deps: bump the production-dependencies group across 1 directory with 33 updates

[dependabot]

Bumps the production-dependencies group with 8 updates in the / directory:

Package	From	To
figlet	1.5.2	1.11.0
eslint-plugin-import	2.29.1	2.32.0
axios	1.8.4	1.15.1
jsonwebtoken	9.0.0	9.0.3
lodash	4.17.21	4.18.1
rimraf	6.0.1	6.1.3
redis	5.11.0	5.12.1
winston	3.13.1	3.19.0

Updates figlet from 1.5.2 to 1.11.0

Release notes

Sourced from figlet's releases.

v1.11.0

Added Future Thin and Future Smooth fonts.

v1.10.0

• Added the fonts: Classy, Coder Mini, and Font Font.
• Renamed "ANSI-Compact" to "ANSI Compact" (with backward compatibility).
• Fixed the "U" characters in the "Isometric 4" font.

v1.9.4

• Added the ANSI-Compact font
• Some adjustments for older versions of Node (patorjk/figlet.js#146)

v1.9.3

• Type fix for figlet module base call (when calling figlet as shorthand for figlet.text)

v1.9.2

• Fixed types for TypeScript when run with Node.js.

v1.9.1

Wrapped the structuredClone call in an if statement for older versions of node.

v1.9.0

• Refactored library to use TypeScript and to use modern tooling (instead of grunt, this project now uses vite).
• Ensured support for both ES modules and CommonJS modules.
• Added support for Toilet fonts:
  • ASCII 12
  • ASCII 9
  • Big ASCII 12
  • Big ASCII 9
  • Big Mono 12
  • Big Mono 9
  • Circle
  • Emboss
  • Emboss 2
  • Future
  • Letter
  • Mono 12
  • Mono 9
  • Pagga
  • Rebel
  • Small ASCII 12
  • Small ASCII 9
  • Small Block
  • Small Mono 12
  • Small Mono 9
  • Tmplr
  • WideTerm
• Added these other new fonts:
  • Babyface Lame
  • Babyface Leet

... (truncated)

Commits

• 58f240c Update README.md typo
• 3c703d4 1.11.0
• 72e5759 remove blank line
• c3af4a3 adjustments
• c75c510 Updated README
• bd5cefd Merge pull request #151 from patorjk/dependabot/npm_and_yarn/rollup-4.59.0
• 640fd85 Merge pull request #148 from patorjk/dependabot/npm_and_yarn/lodash-4.17.23
• 5edfa4e Bump rollup from 4.46.2 to 4.59.0
• e055a07 Merge pull request #150 from twocaretcat/feat/add-future-thin-font
• 3959e79 Merge branch 'main' into feat/add-future-thin-font
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates eslint-plugin-import from 2.29.1 to 2.32.0

Release notes

Sourced from eslint-plugin-import's releases.

v2.32.0

Added

• add enforce-node-protocol-usage rule and import/node-version setting (#3024, thanks [@​GoldStrikeArch] and [@​sevenc-nanashi])
• add TypeScript types (#3097, thanks [@​G-Rath])
• extensions: add `pathGroupOverrides to allow enforcement decision overrides based on specifier (#3105, thanks [@​Xunnamius])
• [order]: add sortTypesGroup option to allow intragroup sorting of type-only imports (#3104, thanks [@​Xunnamius])
• [order]: add newlines-between-types option to control intragroup sorting of type-only imports (#3127, thanks [@​Xunnamius])
• [order]: add consolidateIslands option to collapse excess spacing for aesthetically pleasing imports (#3129, thanks [@​Xunnamius])

Fixed

• [no-unused-modules]: provide more meaningful error message when no .eslintrc is present (#3116, thanks [@​michaelfaith])
• configs: added missing name attribute for eslint config inspector (#3151, thanks [@​NishargShah])
• [order]: ensure arcane imports do not cause undefined behavior (#3128, thanks [@​Xunnamius])
• [order]: resolve undefined property access issue when using named ordering (#3166, thanks [@​Xunnamius])
• enforce-node-protocol-usage: avoid a crash with some TS code (#3173, thanks [@​ljharb])
• [order]: codify invariants from docs into config schema (#3152, thanks [@​Xunnamius])

