[deps] bump the patch-updates group across 1 directory with 6 updates by dependabot[bot] · Pull Request #55 · BrooksFlannery/template

dependabot · 2026-04-14T01:36:08Z

Bumps the patch-updates group with 6 updates in the / directory:

Package	From	To
drizzle-orm	`0.45.1`	`0.45.2`
postgres	`3.4.8`	`3.4.9`
react	`19.2.4`	`19.2.5`
react-dom	`19.2.4`	`19.2.5`
drizzle-kit	`0.31.8`	`0.31.10`
postcss	`8.5.6`	`8.5.9`

Updates drizzle-orm from 0.45.1 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @EthanKim88, @0x90sh and @wgoodall01 for reaching out to us with a reproduction and suggested fix

Commits

273c780 + 0.45.2 (#5534)
4aa6ecf Kit updates (#5490)
e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
See full diff in compare view

Updates postgres from 3.4.8 to 3.4.9

Release notes

Sourced from postgres's releases.

v3.4.9

Fix porsager/postgres#1143 1e92809

porsager/postgres@v3.4.8...v3.4.9

Commits

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

Add more cycle protections (#36236 by @eps1lon and @unstubbable)

Commits

23f4f9f 19.2.5
See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

Add more cycle protections (#36236 by @eps1lon and @unstubbable)

Commits

23f4f9f 19.2.5
See full diff in compare view

Updates drizzle-kit from 0.31.8 to 0.31.10

Release notes

Sourced from drizzle-kit's releases.

drizzle-kit@0.31.10

Updated to hanji@0.0.8 - native bun stringWidth, stripANSI support, errors for non-TTY environments

We've migrated away from esbuild-register to tsx loader, it will now allow to use drizzle-kit seamlessly with both ESM and CJS modules

We've also added native Bun and Deno launch support, which will not trigger tsx loader and utilise native bun and deno imports capabilities and faster startup times

drizzle-kit@0.31.9

drizzle-kit api improvements for D1 connections

Commits

4aa6ecf Kit updates (#5490)
e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
See full diff in compare view

Updates postcss from 8.5.6 to 8.5.9

Release notes

Sourced from postcss's releases.

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

fe88ac2 Release 8.5.9 version
c551632 Avoid RegExp when we can use simple JS
89a6b74 Move SECURITY.txt for docs folder to keep GitHub page cleaner
6ceb8a4 Create SECURITY.md
02ccae6 Another way to fix CI with .ts ext in tests on old Node.js
2c36658 Another way to fix CI with TS on old Node.js
b906003 Another way to fix CI with old Node.js
04d32cd Fix another issue with Node.js 10 on CI
df86cdf Try to fix Node.js 10 on CI
82bec0d Move to oxfmt
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the patch-updates group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.45.1` | `0.45.2` | | [postgres](https://github.com/porsager/postgres) | `3.4.8` | `3.4.9` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.5` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.5` | | [drizzle-kit](https://github.com/drizzle-team/drizzle-orm) | `0.31.8` | `0.31.10` | | [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.9` | Updates `drizzle-orm` from 0.45.1 to 0.45.2 - [Release notes](https://github.com/drizzle-team/drizzle-orm/releases) - [Commits](drizzle-team/drizzle-orm@0.45.1...0.45.2) Updates `postgres` from 3.4.8 to 3.4.9 - [Release notes](https://github.com/porsager/postgres/releases) - [Changelog](https://github.com/porsager/postgres/blob/master/CHANGELOG.md) - [Commits](porsager/postgres@v3.4.8...v3.4.9) Updates `react` from 19.2.4 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react) Updates `react-dom` from 19.2.4 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react-dom) Updates `drizzle-kit` from 0.31.8 to 0.31.10 - [Release notes](https://github.com/drizzle-team/drizzle-orm/releases) - [Commits](https://github.com/drizzle-team/drizzle-orm/compare/drizzle-kit@0.31.8...drizzle-kit@0.31.10) Updates `postcss` from 8.5.6 to 8.5.9 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.6...8.5.9) --- updated-dependencies: - dependency-name: drizzle-orm dependency-version: 0.45.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: postgres dependency-version: 3.4.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: react dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: react-dom dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: drizzle-kit dependency-version: 0.31.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: postcss dependency-version: 8.5.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-04-14T01:36:32Z

Updated bun.lock to match the dependency changes in package.json.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 14, 2026

chore: update bun.lock for dependabot PR

d76f3fa

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[deps] bump the patch-updates group across 1 directory with 6 updates#55

[deps] bump the patch-updates group across 1 directory with 6 updates#55
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/patch-updates-c80563944e

dependabot Bot commented on behalf of github Apr 14, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Apr 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

0.45.2

v3.4.9

19.2.5 (April 8th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

drizzle-kit@0.31.10

drizzle-kit@0.31.9

8.5.9

8.5.8

8.5.7

8.5.9

8.5.8

8.5.7

Uh oh!

github-actions Bot commented Apr 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Apr 14, 2026 •

edited

Loading