.2

Changelog

Sourced from express's changelog.

4.22.2 / 2026-05-011

fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)

This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.

deps: qs@~6.15.1

deps: body-parser@~1.20.5

Commits

df0abc9 4.22.2
836d366 4.x update qs to 6.15.1, body-parser 1.20.5 (#7224)
8d09bfe fix: restore array parsing for req.query repeated keys (#7181)
d39e8ad deps: body-parser@~1.20.4 (#7021)
efe85d9 deps: qs@^6.14.1 (#6972)
f62378e 📝 add note to history
See full diff in compare view

Updates fflate from 0.8.2 to 0.8.3

Release notes

Sourced from fflate's releases.

v0.8.3

Fix buffer over-read for Zip64 extra fields

Support sync flushes (Z_SYNC_FLUSH in zlib)

Allows for immediate decompression of all pushed bytes

Enables DEFLATE stream concatenation

Fix zip/zipSync when using cross-realm Uint8Array

Improve Zip64 support for streamed or undersized archives

Update performance estimates in README

Fix typings for TypeScript v5.7+

Reduce memory consumption after compression stream completion

Changelog

Sourced from fflate's changelog.

0.8.3

Fix buffer over-read for Zip64 extra fields

Support sync flushes (Z_SYNC_FLUSH in zlib)

Allows for immediate decompression of all pushed bytes

Enables DEFLATE stream concatenation

Fix zip/zipSync when using cross-realm Uint8Array

Improve Zip64 support for streamed or undersized archives

Update performance estimates in README

Fix typings for TypeScript v5.7+

Reduce memory consumption after compression stream completion

Commits

dcb3714 0.8.3
31acfb8 prepare for v0.8.3
7b71e3c update dependencies
44ff62d fix zip64 header parsing
7235df5 Fix TypeScript issues (#242)
a44eda0 release compression buffers after stream end (#213)
d94deb6 allow cross-realm Uint8Array for zip/zipSync (#234)
2e1fb75 export package.json (#244)
0f430b4 support sync flushes for compression streams (#222)
4b7a6cb skip transferring pooled Node buffers (#227)
Additional commits viewable in compare view

Updates jimp from 1.6.0 to 1.6.1

Release notes

Sourced from jimp's releases.

v1.6.1

🎉 This release contains work from new contributors! 🎉

Thanks for all your work!

❤️ Denys Kashkovskyi (@Kashkovsky)

❤️ Viki (@vikiboss)

🐛 Bug Fix

fix docs imports (@hipstersmoothie)

@jimp/core, @jimp/plugin-quantize, @jimp/wasm-avif, @jimp/wasm-jpeg, @jimp/wasm-png, @jimp/wasm-webp

Update file-type from ^16 to ^21.3.3 in @jimp/core #1400 (@Kashkovsky @hipstersmoothie)

⚠️ Pushed to main

@jimp/core

Doc updates (closes #1342) (@hipstersmoothie)

📝 Documentation

docs: correct GitHub repo link #1340 (@vikiboss)

Authors: 3

Andrew Lisowski (@hipstersmoothie)

Denys Kashkovskyi (@Kashkovsky)

Viki (@vikiboss)

Changelog

Sourced from jimp's changelog.

v1.6.1 (Tue Apr 07 2026)

🎉 This release contains work from new contributors! 🎉

Thanks for all your work!

❤️ Denys Kashkovskyi (@Kashkovsky)

❤️ Viki (@vikiboss)

🐛 Bug Fix

fix docs imports (@hipstersmoothie)

@jimp/core, @jimp/plugin-quantize, @jimp/wasm-avif, @jimp/wasm-jpeg, @jimp/wasm-png, @jimp/wasm-webp

Update file-type from ^16 to ^21.3.3 in @jimp/core #1400 (@Kashkovsky @hipstersmoothie)

⚠️ Pushed to main

@jimp/core

Doc updates (closes #1342) (@hipstersmoothie)

📝 Documentation

docs: correct GitHub repo link #1340 (@vikiboss)

Authors: 3

Andrew Lisowski (@hipstersmoothie)

Denys Kashkovskyi (@Kashkovsky)

Viki (@vikiboss)

v1.5.0 (Mon Sep 09 2024)

Release Notes

Add support for image decoder options (#1336)

Can now have options for the underlying image codecs

🚀 Enhancement

@jimp/core, @jimp/types, @jimp/js-bmp, @jimp/js-jpeg, @jimp/js-png

Add support for image decoder options #1336 (@hipstersmoothie)