Changed

• [Docs] extensions, [order]: improve documentation (#3106, thanks [@​Xunnamius])
• [Docs] add flat config guide for using tseslint.config() (#3125, thanks [@​lnuvy])
• [Docs] add missing comma (#3122, thanks [@​RyanGst])
• [readme] Update flatConfig example to include typescript config (#3138, thanks [@​intellix])
• [Refactor] [order]: remove unnecessary negative check (#3167, thanks [@​JounQin])
• [Docs] [no-unused-modules]: add missing double quote (#3191, thanks [@​albertpastrana])
• [Docs] no-restricted-paths: clarify wording and fix errors (#3172, thanks [@​greim])

... (truncated)

Changelog

Sourced from eslint-plugin-import's changelog.

[2.32.0] - 2025-06-20

Added

• add [enforce-node-protocol-usage] rule and import/node-version setting (#3024, thanks [@​GoldStrikeArch] and [@​sevenc-nanashi])
• add TypeScript types (#3097, thanks [@​G-Rath])
• [extensions]: add `pathGroupOverrides to allow enforcement decision overrides based on specifier (#3105, thanks [@​Xunnamius])
• [order]: add sortTypesGroup option to allow intragroup sorting of type-only imports (#3104, thanks [@​Xunnamius])
• [order]: add newlines-between-types option to control intragroup sorting of type-only imports (#3127, thanks [@​Xunnamius])
• [order]: add consolidateIslands option to collapse excess spacing for aesthetically pleasing imports (#3129, thanks [@​Xunnamius])

Fixed

• [no-unused-modules]: provide more meaningful error message when no .eslintrc is present (#3116, thanks [@​michaelfaith])
• configs: added missing name attribute for eslint config inspector (#3151, thanks [@​NishargShah])
• [order]: ensure arcane imports do not cause undefined behavior (#3128, thanks [@​Xunnamius])
• [order]: resolve undefined property access issue when using named ordering (#3166, thanks [@​Xunnamius])
• [enforce-node-protocol-usage]: avoid a crash with some TS code (#3173, thanks [@​ljharb])
• [order]: codify invariants from docs into config schema (#3152, thanks [@​Xunnamius])

Changed

• [Docs] [extensions], [order]: improve documentation (#3106, thanks [@​Xunnamius])
• [Docs] add flat config guide for using tseslint.config() (#3125, thanks [@​lnuvy])
• [Docs] add missing comma (#3122, thanks [@​RyanGst])
• [readme] Update flatConfig example to include typescript config (#3138, thanks [@​intellix])
• [Refactor] [order]: remove unnecessary negative check (#3167, thanks [@​JounQin])
• [Docs] [no-unused-modules]: add missing double quote (#3191, thanks [@​albertpastrana])
• [Docs] no-restricted-paths: clarify wording and fix errors (#3172, thanks [@​greim])

[2.31.0] - 2024-10-03

Added

• support eslint v9 (#2996, thanks [@​G-Rath] [@​michaelfaith])
• [order]: allow validating named imports (#3043, thanks [@​manuth])
• [extensions]: add the checkTypeImports option (#2817, thanks [@​phryneas])

Fixed

• ExportMap / flat config: include languageOptions in context (#3052, thanks [@​michaelfaith])
• [no-named-as-default]: Allow using an identifier if the export is both a named and a default export (#3032, thanks [@​akwodkiewicz])
• [export]: False positive for exported overloaded functions in TS (#3065, thanks [@​liuxingbaoyu])
• exportMap: export map cache is tainted by unreliable parse results (#3062, thanks [@​michaelfaith])
• exportMap: improve cacheKey when using flat config (#3072, thanks [@​michaelfaith])
• adjust "is source type module" checks for flat config (#2996, thanks [@​G-Rath])

Changed

• [Docs] [no-relative-packages]: fix typo (#3066, thanks [@​joshuaobrien])
• [Performance] [no-cycle]: dont scc for each linted file (#3068, thanks [@​soryy708])
• [Docs] [no-cycle]: add disableScc to docs (#3070, thanks [@​soryy708])
• [Tests] use re-exported RuleTester (#3071, thanks [@​G-Rath])
• [Docs] [no-restricted-paths]: fix grammar (#3073, thanks [@​unbeauvoyage])
• [Tests] [no-default-export], [no-named-export]: add test case (thanks [@​G-Rath])

