fix(deps): update dependency @faker-js/faker to version 10.x 🌟 (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@faker-js/faker (source)	6.1.2 → 10.4.0
dotenv	16.0.0 → 17.3.1
fuse.js (source)	6.5.3 → 7.1.0
husky	7.0.4 → 9.1.7
jwks-rsa	2.0.5 → 4.0.1
lowdb	1.0.0 → 7.0.1
start-server-and-test	1.14.0 → 3.0.0
uuid	8.3.2 → 13.0.0
yup	0.32.11 → 1.7.1

---

Release Notes

faker-js/faker (@​faker-js/faker)

v10.4.0

Compare Source

New Locales

• locale: add Japanese bear definitions (#​3720) (2a4b15c)
• locale: add Japanese bird definitions (#​3719) (dc31ff8)
• locale: add Japanese cat breed definitions (#​3716) (54af8a8)
• locale: add Japanese cattle breed definitions (#​3717) (c2c7342)
• locale: add Japanese fish definitions (#​3721) (15fc361)
• locale: add Japanese horse breed definitions (#​3718) (e02536e)
• locale: add Norwegian (nb_NO) country definition (#​3714) (614b4e9)

Features

• fi locale phone numbers (#​3747) (7afa8b5)
• food: add plant-based dish variety (#​3745) (41edf49)

Changed Locales

• locale: filter and cleanup PersonEntryDefintions data (#​3266) (67defc8)

Bug Fixes

• locales: correct typos and capitalization in es_MX street names (#​3737) (2b32c28)

v10.3.0

Compare Source

New Locales

• locale: add Japanese dog definition (#​3715) (76c9df1)
• locale: add Japanese color definitions (#​3707) (bbbb215)
• locale: add Japanese food module (#​3706) (71d55c0)
• locale: add Japanese internet definitions (#​3708) (184a709)
• locale: add Japanese job definitions for person module (#​3705) (e7f3ccd)
• locale: add Japanese suffix definitions for person module (#​3704) (45ad7d8)
• locale: add Norwegian (nb_NO) continent definitions (#​3712) (c0f0f23)
• locale: add Norwegian (nb_NO) direction definition (#​3713) (43b18fa)
• locale: add Norwegian (nb_NO) sex definitions (#​3710) (76063f2)
• locale: add Norwegian (nb_NO) vehicle definition (#​3732) (d1c32b0)

Features

• locales: add Norwegian (nb_NO) zodiac sign definitions (#​3711) (e306542)
• person: sexType can return 'generic' (#​3259) (0e099a1)
• string: support uuid v7 (#​3701) (87c2753)

Changed Locales

• locale: normalize system locale data (#​3702) (ba91653)

Bug Fixes

• locale: remove empty string from Hebrew lorem words (#​3698) (81a896c)
• location: state name to 'Trøndelag' for nb_NO (#​3691) (eaef389)

v10.2.0

Compare Source

New Locales

• locale: add bn_BD location module (#​3614) (99a448c)
• locale: add counties & states to nb_NO location (#​3617) (3dbcbe1)
• locale: add da states (regions) (#​3656) (78c892b)
• locale: add id_ID translation for animal, color, commerce, and word also add country to location id_ID translation. (#​3608) (02c2c3e)
• locale: add ku_kmr_latin locale (#​3629) (247f42d)
• locale: add person module data to ku_ckb (#​3630) (6be2c20)

Features

• Add support for UPC (#​3648) (57b2d78)
• commerce: allow for locale-specific product name patterns (#​3657) (1cf3991)
• finance: add IR iban (#​3678) (101a74a)
• locales: add sl_SI locale, person module (#​3564) (e7c9945)
• location: Hungarian support for city name, full street address, continents, countries and directions (hu) (#​3618) (2c9aefd)