... (truncated)

Commits

7e6a956 Bump version to: v1.6.1 [skip ci]
cf9ed93 Update contributors [skip ci]
7851672 Update CHANGELOG.md [skip ci]
e1bfa93 Update file-type from ^16 to ^21.3.3 in @jimp/core (#1400)
b6b0e41 fix docs imports
c943994 docs: correct GitHub repo link (#1340)
f3e6b9e Doc updates (closes #1342)
See full diff in compare view

Updates mathjs from 15.1.1 to 15.2.0

Changelog

Sourced from mathjs's changelog.

unpublished changes since 15.2.0

Docs: fix the browser example rocket_trajectory_optimization.html (#3654). Thanks @dvd101x.

2026-04-07, 15.2.0

Feat: Add amp-hour charge unit Ah (#3617). Thanks @adrfantini.

Feat: #3595 implement num and den functions returning the parts of a fraction (#3605). Thanks @AnslemHack.

Fix: Provide TypeScript types for [and/or]TransformDependencies (#3639). Thanks @NilsDietrich.

Fix: two security vulnerabilities that allowed executing arbitrary JavaScript via the expression parser. Thanks @CykuTW for finding and reporting them.

Commits

fee4561 chore: publish v15.2.0
139dcab chore: update history
0aee2f6 fix: two security vulnerabilities allowing execution of arbitrary JavaScript ...
f7c10b1 feat: Fraction numerator and denominator helper functions (#3605)
2066220 feat: Add Ah charge unit (#3617)
685da0f chore: Add andTransformDependencies and orTransformDependencies to index.d.ts...
8fe12e5 docs: update links to TestMu AI
See full diff in compare view

Updates moment-timezone from 0.5.48 to 0.6.2

Release notes

Sourced from moment-timezone's releases.

Release 0.6.2

Updated data to IANA TZDB 2026b. #1145

Release 0.6.1

Updated data to IANA TZDB 2026a. #1140

NOTE: This release does not include recently-announced DST changes for British Columbia, Canada. Those changes will likely be in 2026b.

