Bump the dev-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates in the / directory:

Package	From	To
@aws-sdk/client-s3	3.1004.0	3.1009.0
@aws-sdk/s3-request-presigner	3.1004.0	3.1009.0
@slack/webhook	7.0.7	7.0.8
mysql2	3.19.0	3.20.0
@typescript-eslint/eslint-plugin	8.56.1	8.57.0

Updates @aws-sdk/client-s3 from 3.1004.0 to 3.1009.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1009.0

3.1009.0(2026-03-13)

Chores

• codegen: sync for retry strategy lifecycle fix (#7842) (7bf8888b)

Documentation Changes

• client-medialive: Documents the VideoDescription.ScalingBehavior.SMART(underscore)CROP enum value. (fa49aa1b)
• client-sqs: document that SQS supports AWS Query protocol, non-default (#7847) (90772af6)
• clients: generate readme block about protocols (#7839) (21ffcafc)

New Features

• clients: update client endpoints as of 2026-03-13 (079cb594)
• client-api-gateway: API Gateway now supports an additional security policy "SecurityPolicy-TLS13-1-2-FIPS-PFS-PQ-2025-09" for REST APIs and custom domain names. The new policy is compliant with TLS 1.3, Federal Information Processing Standards (FIPS), Perfect Forward Secrecy (PFS), and post-quantum (PQ) cryptography (663ec588)
• client-gameliftstreams: Feature launch that enables customers to connect streaming sessions to their own VPCs running in AWS. (9b2dfe80)
• client-connect: Deprecating PredefinedNotificationID field (20194f10)
• client-ivs-realtime: Updates maximum reconnect window seconds from 60 to 300 for participant replication (e384ea14)
• client-glue: Add QuerySessionContext to BatchGetPartitionRequest (e39731fa)
• client-mediaconvert: This update adds support for Dolby AC-4 audio output, frame rate conversion between non-Dolby Vision inputs to Dolby Vision outputs, and clear lead CMAF HLS output. (11615b9f)
• client-quicksight: The change adds a new capability named ManageSharedFolders in Custom Permissions (cffca16f)
• client-mgn: Network Migration APIs are now publicly available for direct programmatic access. Customers can now call Network Migration APIs directly without going through AWS Transform (ATX), enabling automation, integration with existing tools, and self-service migration workflows. (2c814ea8)
• client-config-service: Fix pagination support for DescribeConformancePackCompliance, and update OrganizationConfigRule InputParameters max length to match ConfigRule. (469faf6f)

---

For list of updated packages, view updated-packages.md in assets-3.1009.0.zip

v3.1008.0

3.1008.0(2026-03-12)

Chores

• disable TypeScript detection when env var is 'true' (#7838) (b21a7826)

New Features

• clients: update client endpoints as of 2026-03-12 (c33f9da7)
• client-datasync: DataSync's 3 location types, Hadoop Distributed File System (HDFS), FSx for Windows File Server (FSx Windows), and FSx for NetApp ONTAP (FSx ONTAP) now have credentials managed via Secrets Manager, which may be encrypted with service keys or be configured to use customer-managed keys or secret. (dee9cb3e)
• client-ecr: Add Chainguard to PTC upstreamRegistry enum (4f3727d3)
• client-s3: Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. (17910287)

Bug Fixes

• util-user-agent-node: read typescript version from app package.json (#7840) (5253141c)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1009.0 (2026-03-13)

Note: Version bump only for package @​aws-sdk/client-s3

3.1008.0 (2026-03-12)

Features

• client-s3: Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. (1791028)

3.1007.0 (2026-03-11)

Note: Version bump only for package @​aws-sdk/client-s3

3.1006.0 (2026-03-10)

Note: Version bump only for package @​aws-sdk/client-s3

3.1005.0 (2026-03-09)

Note: Version bump only for package @​aws-sdk/client-s3

Commits

• 7888030 Publish v3.1009.0
• 7bf8888 chore(codegen): sync for retry strategy lifecycle fix (#7842)
• 21ffcaf docs(clients): generate readme block about protocols (#7839)
• 543c385 Publish v3.1008.0
• 1791028 feat(client-s3): Adds support for account regional namespaces for general pur...
• 7718940 Publish v3.1007.0
• fa4dc50 Publish v3.1006.0
• 0e58193 test(snapshot-testing): error response snapshots (#7836)
• e692718 Publish v3.1005.0
• 2b96330 test(snapshot-testing): implement response snapshots (#7803)
• See full diff in compare view

Updates @aws-sdk/s3-request-presigner from 3.1004.0 to 3.1009.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.1009.0

3.1009.0(2026-03-13)

Chores

• codegen: sync for retry strategy lifecycle fix (#7842) (7bf8888b)

Documentation Changes

• client-medialive: Documents the VideoDescription.ScalingBehavior.SMART(underscore)CROP enum value. (fa49aa1b)
• client-sqs: document that SQS supports AWS Query protocol, non-default (#7847) (90772af6)
• clients: generate readme block about protocols (#7839) (21ffcafc)

