Bump the api-deps group across 1 directory with 5 updates

[dependabot]

Bumps the api-deps group with 5 updates in the /api directory:

Package	From	To
express-rate-limit	8.2.1	8.3.0
mysql2	3.16.1	3.19.0
otplib	13.1.1	13.3.0
@eslint/js	9.39.2	10.0.1
eslint	9.39.2	10.0.2

Updates express-rate-limit from 8.2.1 to 8.3.0

Release notes

Sourced from express-rate-limit's releases.

v8.3.0

You can view the changelog here.

Commits

• 9c90752 ci: setup oidc connect with npm for automatatic publish
• e4477fa 8.3.0
• 06d7340 docs: add changelog for 8.3.0
• 14e5388 fix: handle ipv4 mapped to ipv6 (GHSA-46wh-pxpv-q5gq)
• 2767a95 chore(deps-dev): bump the development-dependencies group across 1 directory w...
• f400c7f chore(deps-dev): bump the development-dependencies group with 2 updates (#603)
• 4e4884c chore(deps-dev): bump the development-dependencies group across 1 directory w...
• fadbccb formatting
• 7b57b95 biome migration
• 88a1f7f docs: typo fix
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by gamemaker1, a new releaser for express-rate-limit since your current version.

Attestation changes

This version has no provenance attestation, while the previous version (8.2.1) was attested. Review the package versions before updating.

Updates mysql2 from 3.16.1 to 3.19.0

Release notes

Sourced from mysql2's releases.

v3.19.0

3.19.0 (2026-03-05)

Features

• use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

• fix precision loss for large decimal values (#4135) (099beea)

v3.18.2

3.18.2 (2026-02-26)

Bug Fixes

• types: add supportBigNumbers, bigNumberStrings, dateStrings, and timezone options to QueryOptions (#4127) (b274e72)
• types: extend QueryValues to callback-based methods (#4129) (2ad5f0b)
• types: improve ExecuteValues "nested" params (#4133) (3f94950)
• types: support Raw and Uint8Array params (#4132) (bde9aec)

v3.18.1

3.18.1 (2026-02-25)

Bug Fixes

• types: ensure optional params in query and execute methods (#4123) (3f4bbca)

v3.18.0

3.18.0 (2026-02-23)

Features

• add Symbol.dispose and Symbol.asyncDispose support for Connections, Pools, and Pool Clusters (#4112) (1e612dc)

v3.17.5

3.17.5 (2026-02-23)

Bug Fixes

• add missing charset encoding for UTF8MB4_0900_BIN (#3855) (c9a0dcd)
• fix wrong length number write to packet (#3177) (0e06e02)
• pool: resolve potential memory leak (#4111) (8aa2052)
• deps: include @types/node as a peer dependency (#4108) (5f8ac97)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.19.0 (2026-03-05)

Features

• use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

• fix precision loss for large decimal values (#4135) (099beea)

3.18.2 (2026-02-26)

Bug Fixes

• types: add supportBigNumbers, bigNumberStrings, dateStrings, and timezone options to QueryOptions (#4127) (b274e72)
• types: extend QueryValues to callback-based methods (#4129) (2ad5f0b)
• types: improve ExecuteValues "nested" params (#4133) (3f94950)
• types: support Raw and Uint8Array params (#4132) (bde9aec)

3.18.1 (2026-02-25)

Bug Fixes

• types: ensure optional params in query and execute methods (#4123) (3f4bbca)

3.18.0 (2026-02-23)

Features

• add Symbol.dispose and Symbol.asyncDispose support for Connections, Pools, and Pool Clusters (#4112) (1e612dc)

3.17.5 (2026-02-23)

Bug Fixes

• add missing charset encoding for UTF8MB4_0900_BIN (#3855) (c9a0dcd)
• deps: include @types/node as a peer dependency (#4108) (5f8ac97)
• fix wrong length number write to packet (#3177) (0e06e02)
• pool: resolve potential memory leak (#4111) (8aa2052)

3.17.4 (2026-02-20)

Bug Fixes

... (truncated)