Bug Fixes

• food: move raspberry from vegetable to fruit (#​3650) (6a4f01f)
• locale: endonym should be in Latin script (#​3660) (4cda07f)
• locale: remove additional inappropriate words from ja locale (#​3665) (18a1554)
• locale: remove offensive and inappropriate words from ja locale (#​3661) (8310c8c)
• locale: remove some negative hu words (#​3664) (bd36bae)
• location: Use accents in en country names (#​3637) (24aa11f)
• vehicle: Updated spelling Mercielago to Murcielago (#​3636) (bfb1bdb)

v10.1.0

Compare Source

New Locales

• locale: Add ku_ckb locale (#​3441) (9de894a)
• locale: add Russian localization for book module (#​3628) (428ff33)

Bug Fixes

• locale: fix the Spring Airlines IATA Code (#​3612) (b547045)

v10.0.0

Compare Source

New Locales

• locale: extended list of colors in Polish (#​3586) (9940d54)

Features

• locales: add animal vocabulary(bear, bird, cat, rabbit, pet_name) in Korean (#​3535) (0d2143c)

Changed Locales

• locale: remove invalid credit card issuer patterns (#​3568) (9783d95)

v9.9.0

Compare Source

New Locales

• locale: add word data to pt_br and pt_pt locales (#​3531) (a405ac8)

Features

• location: simple coordinate methods (#​3528) (d07d96d)

v9.8.0

Compare Source

New Locales

• locale: Add additional Japanese last names to the locale data (#​3484) (72e66c3)
• locale: add Japanese date and month definitions (#​3492) (b70e793)
• locale: add Japanese science locale data including elements and units (#​3491) (54fd551)
• locale: add Japanese sex definitions for person locale (#​3495) (1dbd8fa)
• locale: add vehicle locale data for Japanese (#​3490) (dfadb1d)
• locale: add zh_CN book (#​3477) (786a3d0)
• locale: add zh_CN food (#​3479) (6c883e7)
• locale: update Japanese company categories (#​3489) (8c0953a)
• locale: update zh_CN animal (#​3480) (38ee7b8)
• locale: update zh_CN location (#​3481) (456f102)
• locale: update zh_CN word (#​3478) (aa98867)

Changed Locales

• locale: ko state data update (#​3487) (b611ec2)
• locale: normalize internet data (#​3502) (e6151e4)
• locale: rename pt-BR streetSuffix to streetPrefix (#​3493) (7c23db3)

Bug Fixes

• locale: correct Japanese country names (#​3510) (046bb81)
• locale: correct the name of element Lv in Japanese (#​3509) (6a7ef4c)
• locale: ko modified street_name to street_name_part (#​3485) (c15da8e)

v9.7.0

Compare Source

New Locales

• locale: Add bn_BD locale (#​3439) (fef0ad7)
• locale: add cy locale, start with date (#​3462) (f70a6f7)
• locale: add finance support for ja locale (#​3449) (b2c5298)
• locale: add localize sex support for zh_CN & zh_TW (#​3450) (048c325)
• locale: add Tamil language support (#​3468) (cdf6dc4)

Bug Fixes

• airline: Air France and KLM Royal Dutch Airlines (#​3440) (8a2d168)
• iban: more strict pattern for IE and PS (#​3464) (7b12056)
• locale: rename ja and zh_CN company affix files (#​3448) (1e551c5)
• number: don't ignore multipleOf in float when min=max (#​3417) (e4cc4e5)

v9.6.0

Compare Source

Features

• finance: add ISO 4217 numerical codes to Currency (#​3404) (ae9aec6)
• number: bigint multipleOf (#​3402) (7b4f85a)

v9.5.1

Compare Source

Bug Fixes

• test before using Buffers (#​3400) (ec7c9a8)

v9.5.0

Compare Source

Features

• image: add AI-generated avatars (#​3126) (9e13953)

v9.4.0

Compare Source

Features

• finance: use fake patterns for transactionDescription (#​3202) (5ec4a6c)
• internet: update to simplified modern user-agent list (#​3324) (3c7abb5)
• location: add list of spoken languages (#​3333) (ff6dda9)

Changed Locales

• locale: fix various locale data with trailing spaces (#​3329) (e5eec0e)
• locale: improve product_name data in en and tr (#​3372) (773fc1f)