... (truncated)

Commits

• 01c9eb0 v2.32.0
• ae57cc1 [Deps] update array-includes, array.prototype.findlastindex, `eslint-modu...
• 9e1ad6b [Fix] order: codify invariants from docs into config schema
• f017790 [Docs] no-restricted-paths: clarify wording and fix errors
• 7d83a57 [Docs] no-unused-modules: add missing double quote
• 519eb94 [utils] v2.12.1
• 71ad145 [actions] split out tests into new vs old eslint
• 9b096c4 [utils] [dev deps] update @arethetypeswrong/cli, @ljharb/tsconfig, `@type...
• da5f6ec [Fix] enforce-node-protocol-usage: avoid a crash with some TS code
• 6e49a58 [Refactor] order: remove unnecessary negative check
• Additional commits viewable in compare view

Updates axios from 1.8.4 to 1.15.1

Release notes

Sourced from axios's releases.

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

• Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)
• CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)
• Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)
• withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)
• maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)
• Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)
• Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

• AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)
• Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

• FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)
• HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)
• Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)
• Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)
• buildFullPath: Uses strict equality in the base/relative URL check. (#7252)
• AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)
• Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)
• Docs Artefact Cleanup: Removes the docs content that was incorrectly committed. (#10727)

🔧 Maintenance & Chores

• Threat Model & Security Docs: Ongoing refinement of THREATMODEL.md, including Hopper security update, TLS and tag-replay wording, mitigation descriptions, decompression-bomb guidance, and further cleanup. (#10672, #10715, #10718, #10722, #10763, #10765)
• Test Coverage & Migration: Expanded shouldBypassProxy coverage for wildcard/IPv6/edge cases, documented and tested AxiosError.status, and migrated progressEventReducer tests to Vitest. (#10723, #10725, #10741)
• Type Refactor: Uses TypeScript utility types to deduplicate literal unions. (#7520)
• Repo & CI: Adds CODEOWNERS, switches v1.x releases to an ephemeral release branch, and removes orphaned Bower support. (#10739, #10738, #10746)
• Changelog Backfill: Added missing version entries to the changelog. (#10704)
• Dependencies: Bumped follow-redirects (1.15.11 → 1.16.0) in root and docs, axios (1.14.0 → 1.15.0) in docs, and a group of 5 development dependencies. (#10717, #10716, #10684, #10709)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​curiouscoder-cmd (#7252)
• @​tryonelove (#7520)
• @​darwin808 (#7314)
• @​zoontek (#10702)
• @​AKIB473 (#10725)

Full Changelog

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.15.0 — April 7, 2026

This release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.

🔒 Security Fixes

• Header Injection (CRLF): Rejects any header value containing \r or \n characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw "Invalid character in header content". (#10660)

• SSRF via no_proxy Bypass: Introduces a shouldBypassProxy helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating no_proxy/NO_PROXY rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (#10661)

🚀 New Features

• Deno & Bun Runtime Support: Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (#10652)

🐛 Bug Fixes

• Node.js v22 Compatibility: Replaced deprecated url.parse() calls with the WHATWG URL/URLSearchParams API across examples, sandbox, and tests, eliminating DEP0169 deprecation warnings on Node.js v22+. (#10625)

🔧 Maintenance & Chores

• CI Security Hardening: Added zizmor GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived NODE_AUTH_TOKEN); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated npm-publish environment; and blocked the sponsor-block workflow from running on forks. (#10618, #10619, #10627, #10637, #10641, #10666)

• Docs: Clarified HTTP/2 support and the unsupported httpVersion option; added documentation for header case preservation; improved the beforeRedirect example to prevent accidental credential leakage. (#10644, #10654, #10624)

• Dependencies: Bumped picomatch, handlebars, serialize-javascript, vite (×3), denoland/setup-deno, and 4 additional dev dependencies to latest versions. (#10564, #10565, #10567, #10568, #10572, #10574, #10663, #10664, #10665, #10669, #10670)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​Kilros0817 (#10625)
• @​shaanmajid (#10616, #10617, #10618, #10619, #10637, #10641, #10666)
• @​ashstrc (#10624, #10644)
• @​Abhi3975 (#10589)
• @​raashish1601 (#10573)

Full Changelog

---

v1.14.0 — March 27, 2026

This release fixes a security vulnerability in the formidable dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.