New Features

• clients: update client endpoints as of 2026-03-13 (079cb594)
• client-api-gateway: API Gateway now supports an additional security policy "SecurityPolicy-TLS13-1-2-FIPS-PFS-PQ-2025-09" for REST APIs and custom domain names. The new policy is compliant with TLS 1.3, Federal Information Processing Standards (FIPS), Perfect Forward Secrecy (PFS), and post-quantum (PQ) cryptography (663ec588)
• client-gameliftstreams: Feature launch that enables customers to connect streaming sessions to their own VPCs running in AWS. (9b2dfe80)
• client-connect: Deprecating PredefinedNotificationID field (20194f10)
• client-ivs-realtime: Updates maximum reconnect window seconds from 60 to 300 for participant replication (e384ea14)
• client-glue: Add QuerySessionContext to BatchGetPartitionRequest (e39731fa)
• client-mediaconvert: This update adds support for Dolby AC-4 audio output, frame rate conversion between non-Dolby Vision inputs to Dolby Vision outputs, and clear lead CMAF HLS output. (11615b9f)
• client-quicksight: The change adds a new capability named ManageSharedFolders in Custom Permissions (cffca16f)
• client-mgn: Network Migration APIs are now publicly available for direct programmatic access. Customers can now call Network Migration APIs directly without going through AWS Transform (ATX), enabling automation, integration with existing tools, and self-service migration workflows. (2c814ea8)
• client-config-service: Fix pagination support for DescribeConformancePackCompliance, and update OrganizationConfigRule InputParameters max length to match ConfigRule. (469faf6f)

---

For list of updated packages, view updated-packages.md in assets-3.1009.0.zip

v3.1008.0

3.1008.0(2026-03-12)

Chores

• disable TypeScript detection when env var is 'true' (#7838) (b21a7826)

New Features

• clients: update client endpoints as of 2026-03-12 (c33f9da7)
• client-datasync: DataSync's 3 location types, Hadoop Distributed File System (HDFS), FSx for Windows File Server (FSx Windows), and FSx for NetApp ONTAP (FSx ONTAP) now have credentials managed via Secrets Manager, which may be encrypted with service keys or be configured to use customer-managed keys or secret. (dee9cb3e)
• client-ecr: Add Chainguard to PTC upstreamRegistry enum (4f3727d3)
• client-s3: Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. (17910287)

Bug Fixes

• util-user-agent-node: read typescript version from app package.json (#7840) (5253141c)

... (truncated)

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.1009.0 (2026-03-13)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1008.0 (2026-03-12)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1007.0 (2026-03-11)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1006.0 (2026-03-10)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1005.0 (2026-03-09)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

Commits

• 7888030 Publish v3.1009.0
• 7bf8888 chore(codegen): sync for retry strategy lifecycle fix (#7842)
• 543c385 Publish v3.1008.0
• 7718940 Publish v3.1007.0
• fa4dc50 Publish v3.1006.0
• e692718 Publish v3.1005.0
• 2b96330 test(snapshot-testing): implement response snapshots (#7803)
• See full diff in compare view

Updates @slack/webhook from 7.0.7 to 7.0.8

Release notes

Sourced from @​slack/webhook's releases.

@​slack/webhook@​7.0.8

Patch Changes

• b8d922f: build: add support for node 24
• Updated dependencies [b8d922f]
  • @​slack/types@​2.20.1

Commits

• 909b5bd chore: release (#2530)
• b8d922f ci: add support for node 24 version (#2534)
• 9b23414 build: write all docs for workspace packages (#2533)
• 98dbd4e build: use a shared tsconfig for workspace packages (#2532)
• 8ce4770 chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#2537)
• bd44fbb build: use minimum support @​types/node@​18 in development (#2531)
• a2eb4be chore: add opt-in pre-commit lint --write hook (#2475)
• 75649f4 feat: add support for apps.user.connection.update (#2535)
• dbd38e2 build: use node test runner for workspace packages (#2529)
• 57f4f22 chore: add an AGENTS.md (#2528)
• Additional commits viewable in compare view

Updates mysql2 from 3.19.0 to 3.20.0

Release notes

Sourced from mysql2's releases.

v3.20.0

3.20.0 (2026-03-15)

Features

• add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

• explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
• prevent double release from corrupting the connection pool (#4186) (7e57db6)
• restore PoolConnection as subclass of Connection (#4183) (97855a6)

v3.19.1

3.19.1 (2026-03-09)

Security Bug Fixes

• bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
• handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
• prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
• validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

Changelog

Sourced from mysql2's changelog.