Bug Fixes

• animal: re-moo-ved some incorrect cow data (#​3326) (47f835b)
• basic wildcard range handling + add more tests (#​3322) (817f8a0)
• finance: update Discover card number format to ensure accuracy (#​3336) (69c0063)
• image: dataUri should return random type (#​3347) (eceb17d)
• locales: update chemical element names in zh_CN (#​3371) (6ec6f84)
• location: fix bad uz street_name_part data (#​3328) (b6132cb)
• music: fix truncated song names with commas (#​3327) (f36fc71), closes #​996
• system: semver parts should not be limited to 0-9 (#​3349) (c0d92b8)

v9.3.0

Compare Source

Features

• add initial seed parameter to constructors (#​3220) (1633c8d)

Changed Locales

• locale: improve zh_CN vehicle manufacturers (#​3254) (9abaed1)
• locale: lowercase Mexican color names (#​3200) (0d85075)
• locale: sort person data (#​3269) (01e20e9)
• locale: split en_AU_ocker first_names by sex (#​3270) (b0a5ad3)
• locale: split up Spanish generic first names (#​3279) (5d5fe30)
• locale: update Polish city name (#​3306) (53441b7)

Bug Fixes

• internet: ensure domainWord always returns a valid value in all locales (#​3253) (525fedc)
• locale: add Isadora to female names in pt_BR for consistency (#​3282) (b390432)
• locale: fix incorrect accents in it first_name (#​3281) (e0fb23e)

v9.2.0

Compare Source

Features

• animal: add petName method (#​3196) (c02beea)
• number: add romanNumeral method (#​3070) (72937de)

Changed Locales

• locale: improve Spanish color names (#​3230) (99d81be)

v9.1.0

Compare Source

New Locales

• locale: add books on pt_br (#​3218) (af1dbcd)
• locale: add Swedish(sv) counties (#​3154) (67569d9)

Features

• add book module (#​2949) (2f93d9d)
• commerce: more varied product descriptions (#​3174) (ba4ef9a)
• internet: add jwt method (#​2936) (e3858f2)
• internet: improve ipv4 method (#​2992) (a5a6c5b)
• location: add continent method (#​3162) (4056ab0)
• string: adds support for generating ULID (#​2524) (5b1c858)

Changed Locales

• locale: enhance en vehicle manufacturers (#​3187) (858f8d0)
• locale: modernise buzz- and catch-phrases (#​2930) (247c86f)
• locale: remove inaccessible files (#​3205) (89b695c)
• locale: trim excessive Croatian last names (#​3204) (18e59aa)

Bug Fixes

• food: use arrayElement instead of fake for adjective (#​3178) (a8dfa2f)
• location: fix US ZIP code anomalies for zipCode({state}) (#​3180) (df59724)
• location: update valid ZIP ranges for FL and VA (#​3167) (e271d4a)

v9.0.3

Compare Source

Changed Locales

• locale: update french legal entity types (#​3142) (d6bceb6)

Bug Fixes

• image: fix dataUri with type svg-base64 in browsers (#​3144) (78b2a3a)

v9.0.2

Compare Source

Bug Fixes

• locale: improve pt_PT location and person data (#​3020) (3e47ee7)

v9.0.1

Compare Source

Bug Fixes

• emit cts types (#​3093) (53ef42c)

v9.0.0

Compare Source

No noteworthy changes to 9.0.0-rc.1

For those upgrading from earlier versions, please refer to our Migration Guide for detailed instructions.

v8.4.1

Compare Source

• JSDocs improvements

v8.4.0

Compare Source

Features

• helpers: add support for complex intermediate types (#​2550) (24482a3)
• number: add parameter fractionDigits in float (#​1855) (41d8778)
• person: add job titles for fr (#​2531) (ba28ab6)

Bug Fixes

• finance: correct VG IBAN format (#​2552) (b8049d1)
• internet: username method to return value that always includes… (#​2506) (0ee1c67)
• locale: incomplete airline names in zh_CN (#​2558) (5525b55)
• number: improve float generation for precisions of form 10^-n (#​2581) (39c715d)

8.3.1 (2023-11-14)