🔒 Security Fixes

• Formidable Vulnerability: Upgraded formidable from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (#7533)

... (truncated)

Commits

• ac42446 chore(release): prepare release 1.15.1 (#10767)
• 908f220 docs: update threatmodel (#10765)
• f93f815 docs: added docs around potential decompressions bomb (#10763)
• 1728aa1 fix: short-circuits on any truthy non-boolean in withXSRFToken (#10762)
• 42eb721 fix: replace in with has own prop util (#10761)
• 7587327 fix: strip crlf correctly (#10758)
• f0b9867 chore: added additional testing for this issue (#10760)
• e033f24 fix: incomplete fix for cve (#10755)
• e8904af fix: stream response bypassed max content length (#10754)
• 1c7f6d7 fix: enforce max body length when max redirects is 0 (#10753)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates jsonwebtoken from 9.0.0 to 9.0.3

Changelog

Sourced from jsonwebtoken's changelog.

9.0.3 - 2025-12-04

• updates jws version to 4.0.1.

9.0.2 - 2023-08-30

• security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
• refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

• fix(stubs): allow decode method to be stubbed

Commits

• ed59e76 chore: bump jws to 4.0.1 (#1007)
• bc28861 Release 9.0.2 (#935)
• 96b8906 refactor: use specific lodash packages (#933)
• ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
• 84539b2 Updating package version to 9.0.1 (#920)
• a99fd4b fix(stubs): allow decode method to be stubbed (#876)
• See full diff in compare view

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

• lodash: lodash/lodash@4.18.0-npm...4.18.1-npm
• lodash-es: lodash/lodash@4.18.0-es...4.18.1-es
• lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd
• lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

• Add security notice for _.template in threat model and API docs (#6099)
• Document lower > upper behavior in _.random (#6115)
• Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

• lodash.orderby
• lodash.tonumber
• lodash.trim
• lodash.trimend
• lodash.sortedindexby
• lodash.zipobjectdeep
• lodash.unset
• lodash.omit
• lodash.template

Commits

• cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
• 75535f5 chore: prune stale advisory refs (#6170)
• 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
• 59be2de release(minor): bump to 4.18.0 (#6161)
• af63457 fix: broken tests for _.template 879aaa9
• 1073a76 fix: linting issues
• 879aaa9 fix: validate imports keys in _.template
• fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
• 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
• b819080 ci: add dist sync validation workflow (#6137)
• Additional commits viewable in compare view

Updates rimraf from 6.0.1 to 6.1.3

Changelog

Sourced from rimraf's changelog.

6.1

• Move to native fs/promises usage instead of promisifying manually.

6.0

• Drop support for nodes before v20
• Add --version to CLI

5.0

• No default export, only named exports

4.4

• Provide Dirent or Stats object as second argument to filter

4.3

• Return boolean indicating whether the path was fully removed
• Add filter option
• bin: add --verbose, -v to print files as they are deleted
• bin: add --no-verbose, -V to not print files as they are deleted
• bin: add -i --interactive to be prompted on each deletion
• bin: add -I --no-interactive to not be prompted on each deletion
• 4.3.1 Fixed inappropriately following symbolic links to directories

v4.2

• Brought back glob support, using the new and improved glob v9

v4.1

• Improved hybrid module with no need to look at the .default dangly bit. .default preserved as a reference to rimraf for compatibility with anyone who came to rely on it in v4.0.
• Accept and ignore -rf and -fr arguments to the bin.

v4.0

• Remove glob dependency entirely. This library now only accepts actual file and folder names to delete.
• Accept array of paths or single path.
• Windows performance and reliability improved.
• All strategies separated into explicitly exported methods.
• Drop support for Node.js below version 14
• rewrite in TypeScript

... (truncated)

Commits

• f738c78 6.1.3
• a164a85 update deps
• 4635ba7 update deps
• 509c53f limit ci workflow permissions
• 68ce04f formatting
• 37680c5 add warning to not pass untrusted input to this method ever
• 786563d remove contributing doc, already covered by .github repo
• dbeef73 contributing
• 84d27af update workflows and standard project junk
• cd45498 6.1.2
• Additional commits viewable in compare view

Updates redis from 5.11.0 to 5.12.1

Release notes

Sourced from redis's releases.

