From 24382e0e14946d33e90a9c96fc577aca50d1e5f2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Mar 2026 19:55:04 +0000
Subject: [PATCH] Bump convict from 6.2.4 to 6.2.5 (#7293)

* Bump convict from 6.2.4 to 6.2.5

Bumps [convict](https://github.com/mozilla/node-convict) from 6.2.4 to 6.2.5.
- [Changelog](https://github.com/mozilla/node-convict/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mozilla/node-convict/commits)

---
updated-dependencies:
- dependency-name: convict
  dependency-version: 6.2.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* note

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matt Fiddaman <github@m.fiddaman.uk>
---
 packages/sync-server/package.json |  2 +-
 upcoming-release-notes/7293.md    |  6 ++++++
 yarn.lock                         | 10 +++++-----
 3 files changed, 12 insertions(+), 6 deletions(-)
 create mode 100644 upcoming-release-notes/7293.md

diff --git a/packages/sync-server/package.json b/packages/sync-server/package.json
index 4249e05795..de5cfb8045 100644
--- a/packages/sync-server/package.json
+++ b/packages/sync-server/package.json
@@ -33,7 +33,7 @@
     "@actual-app/web": "workspace:*",
     "bcrypt": "^6.0.0",
     "better-sqlite3": "^12.6.2",
-    "convict": "^6.2.4",
+    "convict": "^6.2.5",
     "cors": "^2.8.6",
     "date-fns": "^4.1.0",
     "debug": "^4.4.3",
diff --git a/upcoming-release-notes/7293.md b/upcoming-release-notes/7293.md
new file mode 100644
index 0000000000..1f3181fb08
--- /dev/null
+++ b/upcoming-release-notes/7293.md
@@ -0,0 +1,6 @@
+---
+category: Maintenance
+authors: [dependabot]
+---
+
+Bump convict from 6.2.4 to 6.2.5
diff --git a/yarn.lock b/yarn.lock
index 136077c6b7..31e0fc76bf 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -202,7 +202,7 @@ __metadata:
     "@typescript/native-preview": "npm:^7.0.0-dev.20260309.1"
     bcrypt: "npm:^6.0.0"
     better-sqlite3: "npm:^12.6.2"
-    convict: "npm:^6.2.4"
+    convict: "npm:^6.2.5"
     cors: "npm:^2.8.6"
     date-fns: "npm:^4.1.0"
     debug: "npm:^4.4.3"
@@ -13749,13 +13749,13 @@ __metadata:
   languageName: node
   linkType: hard
 
-"convict@npm:^6.2.4":
-  version: 6.2.4
-  resolution: "convict@npm:6.2.4"
+"convict@npm:^6.2.5":
+  version: 6.2.5
+  resolution: "convict@npm:6.2.5"
   dependencies:
     lodash.clonedeep: "npm:^4.5.0"
     yargs-parser: "npm:^20.2.7"
-  checksum: 10/d4b9c50dcddf4b5da7a80c1d99d1cfae8a47d78d291f0cc11637ab25b6b4515f5f0e9029abd45bcc30cc3e33032aa8814ead22142b4563c4e4959d2e56bdf1ae
+  checksum: 10/998fce29b699aa07eb6128b9f2b0833af3d3f5df96b6d775d5c44ae5d56f07d9a87b1cacc79e04db3ebd47037463218698fec30331cfa63e44e0c4e7f331c863
   languageName: node
   linkType: hard