Bump the bun group across 1 directory with 12 updates

[dependabot]

Bumps the bun group with 12 updates in the / directory:

Package	From	To
@elysiajs/static	1.3.0	1.4.7
chalk	5.4.1	5.6.2
drizzle-orm	0.44.2	0.45.1
elysia	1.3.5	1.4.22
jose	6.0.11	6.1.3
radashi	12.6.0	12.7.1
@biomejs/biome	2.0.6	2.3.11
@types/bun	1.2.18	1.3.6
drizzle-kit	0.31.4	0.31.8
newman	6.2.1	6.2.2
pg	8.16.3	8.17.1
typescript	5.8.3	5.9.3

Updates @elysiajs/static from 1.3.0 to 1.4.7

Release notes

Sourced from @​elysiajs/static's releases.

1.4.7

What's changed

Bug fix:

• remove trailing slash on Windows

Full Changelog: elysiajs/elysia-static@1.4.6...1.4.7

1.4.6

What's changed

Bug fix:

• normalize path only when unsafe
• cache crypto package import

Full Changelog: elysiajs/elysia-static@1.4.5...1.4.6

1.4.5

What's Changed

• fix: resolve static paths correctly on Windows by @​denysovvl in elysiajs/elysia-static#52

New Contributors

• @​denysovvl made their first contribution in elysiajs/elysia-static#52

Full Changelog: elysiajs/elysia-static@1.4.4...1.4.5

1.4.4

What's changed

Bug fix:

• fix cjs main import

Full Changelog: elysiajs/elysia-static@1.4.3...1.4.4

1.4.3

What's changed

Improvement:

• adjust build script
• remove stat cache

Full Changelog: elysiajs/elysia-static@1.4.2...1.4.3

1.4.2

What's changed

Improvement:

• better caching mechanism
• scope cache to each instance

... (truncated)

Changelog

Sourced from @​elysiajs/static's changelog.

1.4.7 - 17 Nov 2025

Bug fix:

• remove trailing slash on Windows

1.4.6 - 3 Nov 2025

Bug fix:

• normalize path only when unsafe
• cache crypto package import

1.4.5 - 1 Nov 2025

Bug fix:

• #52 resolve static paths correctly on Windows

1.4.4 - 14 Oct 2025

Bug fix:

• fix cjs main import

1.4.3 - 13 Oct 2025

Improvement:

• adjust build script
• remove stat cache

1.4.2 - 13 Oct 2025

Improvement:

• better caching mechanism
• scope cache to each instance

1.4.1 - 13 Oct 2025

Improvement:

• enable Bun full stack support
• general performance improvement
• #34 log errors, make it easier to debug errors inside @​elysiajs/static
• #44 fixed edge case when working dir is root
• use process.getBuiltinModules instead of import
• refactor codebase to be more readable
• rename noCache to cache
• use Bun.Glob if Bun is detected
• conditional run listFiles only when necessary
• reduce seed to prefix parameter
• cache etag generation

Change:

• remove node-cache dependency
• remove handle safe sep for windows as Node already handle it

Breaking Change:

• rename enableDecodeURI to decodeURI
• remove resolve options, use default path.resolve instead

1.3.0-exp.0 - 23 Apr 2025

... (truncated)

Commits

• 4d12f68 🔧 fix: remove trailing slash on windows
• 006fe7e 🔧 fix: normalize path when necessary
• a6dc9bf 🔧 fix: resolve static paths correctly on Windows
• c1ca17f Merge pull request #52 from denysovvl/main
• 6b58da2 fix: resolve static paths correctly on Windows
• 516491c 📘 doc: fix main import
• 3527841 📘 doc: fix main import
• f4f14f3 📘 doc: adjust build script
• e99692b 📘 doc: adjust build script
• c095eb8 📘 feat: remove stat cache
• Additional commits viewable in compare view

Updates chalk from 5.4.1 to 5.6.2

Release notes

Sourced from chalk's releases.

v5.6.2

• Fix vulnerability in 5.6.1, see: chalk/chalk#656

v5.6.0

• Make WezTerm terminal use true color a8f5bf7

---

chalk/chalk@v5.5.0...v5.6.0

v5.5.0

• Make Ghostty terminal use true color (#653) 79ee2d3

---

chalk/chalk@v5.4.1...v5.5.0

Commits

• 5155778 5.6.2
• 5c91505 5.6.0
• a8f5bf7 Make WezTerm terminal use true color
• 67db246 5.5.0
• 79ee2d3 Make Ghostty terminal use true color (#653)
• See full diff in compare view

Updates drizzle-orm from 0.44.2 to 0.45.1

Release notes

Sourced from drizzle-orm's releases.

