npm: bump the npm-deps group across 1 directory with 5 updates

[dependabot]

Bumps the npm-deps group with 5 updates in the / directory:

Package	From	To
axios	1.14.0	1.15.0
gamedig	5.2.0	5.3.2
mysql2	3.20.0	3.22.0
jsdom	29.0.1	29.0.2
prettier	3.8.1	3.8.2

Updates axios from 1.14.0 to 1.15.0

Release notes

Sourced from axios's releases.

v1.15.0

This release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.

⚠️ Important Changes

• Deprecation: url.parse() usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (#10625)

🔒 Security Fixes

• Proxy Handling: Fixed a no_proxy hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (#10661)
• Header Injection: Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (#10660)

🚀 New Features

• Runtime Support: Added compatibility checks and documentation for Deno and Bun environments. (#10652, #10653)

🔧 Maintenance & Chores

• CI Security: Hardened workflow permissions to least privilege, added the zizmor security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (#10618, #10619, #10627, #10637, #10666)
• Dependencies: Bumped serialize-javascript, handlebars, picomatch, vite, and denoland/setup-deno to latest versions. Added a 7-day Dependabot cooldown period. (#10574, #10572, #10568, #10663, #10664, #10665, #10669, #10670, #10616)
• Documentation: Unified docs, improved beforeRedirect credential leakage example, clarified withCredentials/withXSRFToken behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (#10649, #10624, #7452, #7471, #10654, #10644, #10589)
• Housekeeping: Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (#10584, #10650, #10582, #10640, #10659, #10668)
• Tests: Added regression coverage for urlencoded Content-Type casing. (#10573)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

• @​raashish1601 (#10573)
• @​Kilros0817 (#10625)
• @​ashstrc (#10624)
• @​Abhi3975 (#10589)
• @​theamodhshetty (#7452)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 772a4e5 chore(release): prepare release 1.15.0 (#10671)
• 4b07137 chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (#10663)
• 51e57b3 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (#10664)
• fba1a77 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (#10665)
• 0bf6e28 chore(deps): bump denoland/setup-deno in the github-actions group (#10669)
• 8107157 chore(deps-dev): bump the development_dependencies group with 4 updates (#10670)
• e66530e ci: require npm-publish environment for releases (#10666)
• 49f23cb chore(sponsor): update sponsor block (#10668)
• 3631854 fix: unrestricted cloud metadata exfiltration via header injection chain (#10...
• fb3befb fix: no_proxy hostname normalization bypass leads to ssrf (#10661)
• Additional commits viewable in compare view

Updates gamedig from 5.2.0 to 5.3.2

Changelog

Sourced from gamedig's changelog.

5.3.2

• Fix: detect BFBC2 Vietnam DLC as BFBC2 (By @​cetteup #713)
• Feat: SCP: Secret Laboratory (2020) - Added support (#715, thanks @​Draakoor)
• Fix: Farming Simulator handle possible missing mod attribute (By @​yellowfromseegg #723)
• Fix: BeamMP would not match on given port (#730)
• Fix: version field would sometimes be a Number type (#735)
• Feat: Squad - Replace Valve protocol with EOS protocol (By @​k3ithos #731)
• Feat: Clive Barker's Undying - Added support (By @​dgibbs64 #733)
• Chore: Update iconv-lite from 0.6.3 to 0.7.0 (#737)
• Fix: ASA - change EOS usage (#739, thanks @​mze9412)

5.3.1

• Fix: HTTP requests would end up making more retries than needed due to got's internal retry mechanism (#690, thanks @​RattleSN4K3)
• Feat: 7 Days to Die add Telnet support for missing player names (#692, thanks @​jammsen)
• Feat: 7 Days to Die get more optional Telnet data via an option (#693)
• Feat: Update OpenTTD (By @​mwkaicz #695)
• Fix: Skip non-response packets in protocol-battlefield (By @​cetteup #704)
• Fix: throwing in tcpSend onData callback would crash gamedig (#705, thanks @​cetteup)
• Fix: ignore cached ports when givenPortOnly is set (By @​cetteup #710)