Bug Fixes

• remove [@internal](https://redirect.github.com/internal) from module parent classes (#​2548) (77f54ad)

v8.3.1

Compare Source

v8.3.0

Compare Source

Features

• person: use fake patterns for jobTitle (#​2528) (b40ad45)

Bug Fixes

• date: ensures correct range for birthdate (#​2535) (7ce8c28)
• finance: maskedNumber has incorrect defaults (#​2494) (e0ba50b)
• locale: improve Swedish phone numbers format (#​2520) (e4865df)

Changed Locales

• locale: remove fr_CH data which is identical to fr (#​2526) (fafcba4)

New Locales

• locale: add person to fr_SN (#​2537) (ef965da)
• locale: add Senegal locale (#​2525) (6df70bc)
• locale: add streets to location fr_SN (#​2536) (36fc517)
• locale: and location to fr_SN (#​2533) (f730125)

v8.2.0

Compare Source

Features

• support custom randomizer (#​2284) (5410239)

Bug Fixes

• docs: revert filter code that breaks search in docs (#​2425) (c498c09)
• locale: Dutch phone number (#​2400) (005369b)

New Locales

• locale: add airline database science commerce and vehicle for zh_CN (#​2395) (9c96c0a)
• locale: add street_name to en_US, en_GB and en (#​2371) (491d319)
• locale: add unionpay credit card for zh_CN (#​2338) (74eeccc)

v8.1.0

Compare Source

Features

• color: migrate hu human colors (#​2157) (19635a7)
• commerce: add method for generating ISBN-10 and ISBN-13 (#​2240) (cb4ef28)
• image: add image dataUri with base64 (#​2273) (869b9b4)
• location: add en_IE postcodes (#​2149) (e92c313)
• location: add ne postcodes (#​2148) (36d1d3a)
• location: add states for mk (#​2271) (1b3e5eb)
• location: add states for pt_PT (#​2269) (a4631db)
• location: add states for sr_RS_latin (#​2270) (1de471f)
• location: es province should be county (#​2156) (bbda1d7)
• location: fi addresses (#​2146) (1da6785)
• location: Support ISO 3166-1 numeric country codes (#​2325) (82b779d)
• location: update en county list (#​2238) (6bb4775)
• lorem: seed AR lorem (#​2147) (6137801)
• metadata: add method to access metadata (#​2143) (fd8cfe5)
• split SimpleFaker class from Faker (#​2369) (d6a4f8c)

Bug Fixes

• helpers: prevent uniqueArray from hanging (#​2239) (3dece09)
• image: dataUri is not random (#​2316) (a7d25fa)
• locale: invalid date definitions (#​2293) (3cecae9)
• locale: limited ja first names without passing sex (#​2190) (5de8874)
• locale: remove continent from ja countries (#​2194) (cdd162a)
• locale: remove duplicated countries in ja locale (#​2189) (785a38a)
• location: avoid hyphenated surnames in city patterns (#​2119) (7a4bb43)
• location: Czech postcode format (#​2268) (37898ca)
• location: Dutch postal codes can never start with '0' (#​2326) (f195e06)
• location: Pad en_US ZIP codes left to 5 characters if needed (#​2278) (0ca1e44)
• remove unrelated from de_CH country codes (#​2304) (aa1bb13)
• test: fix imports for jsdocs example verification (#​2281) (2fe1308)
• test: typedoc signature test issues (#​2280) (02fc7ca)

Changed Locales

• locale: cs_CZ state_abbr not applicable (#​2140) (e86f3b6)