0.45.1

• Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

0.45.0

• Fixed pg-native Pool detection in node-postgres transactions
• Allowed subqueries in select fields
• Updated typo algorythm => algorithm
• Fixed $onUpdate not handling SQL values (fixes #2388, tests implemented by L-Mario564 in #2911)
• Fixed pg mappers not handling Date instances in bun-sql:postgresql driver responses for date, timestamp types (fixes #4493)

0.44.7

• fix durable sqlite transaction return value #3746 - thanks @​joaocstro

0.44.6

• feat: add $replicas reference #4874

0.44.5

• Fixed invalid usage of .one() in durable-sqlite session
• Fixed spread operator related crash in sqlite blob columns
• Better browser support for sqlite blob columns
• Improved sqlite blob mapping

0.44.4

• Fix wrong DrizzleQueryError export. thanks @​nathankleyn

0.44.3

• Fixed types of $client for clients created by drizzle function

await db.$client.[...]

• Added the updated_at column to the neon_auth.users_sync table definition.

Commits

• a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
• c445637 Merge pull request #5095 from drizzle-team/main-workflows
• e7b3aaa Merge branch 'main' into main-workflows
• 0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
• 45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
• 6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
• 53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
• ce88a18 Merge remote-tracking branch 'origin/ext-deps-kit' into main-workflows
• 5c8a4c5 +
• 73e2ea4 feat: Add release router workflow to manage feature and latest releases
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for drizzle-orm since your current version.

Updates elysia from 1.3.5 to 1.4.22

Release notes

Sourced from elysia's releases.

1.4.22

What's Changed

Improvement:

• #1655 decode single values in ArrayQuery by @​zoriya
• use imperative check for replaceURLPath instead of allocating new URL
• reduce ts-ignore/ts-expect-error on promise map handler

Bug fix:

• #1671 mount produces incorrect URL path when Elysia instance has prefix option
• elysiajs/elysia#1617, #1623 AOT compilation removes beforeHandle when using arrow function expression by @​tt-a1i
• #1667 skip body parsing on mount with dynamic mode
• #1662 custom thenable fallback in mapCompactResponse causing runtime crash with undefined variable by @​raunak-rpm
• #1661, #1663 fix SSE double-wrapping bug when returning pre-formatted Response by @​raunak-rpm in
• ValueError with summary missing types
• Elysia not using Bun.routes by default

New Contributors

• @​raunak-rpm made their first contribution in elysiajs/elysia#1663

Full Changelog: elysiajs/elysia@1.4.21...1.4.22

1.4.21

What's Changed

Improvement:

• #1654 encode t.Date() to iso string by @​zoriya
• #1624 apply macros before merging hooks in group method by @​tt-a1i

Bug fix:

• call Sucrose GC unref when possible (browser fallback)
• add allowUnsafeValidationDetails to Standard Validator

New Contributors

• @​tt-a1i made their first contribution in elysiajs/elysia#1624
• @​zoriya made their first contribution in elysiajs/elysia#1654

Full Changelog: elysiajs/elysia@1.4.20...1.4.21

1.4.20

What's Changed

Improvement:

• add ModelValidator.schema for accessing raw schema
• #1636 add subscriptions to Elysia.ws context
• #1638 unref Sucrose gc by @​akim-bow

Bug fix:

• #1649 add null check for object properties (t.Record) by @​aymaneallaoui
• #1646 use constant-time comparison for signed cookie verification by @​JNX03
• #1639 compose: ReferenceError: "_r_r is not defined" when onError returns plain object & mapResponse exists
• #1631 update Exact Mirror to 0.2.6

... (truncated)

Changelog

Sourced from elysia's changelog.

1.4.22 - 14 Jan 2026

Improvement:

• use imperative check for replaceURLPath instead of allocating new URL
• reduce ts-ignore/ts-expect-error on promise map handler
• #1655 decode single values in ArrayQuery

Bug fix:

• #1671 mount produces incorrect URL path when Elysia instance has prefix option
• elysiajs/elysia#1617, #1623 AOT compilation removes beforeHandle when using arrow function expression
• #1667 skip body parsing on mount with dynamic mode
• #1662 custom thenable fallback in mapCompactResponse causing runtime crash with undefined variable
• #1661, #1663 fix SSE double-wrapping bug when returning pre-formatted Response
• ValueError with summary missing types
• Elysia not using Bun.routes by default

1.4.21 - 4 Jan 2026

Improvement:

• #1654 encode t.Date() to iso string
• #1624 apply macros before merging hooks in group method

Bug fix:

• call Sucrose GC unref when possible (browser fallback)
• add allowUnsafeValidationDetails to Standard Validator

1.4.20 - 3 Jan 2026

Improvement:

• add ModelValidator.schema for accessing raw schema
• #1636 add subscriptions to Elysia.ws context
• #1638 unref Sucrose gc

Bug fix:

• #1649 add null check for object properties (t.Record)
• #1646 use constant-time comparison for signed cookie verification
• #1639 compose: ReferenceError: "_r_r is not defined" when onError returns plain object & mapResponse exists
• #1631 update Exact Mirror to 0.2.6
• #1630 enforce fetch to return MaybePromise

Bug fix:

• Elysia.models broke when referencing non typebox model

1.4.19 - 13 Dec 2025

Security:

• reject invalid cookie signature when using cookie rotation

Improvement

• #1609 calling afterResponse with aot: false
• #1607, #1606, #1139 data coercion on nested form data
• #1604 save lazy compilation of Elysia.fetch for up to 45x performance improvement
• #1588, #1587 add seen weakset during mergeDeep

... (truncated)

Commits

• f027642 📘 doc: document changelog
• 935efe2 Merge pull request #1657 from elysiajs/next
• 131a452 📘 doc: 1.4.22
• 4478914 🧹 chore: clean up code review feedback
• 8c42013 Merge pull request #1655 from zoriya/patch-2
• bc882d4 📘 doc: document changelog
• 7f8f55c Merge branch 'main' into next
• 4c28294 Merge pull request #1662 from raunak-rpm/feature/my-contribution
• bb45335 📘 doc: document changelog
• d097155 Merge branch 'main' into next
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for elysia since your current version.

Updates jose from 6.0.11 to 6.1.3

Release notes

Sourced from jose's releases.

v6.1.3

Refactor

• avoid export * as for google closure's compiler sake (6303d98), closes #832

v6.1.2

Refactor

• fallback to checking instanceof for CryptoKey (901cd90), closes #765 #803 #821 #827 #828

v6.1.1

Documentation

• add link to RFC9864 (767edde)
• link to ML-DSA for JOSE (ed4252c)
• remove mention of Edge Runtime from the readme (94fdde7)
• update README.md (25098ef)

Refactor

• eliminate named exports in the source code (f6ae30d)
• expose setKeyManagementParameters also on a GeneralEncrypt Recipient (16e6b23)
• faster path for symmetric key checks (a44c2ec)
• improve en/decoding overheads (daee426)

v6.1.0

Features

• support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri (cf2092a)
• support for the ML-DSA PQC Algorithm Identifiers (25ddce4)

v6.0.13

Refactor

• more readability in ecdhes.ts (84da9de)
• update asn1.ts helpers (b4f8fb3)

v6.0.12

Documentation

• add known caveats to customFetch (02e1f1e)
• mention the apu/apv parameter names in setKeyManagementParameters (6274d5a)
• update compact setKeyManagementParameters (2f44381)
• use GitHub Flavored Markdown for notes and warnings (f6b4ffc)

Refactor

• createPublicKey is not a constructor (61ded78)

... (truncated)

Changelog

Sourced from jose's changelog.

6.1.3 (2025-12-02)

Refactor

• avoid export * as for google closure's compiler sake (6303d98), closes #832

6.1.2 (2025-11-15)

Refactor

• fallback to checking instanceof for CryptoKey (901cd90), closes #765 #803 #821 #827 #828

6.1.1 (2025-11-09)

Documentation

• add link to RFC9864 (767edde)
• link to ML-DSA for JOSE (ed4252c)
• remove mention of Edge Runtime from the readme (94fdde7)
• update README.md (25098ef)

Refactor

• eliminate named exports in the source code (f6ae30d)
• expose setKeyManagementParameters also on a GeneralEncrypt Recipient (16e6b23)
• faster path for symmetric key checks (a44c2ec)
• improve en/decoding overheads (daee426)

6.1.0 (2025-08-27)

Features

• support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri (cf2092a)
• support for the ML-DSA PQC Algorithm Identifiers (25ddce4)

6.0.13 (2025-08-21)

Refactor

• more readability in ecdhes.ts (84da9de)
• update asn1.ts helpers (b4f8fb3)

6.0.12 (2025-07-15)

... (truncated)

Commits

• ebb8774 chore(release): 6.1.3
• 6303d98 refactor: avoid export * as for google closure's compiler sake
• 39c8805 chore: bump packages
• cf5726e chore: update error message
• 0154775 chore: update threat model
• d015cdf chore: add a threat model
• c5e285e chore: bump packages
• d681315 chore: bump packages
• 4ae1005 chore(deps-dev): bump glob from 11.0.3 to 11.1.0 (#831)
• aaedc25 chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 (#830)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for jose since your current version.

Updates radashi from 12.6.0 to 12.7.1

Release notes

Sourced from radashi's releases.

v12.7.1

Fixed

• Ensure DurationParser static properties can be tree-shaked in b9d7529

v12.7.0

New Functions

Add getOrInsert and getOrInsertComputed functions [→ PR #444](radashi-org/radashi#444)

Access or initialize map entries without boilerplate branching. getOrInsert writes the provided value once, while getOrInsertComputed lazily creates an entry only when it is missing.

• Works with both Map and WeakMap instances
• Returns the stored entry so you can chain additional logic
• Avoids unnecessary factory calls when a key already exists

import * as _ from 'radashi'
const counts = new Map<string, number>()
_.getOrInsert(counts, 'clicks', 1) // => 1
_.getOrInsert(counts, 'clicks', 5) // => 1
_.getOrInsertComputed(counts, 'views', () => 10) // => 10
_.getOrInsertComputed(counts, 'views', () => 0) // => 10

Inspired by TC39's upsert proposal.

🔗 Docs: getOrInsert · getOrInsertComputed / Source: getOrInsert.ts · getOrInsertComputed.ts / Tests: getOrInsert.test.ts · getOrInsertComputed.test.ts

Add isArrayEqual function [→ PR #417](radashi-org/radashi#417)

Compare arrays with Object.is precision. isArrayEqual checks length and element identity, correctly handling tricky cases like NaN, sparse arrays, and the +0/-0 distinction.

• Uses Object.is so NaN matches itself while +0 and -0 stay distinct
• Short-circuits when lengths differ for a fast inequality check
• Leaves the original arrays untouched

import * as _ from 'radashi'
_.isArrayEqual([1, 2, 3], [1, 2, 3]) // => true
_.isArrayEqual([0], [-0]) // => false
_.isArrayEqual([Number.NaN], [Number.NaN]) // => true

🔗 Docs / Source / Tests

... (truncated)

Changelog

Sourced from radashi's changelog.

[radashi@12.7.1] - 2025-11-19

Details

Fixed

• Ensure DurationParser static properties can be tree-shaked in b9d7529

[radashi@12.7.0] - 2025-10-17

Details

Added

• Add identity function in 38e2f37
• Add isArrayEqual function in 095f2b0
• Add isMapEqual and isSetEqual functions in 0fa566a
• Add getOrInsert and getOrInsertComputed in 4675076
• (objectify) Add index parameter to getKey and getValue functions in 1506472
• Add absoluteJitter and proportionalJitter in ebea7d7

Changed

• Preserve tuple type in min/max even with a getter in c72a1c4
• Use identity as default getter for sort in df55a6e

[radashi@12.6.2] - 2025-08-20

Details

Fixed

• (range) Ensure end parameter works when 0 in 9c8ffa0

[radashi@12.6.1] - 2025-08-09

Details

Fixed

• (group) Use Object.create(null) for the returned object in 5db8c37

Commits

• 478e0cd chore(release): 12.7.1
• 763e630 chore: update .cliffignore
• b9d7529 fix: ensure DurationParser static properties can be tree-shaked (#447)
• 0154943 chore(scripts): use dist build for tree-shake-check
• 6207890 chore: add tree-shake-check script
• 6c8276a Revert "feat!: transpile to Node18 syntax (#448)"
• b109d1e feat!: transpile to Node18 syntax (#448)
• f0c9c33 chore(docs): remove unnecessary await in example
• 900f2e8 chore(release): 12.7.0
• 11d932d chore: prepare release notes
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.0.6 to 2.3.11

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.11

2.3.11

Patch Changes

• #8583 83be210 Thanks @​dyc3! - Added the new nursery rule useVueValidTemplateRoot.

  This rule validates only root-level \<template> elements in Vue single-file components. If the \<template> has a src attribute, it must be empty. Otherwise, it must contain content.

  Invalid examples:

  \<template src="./foo.html">content</template>

  \<template></template>

  Valid examples:

  \<template>content</template>

  \<template src="./foo.html"></template>

• #8586 df8fe06 Thanks @​dyc3! - Added a new nursery rule useVueConsistentVBindStyle. Enforces consistent v-bind style (:prop shorthand vs v-bind:prop longhand). Default prefers shorthand; configurable via rule options.

• #8587 9a8c98d Thanks @​dyc3! - Added the rule useVueVForKey, which enforces that any element using v-for also specifies a key.

  Invalid

  <li v-for="item in items">{{ item }}</li>

  Valid

  <li v-for="item in items" :key="item.id">{{ item }}</li>

• #8586 df8fe06 Thanks @​dyc3! - Added a new nursery rule useVueConsistentVOnStyle. Enforces consistent v-on style (@event shorthand vs v-on:event longhand). Default prefers shorthand; configurable via rule options.

• #8583 83be210 Thanks @​dyc3! - Added the new nursery rule useVueValidVOnce. Enforces that usages of the v-once directive in Vue.js SFC are valid.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.11

Patch Changes

• #8583 83be210 Thanks @​dyc3! - Added the new nursery rule useVueValidTemplateRoot.

  This rule validates only root-level \<template> elements in Vue single-file components. If the \<template> has a src attribute, it must be empty. Otherwise, it must contain content.

  Invalid examples:

  \<template src="./foo.html">content</template>

  \<template></template>

  Valid examples:

  \<template>content</template>

  \<template src="./foo.html"></template>

• #8586 df8fe06 Thanks @​dyc3! - Added a new nursery rule useVueConsistentVBindStyle. Enforces consistent v-bind style (:prop shorthand vs v-bind:prop longhand). Default prefers shorthand; configurable via rule options.

• #8587 9a8c98d Thanks @​dyc3! - Added the rule useVueVForKey, which enforces that any element using v-for also specifies a key.

  Invalid

  <li v-for="item in items">{{ item }}</li>

  Valid

  <li v-for="item in items" :key="item.id">{{ item }}</li>

• #8586 df8fe06 Thanks @​dyc3! - Added a new nursery rule useVueConsistentVOnStyle. Enforces consistent v-on style (@event shorthand vs v-on:event longhand). Default prefers shorthand; configurable via rule options.

• #8583 83be210 Thanks @​dyc3! - Added the new nursery rule useVueValidVOnce. Enforces that usages of the v-once directive in Vue.js SFC are valid.

  <!-- Valid -->

... (truncated)

Commits

• 1550e73 ci: release (#8507)
• a3a27a7 feat(analyze/html/vue): add useVueVapor rule (#8644)
• 9a8c98d feat(analyze/html/vue): add useVueVForKey (#8587)
• ab9af9a feat: no-jsx-props-bind (#7410)
• df8fe06 feat(analyze/html/vue): add v-bind/v-on style rules (#8586)
• 83be210 feat(analyze/html/vue): add a few more simple vue lint rules (#8583)
• a3a1ad2 feat(biome_js_analyze): port noBeforeInteractiveScriptOutsideDocument from ...
• 9dd9ca7 feat(graphql_analyze): implement useUniqueArgumentNames (#8591)
• 5e85d43 feat(graphql_analyze): implement useUniqueFieldDefinitionNames (#8598)
• a5f59cd feat(graphql_analyze): implement useUniqueInputFieldNames (#8592)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Updates @types/bun from 1.2.18 to 1.3.6

Commits

• See full diff in compare view

Updates drizzle-kit from 0.31.4 to 0.31.8

Release notes

Sourced from drizzle-kit's releases.

drizzle-kit@0.31.8

Bug fixes

• Fixed algorythm => algorithm typo.
• Fixed external dependencies in build configuration.

drizzle-kit@0.31.6

Bug fixes

• [BUG]: Importing drizzle-kit/api fails in ESM modules

drizzle-kit@0.31.5

• Add casing support to studio configuration and related functions

Commits

• c445637 Merge pull request #5095 from drizzle-team/main-workflows
• e7b3aaa Merge branch 'main' into main-workflows
• 0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
• 45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
• 6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
• 53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
• ce88a18 Merge remote-tracking branch 'origin/ext-deps-kit' into main-workflows
• 5c8a4c5 +
• 73e2ea4 feat: Add release router workflow to manage feature and latest releases
• 378b043 Merge pull request #5002 from drizzle-team/main-next-pack
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for drizzle-kit since your current version.

Updates newman from 6.2.1 to 6.2.2

Changelog

Sourced from newman's changelog.

6.2.2: date: 2026-01-16 chores: - Update dependencies

Commits

• 6b389d4 Merge branch 'release/6.2.2'
• 90d50ae Release v6.2.2
• e2ba4d6 update dependencies (#3344)
• 74a4554 Merge branch 'release/6.2.1' into develop
• See full diff in compare view

Updates pg from 8.16.3 to 8.17.1

Changelog

Sourced from pg's changelog.

All major and minor releases are briefly explained below.

For richer information consult the commit log on github with referenced pull requests.

We do not include break-fix version release in this file.

pg@8.17.0

• Throw correct error if database URL parsing fails.

pg@8.16.0

• Add support for min connection pool size.

pg@8.15.0

• Add support for esm importing. CommonJS importing is still also supported.

pg@8.14.0

• Add support from SCRAM-SAH-256-PLUS i.e. channel binding.

pg@8.13.0

• Add ability to specify query timeout on per-query basis.

pg@8.12.0

• Add queryMode config option to force use of the extended query protocol on queries without any parameters.

pg-pool@8.10.0

• Emit release event when client is returned to the pool.

pg@8.9.0

• Add support for stream factory.
• Better errors for SASL authentication.
• Use native crypto module for SASL authentication.

pg@8.8.0

• Bump minimum required version of native bindings.
• Catch previously uncatchable errors thrown in pool.query.
• Prevent the pool from blocking the event loop if all clients are idle (and allowExitOnIdle is enabled).
• Support lock_timeout in client config.
• Fix errors thrown in callbacks from interfering with cleanup.

pg-pool@3.5.0

... (truncated)

Commits

• 4eb7529 Publish
• b94c8e1 Don't use prefix import as it breaks in old nodes. (#3578)
• 6bf475c Improve Deno compatibility: config-first and safe env access (#3547)
• d10e09c Publish
• 9174783 test: Replace dead row length check with similar shape check (#3532)
• 27a2754 Deprecations (#3510)
• See full diff in compare view

Updates typescript from 5.8.3 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)