5.3.0

• Docs: Arma Reforger query setup note (#670, thanks @​xCausxn)
• Fix: Grand Theft Auto V - FiveM wrap the players query in a try block as it doesn't provide the data by default anymore (#674, thanks @​xCausxn)
• Docs: Counter-Strike 2 does not provide players names, note this and a plugin workaround (#675).
• Fix: Minetest - server filtering replace missing field ip with address (By @​hjri #678)
• Docs: Arma Reforger does not provide players data (#680)
• Feat: Farming Simulator add response to raw object (#682)
• Feat: Renown (2025) - Added support (#684 By @​anthonyphysgun)
• Fix: Terraria - add missing supported maxplayers field and raw field (By @​GoodDays13 #686)
• Chore: Replace cheerio with fast-xml-parser (By @​xCausxn #683)
• Fix: Build and Shoot protocol using the new json status server (By @​xCausxn #683)
• Chore: Update long from 5.2.3 to 5.3.2 (#687)

Commits

• See full diff in compare view

Updates mysql2 from 3.20.0 to 3.22.0

Release notes

Sourced from mysql2's releases.

v3.22.0

3.22.0 (2026-04-10)

Features

• disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
• implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

Performance Improvements

• defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

v3.21.1

3.21.1 (2026-04-09)

Bug Fixes

• limit client flags to server capabilities (#4227) (e1930b8)
• use Number.isSafeInteger for supportBigNumbers boundary check (#4225) (295264b)

v3.21.0

3.21.0 (2026-04-09)

Features

• add support for query attributes (#4223) (d732f78)
• types: export ExecuteValues and QueryValues from entry point (9fafd6f)

Changelog

Sourced from mysql2's changelog.

3.22.0 (2026-04-10)

Features

• disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
• implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

Performance Improvements

• defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

3.21.1 (2026-04-09)

Bug Fixes

• limit client flags to server capabilities (#4227) (e1930b8)
• use Number.isSafeInteger for supportBigNumbers boundary check (#4225) (295264b)

3.21.0 (2026-04-09)

Features

• add support for query attributes (#4223) (d732f78)
• types: export ExecuteValues and QueryValues from entry point (9fafd6f)

Commits

• 71bcbff chore(master): release 3.22.0 (#4237)
• ab131de perf: defer Error object creation to error handlers in promise wrappers (#4257)
• bb0100b build(deps-dev): bump the website-dev-dependencies group across 1 directory w...
• 5f63557 build(deps-dev): bump the dev-dependencies group across 1 directory with 4 up...
• 0b750e0 build(deps): bump the docusaurus group in /website with 2 updates (#4249)
• 9566475 ci(dependabot): group dependency updates to reduce PR noise (#4248)
• e4f3b42 build(deps): bump the react group in /website with 2 updates (#4247)
• 53f9c9e ci(dependabot): group react and react-dom updates together (#4246)
• 49a64cc feat: implement COM_RESET_CONNECTION with pool integration (#4148)
• 884bec5 feat: disable mysql_clear_password plugin by default (#4236)
• Additional commits viewable in compare view

Updates jsdom from 29.0.1 to 29.0.2

Release notes

Sourced from jsdom's releases.

v29.0.2

• Significantly improved and sped up getComputedStyle(). Computed value rules are now applied across a broader set of properties, and include fixes related to inheritance, defaulting keywords, custom properties, and color-related values such as currentcolor and system colors. (@​asamuzaK)
• Fixed CSS 'background' and 'border' shorthand parsing. (@​asamuzaK)

Commits

• 2a1e2cd 29.0.2
• 4097d66 Resolve computed CSS values lazily in CSSStyleDeclaration
• cf5523f Add more test cases for nested color-mix with currentColor
• b33b616 Add test that getComputedStyle() works with !important
• 6bf559c Add test for custom property inheritance in computed styles
• 6817657 Fix border shorthand handling
• 470f5c5 Consolidate color helpers
• 3db53cb Fix background shorthand handlers
• 678e840 Remove some longhand property files
• d526a07 Add regression test for getComputedStyle() liveness
• See full diff in compare view

Updates prettier from 3.8.1 to 3.8.2

Release notes

Sourced from prettier's releases.

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

<!-- Input -->
@let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.1 -->
@​let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.2 -->
@​let fn = (a) => (a ? 1 : 2);
{{ fn(a instanceof b) }}

Commits

• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• 881360b Support default never in Angular v21.2 (#19034)
• 07d6724 Bump Prettier dependency to 3.8.1
• 8b4a53a Clean changelog_unreleased
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions