Bump the minor-and-patch group across 1 directory with 8 updates

[dependabot]

Bumps the minor-and-patch group with 8 updates in the / directory:

Package	From	To
better-sqlite3	12.9.0	12.10.0
ws	8.20.0	8.20.1
@types/node	22.19.17	22.19.19
electron	41.3.0	41.6.0
prettier	3.8.1	3.8.3
node-abi	3.89.0	3.92.0
jiti	2.6.1	2.7.0
tar	7.5.13	7.5.15

Updates better-sqlite3 from 12.9.0 to 12.10.0

Release notes

Sourced from better-sqlite3's releases.

v12.10.0

What's Changed

• Update SQLite to version 3.53.1 by @​JoshuaWise in WiseLibs/better-sqlite3#1467
• Add support for Node.js v26 prebuilds and remove EOL builds (Node.js v20, v23) by @​m4heshd in WiseLibs/better-sqlite3#1468
• Temporarily rollback support for Electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1470
• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

v12.9.1

⚠️CAUTION: NOT A VIABLE RELEASE

Electron v39+ prebuilds are not building successfully at the moment. Stick to v12.9.0 for now.

What's Changed

• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447
• Add support for electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1466

New Contributors

• @​Maxime-J made their first contribution in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.0...v12.9.1

Commits

• d8885f9 12.10.0
• 3f89324 Temporarily rollback support for Electron v42 prebuilds (#1470)
• a640028 Add support for Node.js v26 prebuilds and remove EOL builds (#1468)
• a69f03c Update SQLite to version 3.53.1 (#1467)
• d116f32 12.9.1
• 04d9b65 Add support for electron v42 prebuilds (#1466)
• ef7d940 Enable percentile functions (#1447)
• See full diff in compare view

Updates ws from 8.20.0 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

• Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

Commits

• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• See full diff in compare view

Updates @types/node from 22.19.17 to 22.19.19

Commits

• See full diff in compare view

Updates electron from 41.3.0 to 41.6.0

Release notes

Sourced from electron's releases.

electron v41.6.0

Release Notes for v41.6.0

Fixes

• Fixed a crash in the macOS Touch ID WebAuthn prompt caused by a missing string resource, and added touchID.promptReason to app.configureWebAuthn() to customize the prompt text. #51604 (Also in 42, 43)

electron v41.5.2

Release Notes for v41.5.2

Fixes

• Improved external resize band positioning and scaling for frameless windows on Windows. #51560 (Also in 43)

electron v41.5.1

Release Notes for v41.5.1

Fixes

• Fixed app.getLoginItemSettings() returning undefined for executableWillLaunchAtLogin on macOS; the property is now always a boolean. #51508 (Also in 40, 42)
• Fixed a potential race condition crash when closing DevTools. #51474 (Also in 42)
• Fixed cross-origin isolation failing for non-file origins. #51403 (Also in 42)
• Improved the way Electron determines the default XDG App ID and WM_CLASS on Linux for better platform compatibility if desktopName is not provided in package.json. #51480 (Also in 42)

electron v41.5.0

Release Notes for v41.5.0

Features

• Added app.configureWebAuthn() to enable the Touch ID platform authenticator for WebAuthn on macOS, and a select-webauthn-account session event for choosing between multiple discoverable credentials. #51412 (Also in 42)

Fixes

• Fixed a regression on Windows where frameless windows changed their size after calling setResizable. #51427 (Also in 42)
• Fixed an issue on Windows where a transient UnhookWindowsHookEx failure in setIgnoreMouseEvents(true, { forward: true }) teardown could cause duplicate low-level mouse hooks to be installed on the next activation. #51419 (Also in 42)
• Fixed remote debugging via --remote-debugging-port not working when inspecting from Chrome's chrome://inspect page. The DevTools page would appear empty due to the frontend URL pointing to a CDN that returned 404 for Electron's Chromium builds. #51413

electron v41.4.0

Release Notes for v41.4.0

Features

• Added support for heap profiling via contentTracing.enableHeapProfiling(). #51178 (Also in 42)

Fixes

• Ensured cross-origin fetch() and XHR are blocked for custom protocols registered with supportFetchAPI: true unless corsEnabled: true is also set; cross-origin mode: 'no-cors' requests now receive an opaque response. #51270 (Also in 39, 40, 42)
• Fixed a crash when providing invalid HTTP header names or values in the webRequest.onBeforeSendHeaders() callback. #51365 (Also in 40, 42)
• Fixed a bug that cause offscreen rendering doesn't have valid screen info and unable to get valid result of related media queries.
  • Added webPreference.offscreen.deviceScaleFactor to allow user specify a value, instead of using user's primary display's value. #50375 (Also in 40)
• Fixed a bug where errors would occur when using the Chrome DevTools Fetch API. #51371 (Also in 42)
• Fixed a crash that could occur when an autofill suggestion popup was shown while a window was closing. #51321 (Also in 42)

... (truncated)

Commits

• 5e590ee fix: ship IDS_WEBAUTHN_TOUCH_ID_PROMPT_REASON and allow overriding it (#51604)
• c6800ea fix: improve resize band positioning and scaling for frameless windows on Win...
• 19a80ed ci: pin Homebrew version in CI runs (#51547)
• 4978d28 fix: test idempotency issues (#51529)
• 795f7d6 test: await did-create-window assertion in child close test (#51518)
• 686a62b fix: always emit executableWillLaunchAtLogin from getLoginItemSettings (#...
• bbdf837 fix: constrain AllowUniversalAccessFromFileURLs to file: origins in agent clu...
• 911f3ae fix: set XDG app ID and WM_CLASS based on normalized app name (#51480)
• 39aa90c ci: suppress macOS 'reopen windows' prompt for Electron test bundle (#51494)
• e7e3f3a build: replace spec dep fork with transitive resolution (#51492)
• Additional commits viewable in compare view

Updates prettier from 3.8.1 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

</tr></table> 

... (truncated)

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• Additional commits viewable in compare view

Updates node-abi from 3.89.0 to 3.92.0

Release notes

Sourced from node-abi's releases.

v3.92.0

3.92.0 (2026-05-06)

Features

• update ABI registry (#289) (d8a52dc)

v3.91.0

3.91.0 (2026-05-06)

Features

• update ABI registry (#286) (49d26fa)

v3.90.0

3.90.0 (2026-05-01)

Features

• update ABI registry (#285) (3bb0b4f)

Commits

• d8a52dc feat: update ABI registry (#289)
• 49d26fa feat: update ABI registry (#286)
• 3bb0b4f feat: update ABI registry (#285)
• See full diff in compare view

Updates jiti from 2.6.1 to 2.7.0

Release notes

Sourced from jiti's releases.

v2.7.0

compare changes

🚀 Enhancements

• Add explicit resource management (using/await using) support (#422)
• Support opt-in tsconfigPaths (#427)
• Support virtual modules (#428)
• Add jiti/static subpath (#430)

🔥 Performance

• interopDefault: Add caching to reduce proxy overhead by ~2x (#421)

🩹 Fixes

• require: Passthrough resolve options (#412)
• require: Fallback to transpilation when tryNative fails (#413)
• Fallback for ENAMETOOLONG when evaluating esm (#429)

📦 Build

• Upgrade rspack to v2 (55194fb)
• Experimental rolldown config (8c0243f)

✅ Tests

• Ignore jsx test for bun/cjs (3a744ca)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Kricsleo (@​kricsleo)
• Espen Hovlandsdal (@​rexxars)
• Rintaro Itokawa (@​re-taro)
• Matteo Collina (@​mcollina)
• Mario Zechner (@​badlogic)

Changelog

Sourced from jiti's changelog.

v2.7.0

compare changes

🚀 Enhancements

• Add explicit resource management (using/await using) support (#422)
• Support opt-in tsconfigPaths (#427)
• Support virtual modules option (#428)
• Add jiti/static export (#430)

🔥 Performance

• interopDefault: Add caching to reduce proxy overhead by ~2x (#421)

🩹 Fixes

• require: Passthrough resolve options (#412)
• ci: Skip --coverage flag for node 18 (fe264b4)
• require: Fallback to transpilation when tryNative fails (#413)
• Fallback for ENAMETOOLONG when evaluating esm (#429)

📦 Build

• Upgrade rspack (55194fb)
• Experimental rolldown config (8c0243f)

🏡 Chore

• Fix lint issues (4045c7a)
• Update deps (e88ac44)
• Update deps (498e8d7)
• Add missing prettier dep (650bc48)
• Lint (058d91a)
• Init agents.md (c49c54e)
• Update agents.md (4deba16)
• Update deps (08fc868)
• Update tsconfig (8c7822e)
• Update release script (27fe3f2)

✅ Tests

• Ignore jsx test for bun/cjs (3a744ca)
• Update (9ee314f)

🤖 CI

• Update node test matrix (0abda72)

❤️ Contributors

... (truncated)

Commits

• fd3bb28 chore(release): v2.7.0
• 27fe3f2 chore: update release script
• 4fcd2f2 fix: fallback for ENAMETOOLONG when evaluating esm (#429)
• 8c0243f build: experimental rolldown config
• 55194fb build: upgrade rspack
• 0abda72 ci: update node test matrix
• 8c7822e chore: update tsconfig
• 08fc868 chore: update deps
• 5d552e3 feat: add jiti/static export (#430)
• ae790b0 feat: support virtual modules option (#428)
• Additional commits viewable in compare view

Updates tar from 7.5.13 to 7.5.15

Commits

• 87cc309 7.5.15
• 7aef486 fix: regression in pending links detection
• 6244eb3 7.5.14
• 9704d8c stricter protection against hardlinks preempting their targets
• 700734f update workflows and deps
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.