Commits

• bb74a52 chore(master): release 3.19.0 (#4139)
• 6ccc643 build(deps): bump svgo from 3.3.2 to 3.3.3 in /website (#4153)
• 0b59041 build(deps): bump immutable from 5.1.3 to 5.1.5 in /website (#4152)
• b3af0d7 build(deps): bump lucide-react from 0.576.0 to 0.577.0 in /website (#4151)
• 519c8e7 ci: ensure timeout to OSX workflow (#4150)
• b57c671 feat: use server's preferred auth method to eliminate auth switch roundtrip (...
• 909eec3 build(deps-dev): bump @​types/node from 25.3.2 to 25.3.3 (#4141)
• c34bd6f ci: minimal adjustment in benchmark report (#4147)
• 09b802c ci: improve CodeQL (#4145)
• 15e012f build(deps): bump @​easyops-cn/docusaurus-search-local in /website (#4143)
• Additional commits viewable in compare view

Updates otplib from 13.1.1 to 13.3.0

Release notes

Sourced from otplib's releases.

v13.3.0

What's Changed

• ci: standardize workflow naming and add release artifacts by @​yeojz in yeojz/otplib#775
• chore(deps-dev): bump turbo from 2.7.5 to 2.7.6 in the dev-dependencies-patch group by @​dependabot[bot] in yeojz/otplib#773
• chore(deps): bump changesets/action from 1.5.3 to 1.6.0 in the github-actions group by @​dependabot[bot] in yeojz/otplib#774
• chore(deps-dev): bump the dev-dependencies-minor group with 3 updates by @​dependabot[bot] in yeojz/otplib#772
• feat(cli): add otplib-cli application by @​yeojz in yeojz/otplib#771
• Potential fix for code scanning alert no. 2: Workflow does not contain permissions by @​yeojz in yeojz/otplib#776
• Implement least privilege permissions across all GitHub workflows by @​Copilot in yeojz/otplib#777
• feat(test): add distribution tests package for cross-runtime testing by @​yeojz in yeojz/otplib#778
• chore(deps): bump commander from 14.0.2 to 14.0.3 in the dependencies-patch group by @​dependabot[bot] in yeojz/otplib#781
• chore(deps): bump actions/checkout from 4 to 6 in the github-actions group by @​dependabot[bot] in yeojz/otplib#785
• chore(deps-dev): bump turbo from 2.7.6 to 2.8.1 in the dev-dependencies-minor group by @​dependabot[bot] in yeojz/otplib#782
• chore(deps-dev): bump lefthook from 2.0.15 to 2.0.16 in the dev-dependencies-patch group by @​dependabot[bot] in yeojz/otplib#783
• feat: security improvements and HOTP update-counter command by @​yeojz in yeojz/otplib#780
• chore: update docs by @​yeojz in yeojz/otplib#786
• Pin GitHub Actions to commit SHAs and update dependencies by @​yeojz in yeojz/otplib#787
• fix: harden OTP validation and URI parsing; bubble up TOTP replay controls through otplib by @​yeojz in yeojz/otplib#788
• feat: add OTPHooks for custom token encoding and validation by @​yeojz in yeojz/otplib#790
• chore(deps-dev): bump the dev-dependencies-minor group with 5 updates by @​dependabot[bot] in yeojz/otplib#791
• chore(deps-dev): bump turbo from 2.8.1 to 2.8.3 in the dev-dependencies-patch group by @​dependabot[bot] in yeojz/otplib#792
• release(cli): v2.0.0 by @​github-actions[bot] in yeojz/otplib#795
• chore: upgrade development Node.js baseline to 24 by @​yeojz in yeojz/otplib#794
• chore(deps-dev): bump @​types/node from 20.19.30 to 25.2.2 by @​dependabot[bot] in yeojz/otplib#793
• release(packages): v13.3.0 by @​github-actions[bot] in yeojz/otplib#796

New Contributors

• @​Copilot made their first contribution in yeojz/otplib#777

Full Changelog: yeojz/otplib@v13.2.1...v13.3.0

v13.2.1

What's Changed

• docs: refine mobile hero and base32 guidance by @​yeojz in yeojz/otplib#767
• docs: improve plugin guides and light mode UI contrast by @​yeojz in yeojz/otplib#768
• ci: update package versions by @​github-actions[bot] in yeojz/otplib#769