3.20.0 (2026-03-15)

Features

• add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

• explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
• prevent double release from corrupting the connection pool (#4186) (7e57db6)
• restore PoolConnection as subclass of Connection (#4183) (97855a6)

3.19.1 (2026-03-09)

Bug Fixes

• bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
• handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
• prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
• validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

Commits

• 6d0ba45 chore(master): release 3.20.0 (#4180)
• 5ac5563 fix: explicitly specify in auth plugins (#4175) (#4187)
• 1993624 ci: improve workflows triggering (#4189)
• ff839c2 docs: improve LLM Agents instructions (#4188)
• 7e57db6 fix: prevent double release from corrupting the connection pool (#4186)
• 92d0724 docs: include instructions to LLM agents (#4185)
• f4ce16a refactor: simplify TracingChannel logic (#4184)
• 97855a6 fix: restore PoolConnection as subclass of Connection (#4183)
• 90a0677 refactor: prevent unintentional breaking change after TracingChannel support ...
• 5b61d86 ci: improve coverage (#4181)
• Additional commits viewable in compare view

Updates @smithy/util-stream from 4.5.17 to 4.5.19

Release notes

Sourced from @​smithy/util-stream's releases.

@​smithy/util-stream@​4.5.19

Patch Changes

• Updated dependencies [dab22f1]
  • @​smithy/node-http-handler@​4.4.16
  • @​smithy/fetch-http-handler@​5.3.15

@​smithy/util-stream@​4.5.18

Patch Changes

• Updated dependencies [5340b11]
  • @​smithy/types@​4.13.1
  • @​smithy/fetch-http-handler@​5.3.14
  • @​smithy/node-http-handler@​4.4.15

Changelog

Sourced from @​smithy/util-stream's changelog.

4.5.19

Patch Changes

• Updated dependencies [dab22f1]
  • @​smithy/node-http-handler@​4.4.16
  • @​smithy/fetch-http-handler@​5.3.15

4.5.18

Patch Changes

• Updated dependencies [5340b11]
  • @​smithy/types@​4.13.1
  • @​smithy/fetch-http-handler@​5.3.14
  • @​smithy/node-http-handler@​4.4.15

Commits

• dfdd360 Version NPM packages
• 0bdca15 Version NPM packages
• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.56.1 to 8.57.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.57.0

8.57.0 (2026-03-09)

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

• eslint-plugin: [strict-void-return] false positives with overloads (#12055)
• eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
• eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
• eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
• eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
• typescript-estree: switch back to use ts.getModifiers() (#12034)
• typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

• Brad Zacher @​bradzacher
• Brian Schlenker @​bschlenk
• Evyatar Daud @​StyleShit
• fisker Cheung @​fisker
• James Henry @​JamesHenry
• Josh Goldberg
• Kirk Waiblinger @​kirkwaiblinger
• Moses Odutusin @​thebolarin
• Newton Yuan @​NewtonYuan
• SungHyun627 @​SungHyun627
• Younsang Na @​nayounsang

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.57.0 (2026-03-09)

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

• eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
• eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
• typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)
• eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
• eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
• eslint-plugin: [strict-void-return] false positives with overloads (#12055)

❤️ Thank You

• Brad Zacher @​bradzacher
• Brian Schlenker @​bschlenk
• Evyatar Daud @​StyleShit
• James Henry @​JamesHenry
• Josh Goldberg
• Kirk Waiblinger @​kirkwaiblinger
• Moses Odutusin @​thebolarin
• Newton Yuan @​NewtonYuan
• SungHyun627 @​SungHyun627
• Younsang Na @​nayounsang

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 2c6aeee chore(release): publish 8.57.0
• 46bf066 docs(eslint-plugin): document no-unnecessary-condition limitation with object...
• f696dad chore: use pnpm catalog (#12047)
• 2029c78 fix(eslint-plugin): [no-base-to-string] fix false positive for toString with ...
• 0f4f101 fix(eslint-plugin): [prefer-promise-reject-errors] add allow `TypeOrValueSpec...
• 53f473b fix(typescript-estree): if the template literal is tagged and the text has an...
• 2291b81 docs: minor grammar adjustment (#12112)
• fc5cd09 fix(eslint-plugin): guard against negative paramIndex in no-useless-default-a...
• adc2aad fix(eslint-plugin): handle statically analyzable computed keys in prefer-read...
• 85badff fix(eslint-plugin): [strict-void-return] false positives with overloads (#12055)
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.56.1 to 8.57.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.57.0

8.57.0 (2026-03-09)

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

• eslint-plugin: [strict-void-return] false positives with overloads (#12055)
• eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
• eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
• eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
• eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
• typescript-estree: switch back to use ts.getModifiers() (#12034)
• typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

• Brad Zacher @​bradzacher
• Brian Schlenker @​bschlenk
• Evyatar Daud @​StyleShit
• fisker Cheung @​fisker
• James Henry @​JamesHenry
• Josh Goldberg
• Kirk Waiblinger @​kirkwaiblinger
• Moses Odutusin @​thebolarin
• Newton Yuan @​NewtonYuan
• SungHyun627 @​SungHyun627
• Younsang Na @​nayounsang

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.57.0 (2026-03-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 2c6aeee chore(release): publish 8.57.0
• f696dad chore: use pnpm catalog (#12047)
• a09921e chore: update vitest to 4.x (#12071)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

tests: Run #617

Tests 📝	Passed ✅	Failed ❌	Skipped ⏭️	Pending ⏳	Other ❓	Flaky 🍂	Duration ⏱️
172	171	0	0	1	0	0	27.6s

🎉 All tests passed!

Github Test Reporter