Release 0.6.0

Fixed and updated TypeScript definitions. #1132

Updated types to more accurately match th...
Description has been truncated

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot · 2026-05-16T13:32:52Z

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

…0 updates Updates the requirements on [groq-sdk](https://github.com/groq/groq-typescript), [@crysnovax/baileys](https://web.crysnovax.link), [deasync](https://github.com/abbr/deasync), [ffmpeg-static](https://github.com/eugeneware/ffmpeg-static), [mumaker](https://github.com/mumaker/mumaker), [adm-zip](https://github.com/cthackers/adm-zip), [js-confuser](https://github.com/MichaelXF/js-confuser), [ruhend-scraper](https://github.com/ruhend2001/maleficent), [axios](https://github.com/axios/axios), [terser](https://github.com/terser/terser), [dotenv](https://github.com/motdotla/dotenv), [express](https://github.com/expressjs/express), [fflate](https://github.com/101arrowz/fflate), [jimp](https://github.com/jimp-dev/jimp), [mathjs](https://github.com/josdejong/mathjs), [moment-timezone](https://github.com/moment/moment-timezone), [openai](https://github.com/openai/openai-node), [pdfkit](https://github.com/foliojs/pdfkit), [uuid](https://github.com/uuidjs/uuid) and [@itsliaaa/baileys](https://github.com/itsliaaa/baileys) to permit the latest version. Updates `groq-sdk` from 1.1.2 to 1.2.0 - [Release notes](https://github.com/groq/groq-typescript/releases) - [Changelog](https://github.com/groq/groq-typescript/blob/main/CHANGELOG.md) - [Commits](groq/groq-typescript@v1.1.2...v1.2.0) Updates `@crysnovax/baileys` to 2.5.0 Updates `deasync` to 0.1.31 - [Release notes](https://github.com/abbr/deasync/releases) - [Commits](abbr/deasync@v0.1.30...v0.1.31) Updates `ffmpeg-static` to 5.3.0 - [Release notes](https://github.com/eugeneware/ffmpeg-static/releases) - [Commits](eugeneware/ffmpeg-static@5.3.0...5.3.0) Updates `mumaker` to 2.0.0 - [Commits](https://github.com/mumaker/mumaker/commits) Updates `adm-zip` from 0.5.16 to 0.5.17 - [Release notes](https://github.com/cthackers/adm-zip/releases) - [Changelog](https://github.com/cthackers/adm-zip/blob/master/history.md) - [Commits](cthackers/adm-zip@v0.5.16...v0.5.17) Updates `js-confuser` from 2.0.0 to 2.0.1 - [Release notes](https://github.com/MichaelXF/js-confuser/releases) - [Changelog](https://github.com/MichaelXF/js-confuser/blob/master/CHANGELOG.md) - [Commits](MichaelXF/js-confuser@2.0.0...2.0.1) Updates `ruhend-scraper` to 9.0.8 - [Commits](https://github.com/ruhend2001/maleficent/commits) Updates `axios` from 1.14.0 to 1.16.1 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.14.0...v1.16.1) Updates `terser` to 5.47.1 - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](terser/terser@v5.46.1...v5.47.1) Updates `dotenv` from 17.3.1 to 17.4.2 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.3.1...v17.4.2) Updates `express` from 4.22.1 to 4.22.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.2/History.md) - [Commits](expressjs/express@v4.22.1...v4.22.2) Updates `fflate` from 0.8.2 to 0.8.3 - [Release notes](https://github.com/101arrowz/fflate/releases) - [Changelog](https://github.com/101arrowz/fflate/blob/master/CHANGELOG.md) - [Commits](101arrowz/fflate@v0.8.2...v0.8.3) Updates `jimp` from 1.6.0 to 1.6.1 - [Release notes](https://github.com/jimp-dev/jimp/releases) - [Changelog](https://github.com/jimp-dev/jimp/blob/v1.6.1/CHANGELOG.md) - [Commits](jimp-dev/jimp@v1.6.0...v1.6.1) Updates `mathjs` from 15.1.1 to 15.2.0 - [Changelog](https://github.com/josdejong/mathjs/blob/develop/HISTORY.md) - [Commits](josdejong/mathjs@v15.1.1...v15.2.0) Updates `moment-timezone` from 0.5.48 to 0.6.2 - [Release notes](https://github.com/moment/moment-timezone/releases) - [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md) - [Commits](moment/moment-timezone@0.5.48...0.6.2) Updates `openai` from 6.33.0 to 6.38.0 - [Release notes](https://github.com/openai/openai-node/releases) - [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md) - [Commits](openai/openai-node@v6.33.0...v6.38.0) Updates `pdfkit` from 0.17.2 to 0.18.0 - [Release notes](https://github.com/foliojs/pdfkit/releases) - [Changelog](https://github.com/foliojs/pdfkit/blob/master/CHANGELOG.md) - [Commits](foliojs/pdfkit@v0.17.2...v0.18.0) Updates `uuid` from 13.0.0 to 13.0.2 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/v13.0.2/CHANGELOG.md) - [Commits](uuidjs/uuid@v13.0.0...v13.0.2) Updates `@itsliaaa/baileys` from 0.1.15 to 0.3.6 - [Commits](https://github.com/itsliaaa/baileys/commits) --- updated-dependencies: - dependency-name: "@crysnovax/baileys" dependency-version: 2.5.0 dependency-type: direct:production dependency-group: patch-and-minor - dependency-name: "@itsliaaa/baileys" dependency-version: 0.3.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-and-minor - dependency-name: adm-zip dependency-version: 0.5.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-and-minor - dependency-name: axios dependency-version: 1.16.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-and-minor - dependency-name: deasync dependency-version: 0.1.31 dependency-type: direct:production dependency-group: patch-and-minor - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-and-minor - dependency-name: express dependency-version: 4.22.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-and-minor - dependency-name: fflate dependency-version: 0.8.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-and-minor - dependency-name: ffmpeg-static dependency-version: 5.3.0 dependency-type: direct:production dependency-group: patch-and-minor - dependency-name: groq-sdk dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-and-minor - dependency-name: jimp dependency-version: 1.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-and-minor - dependency-name: js-confuser dependency-version: 2.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-and-minor - dependency-name: mathjs dependency-version: 15.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-and-minor - dependency-name: moment-timezone dependency-version: 0.6.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-and-minor - dependency-name: mumaker dependency-version: 2.0.0 dependency-type: direct:production dependency-group: patch-and-minor - dependency-name: openai dependency-version: 6.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-and-minor - dependency-name: pdfkit dependency-version: 0.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-and-minor - dependency-name: ruhend-scraper dependency-version: 9.0.8 dependency-type: direct:production dependency-group: patch-and-minor - dependency-name: terser dependency-version: 5.47.1 dependency-type: direct:production dependency-group: patch-and-minor - dependency-name: uuid dependency-version: 13.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-and-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-20T19:20:32Z