Full Changelog: yeojz/otplib@v13.2.0...v13.2.1

v13.2.0

What's Changed

• docs: add legacy Google Authenticator troubleshooting guide by @​yeojz in yeojz/otplib#754
• feat: add tuple semantics for counterTolerance with look-ahead default by @​yeojz in yeojz/otplib#753
• docs: clarify Base32 as default encoding for string secrets by @​yeojz in yeojz/otplib#755
• feat(docs): improve landing page UI with cipher theme by @​yeojz in yeojz/otplib#757
• feat(plugin-base32-bypass): add base32 bypass plugin by @​yeojz in yeojz/otplib#756
• chore(deps-dev): bump prettier from 3.7.4 to 3.8.0 in the dev-dependencies-minor group by @​dependabot[bot] in yeojz/otplib#758
• feat(totp): add afterTimeStep parameter for replay protection by @​yeojz in yeojz/otplib#749
• feat(adapters): initialize guardrails once in v11/v12 adapter constructors by @​yeojz in yeojz/otplib#763

... (truncated)

Commits

• fe462ac release(packages): v13.3.0 (#796)
• 09f301f feat: add OTPHooks for custom token encoding and validation (#790)
• 476f345 fix: harden OTP validation and URI parsing; bubble up TOTP replay controls th...
• 972d355 Pin GitHub Actions to commit SHAs and update dependencies (#787)
• ada9445 feat(test): add distribution tests package for cross-runtime testing (#778)
• 99485e6 feat(cli): add otplib-cli application (#771)
• 5847b3e ci: update package versions (#769)
• 5ffba5c docs: improve plugin guides and light mode UI contrast (#768)
• 23db7ac ci: update package versions (#766)
• cdbd622 feat(plugin-base32-alt): add hex and base64 bypass plugins (#765)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for otplib since your current version.

Updates @eslint/js from 9.39.2 to 10.0.1

Release notes

Sourced from @​eslint/js's releases.

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)
• aa3fb2b fix!: tighten func-names schema (#20119) (Pixel998)
• f6c0ed0 feat!: report eslint-env comments as errors (#20128) (Francesco Trotta)
• 4bf739f fix!: remove deprecated LintMessage#nodeType and TestCaseError#type (#20096) (Pixel998)
• 523c076 feat!: drop support for jiti < 2.2.0 (#20016) (michael faith)
• 454a292 feat!: update eslint:recommended configuration (#20210) (Pixel998)
• 4f880ee feat!: remove v10_* and inactive unstable_* flags (#20225) (sethamus)
• f18115c feat!: no-shadow-restricted-names report globalThis by default (#20027) (sethamus)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160) (Milos Djermanovic)

Features

• bff9091 feat: handle Array.fromAsync in array-callback-return (#20457) (Francesco Trotta)
• 290c594 feat: add self to no-implied-eval rule (#20468) (sethamus)
• 43677de feat: fix handling of function and class expression names in no-shadow (#20432) (Milos Djermanovic)

... (truncated)

Commits

• 84fb885 chore: package.json update for @​eslint/js release
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467)
• f3fbc2f chore: set @eslint/js version to 10.0.0 to skip releasing it (#20466)
• b4b3127 chore: package.json update for @​eslint/js release
• 0b14059 chore: package.json update for @​eslint/js release
• fa31a60 feat!: add name to configs (#20015)
• 1e2cad5 chore: package.json update for @​eslint/js release
• 454a292 feat!: update eslint:recommended configuration (#20210)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160)
• See full diff in compare view

Updates eslint from 9.39.2 to 10.0.2

Release notes

Sourced from eslint's releases.

v10.0.2

Bug Fixes

• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
• 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)

... (truncated)

Commits

• 55122d6 10.0.2
• 80f1e29 Build: changelog update for 10.0.2
• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553)
• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548)
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536)
• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537)
• 98cbf6b docs: update migration guide per Program range change (#20534)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533)
• 0bd5497 10.0.1
• ddb80ef Build: changelog update for 10.0.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.