New Locales

• locale: add bio, animal, word, music for zh_CN (#​2332) (8e4ea67)
• locale: add company name to zh_CN (#​2203) (c3b540f)
• locale: add da person category (#​2331) (466b804)
• locale: add database for German (de) (#​2226) (ee12c32)
• locale: add direction to ja (#​2191) (2fa60de)
• locale: add Dutch province abbreviations (#​2232) (4a15bd0)
• locale: add Esperanto (#​2230) (d91057d)
• locale: add finance module for zh_CN (#​2370) (aea4c9b)
• locale: add GB subdivision codes (#​2233) (5eec65f)
• locale: add hacker for zh_CN (#​2337) (9176fcb)
• locale: add minimal da locale, start with location (#​2324) (c158b38)
• locale: add person data for yo locale (#​2363) (76886ad)
• locale: add states for Croatia (hr) (#​2142) (8a6ce49)
• locale: add states for Turkey (tr) (#​2231) (2afa23f)
• locale: add states to vi locale and fix city name (#​2128) (bc2aaab)
• locale: add word category for da (#​2359) (8e5bc22)
• locale: added commerce and company data for da (#​2378) (604d52d)
• locale: added word and music to Farsi (#​2210) (7687511)
• locale: fix wide month and add music for zh_CN (#​2380) (501602b)
• locale: improve persons and locations for zh_CN (#​2318) (87d3423)
• locale: improve zh_TW (#​2320) (c5dfe27)
• locale: support color and date for zh_CN (#​2223) (6736cbf)
• locale: update Dutch locale (nl) (#​2237) (12a511c)

8.0.2 (2023-05-27)

Bug Fixes

• git: limit need for Intl to specific method (#​2172) (a5e73f8)
• locale: en_HK last_name_patterns should be last_name_pattern (#​2154) (03cc391)
• locale: ro_MD city should be city_pattern (#​2155) (c173150)

v8.0.2

Compare Source

v8.0.1

Compare Source

• docs: switch doc links to stable (#​2152) (8f741bd)

v8.0.0

Compare Source

Bug Fixes

• docs: fix faker v7 code example for locale migration (#​2125) ([b570461](https:/

---

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

Note

Medium Risk
This is a dependency-only PR, but it includes several major upgrades (notably jwks-rsa, lowdb, yup, uuid, @faker-js/faker) that can introduce runtime or authentication-breaking changes despite no app code updates.

Overview
Upgrades multiple runtime and dev dependencies, including major bumps for @faker-js/faker (6→10), uuid (8→13), yup (0.32→1.7), lowdb (1→7), jwks-rsa (2→4), plus updates to dotenv, fuse.js, husky, and start-server-and-test.

Regenerates yarn.lock accordingly, pulling in new/updated transitive packages (e.g., jose 6, lru-memoizer 3, wait-on 9 and its newer axios/joi stack).

^{Written by Cursor Bugbot for commit 74c232c. This will update automatically on new commits. Configure here.}

[cypress-app-bot]

See the guidelines for reviewing dependency updates for info on how to review dependency update PRs.

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

lowdb v7 completely breaks backend database layer

High Severity

Upgrading lowdb from 1.0.0 to 7.0.1 without updating backend/database.ts will completely break the application. The code imports low from "lowdb" and FileSync from "lowdb/adapters/FileSync", then uses a lodash-chain API (db.get().push().write(), db.setState(), etc.). lowdb v2+ is pure ESM with a completely different API — no low() function, no FileSync adapter, and no chaining. Every database operation in the backend will fail at import time.

 

[cursor]

Faker v10 removes all APIs used in seed generation

High Severity

Upgrading @faker-js/faker from 6.1.2 to 10.4.0 without updating source code breaks seed data generation and tests. The code calls many APIs removed in v8: faker.random.uuid(), faker.name.firstName(), faker.name.lastName(), faker.helpers.randomize(), faker.random.number(), faker.company.companyName(), faker.phone.phoneNumberFormat(), faker.finance.account(), and faker.finance.amount(min, max) with positional args (now requires an options object).

 

[cursor]

jwks-rsa v4 incompatible with express-jwt v6

High Severity

Upgrading jwks-rsa from 2.0.5 to 4.0.1 while keeping express-jwt at 6.1.2 creates an incompatibility. backend/helpers.ts uses jwksRsa.expressJwtSecret() with express-jwt v6's callback-based secret provider pattern. jwks-rsa v3+ changed expressJwtSecret to return a Promise-based function designed for express-jwt v7+, which uses a different (req, token) signature instead of the old (req, header, payload, cb) callback pattern.