redis@5.12.0

✨ What's Changed

🚀 Features

• feat: expose sendCommand on multi for all clients by @​nkaradzhov in redis/node-redis#3181
• feat(sentinel): add sSubscribe/sUnsubscribe methods to Sentinel client by @​nkaradzhov in redis/node-redis#3178

🐛 Fixes

• fix(search): correct INDEXMISSING placement by @​nkaradzhov in redis/node-redis#3179
• Pool fixes by @​nkaradzhov in redis/node-redis#3182
• fix(search): use @redis/client dist imports in CREATE command by @​PavelPashov in redis/node-redis#3187
• fix(sentinel): preserve root seeds for outage recovery by @​nkaradzhov in redis/node-redis#3188
• fix: fallthrough bug in transformDoubleReply by @​rhymincymon in redis/node-redis#3213

🔭 Observability (OTEL + Diagnostics)

Node Redis now ships with first-class observability via OpenTelemetry metrics and Node.js diagnostics_channel. Initialize OpenTelemetry before creating clients (OpenTelemetry.init({ metrics: { enabled: true } })) and you can plug Redis client telemetry into your existing OTel SDK/exporter pipeline.

This enables visibility into command latency, connection lifecycle, resiliency/errors, Pub/Sub traffic, streaming behavior, and client-side caching activity. On top of metrics, diagnostics channels provide a more abstract, higher-level way to track runtime behavior through low-overhead event streams (commands, batches, connection events, maintenance notifications, pub/sub, cache, and pool wait timing), so APM tools or custom subscribers can observe the system without changing application code.

• add OpenTelemetry metrics instrumentation by @​PavelPashov in redis/node-redis#3110
• feat: implement diagnostic channels for observability by @​logaretm in redis/node-redis#3195

🧪 Tests & CI

• test(scho oss): add smigrating checks for new connections by @​nkaradzhov in redis/node-redis#3186
• Add self-report metrics step to CI workflow by @​bobymicroby in redis/node-redis#3199
• Add run tests action by @​dariaguy in redis/node-redis#3221

📚 Docs

• improve sentinel docs by @​cutiepoka in redis/node-redis#3189
• docs: clarify DUMP/RESTORE binary payload usage by @​nkaradzhov in redis/node-redis#3201
• fix(docs): configure typedoc entry points for monorepo by @​nkaradzhov in redis/node-redis#3220

🙌 New Contributors

• @​cutiepoka made their first contribution in redis/node-redis#3189
• @​rhymincymon made their first contribution in redis/node-redis#3213
• @​logaretm made their first contribution in redis/node-redis#3195
• @​dariaguy made their first contribution in redis/node-redis#3221

Full Changelog: https://github.com/redis/node-redis/compare/redis@5.11.0...redis@5.12.0

Commits

• 5cdad1b Release redis@5.12.1
• 6a44726 Release entraid@5.12.1
• 9f930f9 Release time-series@5.12.1
• de70920 Release search@5.12.1
• 9e7767c Release json@5.12.1
• 02cfd5a Release bloom@5.12.1
• 838c28d Release client@5.12.1
• 789d6d5 fix: decouple OTel public types from @​opentelemetry/api (#3228)
• 07aff33 Release redis@5.12.0
• b91d88f Release entraid@5.12.0
• Additional commits viewable in compare view

Updates winston from 3.13.1 to 3.19.0

Release notes

Sourced from winston's releases.

v3.19.0

• Run npm audit fix e7ccdc4
• Don&#39;t include jest.config.js in npm package 5a63c8c
• fix: append error cause when using logger.child() (#2467) e74a7ae
• Bump rimraf from 5.0.1 to 5.0.10 (#2517) 8a956fd
• fix: ensure File transport flushes all data before emitting finish (#2594) 86c890f
• Bump actions/setup-node from 4 to 6 (#2589) 3b8be02
• Bump @​babel/core from 7.28.0 to 7.28.5 (#2591) f4c3e2c
• Bump actions/checkout from 4 to 6 (#2593) dd7906e
• chore: migrate test runner from mocha to jest (#2567) 2e9eb18

---

winstonjs/winston@v3.18.3...v3.19.0

v3.18.3

• Update diagnostics dependency (removes fix-esm transitive dependency) a15a9e9

---

[dependabot]

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.