build(deps): bump @whiskeysockets/baileys from 7.0.0-rc.9 to 7.0.0-rc12 in /extensions/whatsapp

[dependabot]

Bumps @whiskeysockets/baileys from 7.0.0-rc.9 to 7.0.0-rc12.

Release notes

Sourced from @​whiskeysockets/baileys's releases.

v7.0.0-rc12

7.0.0-rc12

This version patches the security flaw addressed in GHSA-qvv5-jq5g-4cgg. Please exercise extreme caution and upgrade to the latest version or latest legacy version (6.7.22).

v7.0.0-rc11

A quick release meant to pin the libsignal pipeline to the NPM registry. The release also includes a small bug fix for old VPSes lacking SIMD support for the WASM. We moved Baileys's dep from git to NPM:

1. This should remove the need to install git to install baileys.
2. This should increase code transparency & security as libsignal now goes under the same Trusted Publishing and Provenance as Baileys rc10.

Read the full rc10 patch notes here: https://github.com/WhiskeySockets/Baileys/releases/tag/v7.0.0-rc10

We are working on migrating away from the libsignal dep as soon as possible to our own Rust-based equivalent to prevent licensing issues. Note that libsignal is in GPLv3 but Baileys is under MIT (Adhiraj left us a mess 😓).

v7.0.0-rc10

Since September, I've been working really hard on version 7. This is a really important version for Baileys. We introduced ESM, modernized the syntax and DX a lot compared to previous versions and been shipping stability fix after another. We faced a lot of challenges: LIDs, restrictions, WAM, warnings, bans, random logouts, decryption & encryption errors to name a few.

It is now, that I'm proud to announce, our biggest release yet:

VERSION 7.0.0-rc10 THE FINAL RELEASE CANDIDATE.

This is the largest release since we started the WhiskeySockets fork. Baileys hasn't been released since November 21, 2025, for a period of over 5 months.

Key changes include since rc9:

• Stability fixes for resending messages. @​YonkoSam
• Proper phone requests for missing messages @​jlucaso1
• improved media upload handling @​jlucaso1
• Mutex redesign @​Santosl2
• memory leaks fixes (down a lot, tested on prod and refined since then, we have decreased spikes immediately as of rc10 with shorter mem growth graphs, aiming to resolve entirely by v7). Multiple PRs of work by @​yonkosam @​purpshell @​jlucaso1
• improved offline node batching @​Santosl2
• improvements to the app state logic @​vinikjkkj @​purpshell @​jlucaso1 across multiple PRs
• Member labels support @​Santosl2
• Reporting tokens support @​jlucaso1
• wire consistencies @​gusquadri @​vinikjkkj
• FB and interop JID support for incoming Interoperability EU APIs @​vinikjkkj
• Encryption failures handling @​vinikjkkj
• Long data type handling in new WAProto structure (no need for silly hydrate function anymore) by @​jlucaso1
• Sending of TC (Trusted Contact) Tokens upon outgoing message, profile update, presence subscribe and more. @​Santosl2 @​jlucaso1
• Message type function revamp @​purpshell
• critical mem leak discovery @​YonkoSam
• Fix connection deadlocks @​purpshell
• Fix race condition (detected by Bartender!) @​jlucaso1
• LID<->PN Mappings from contactAction, historySync, and more @​jlucaso1
• Caching the children of getBinaryNodeChildren calls to ACHIEVE A 30X return on speed during binary children lookups. All optimized with WeakMap so the garbage collector knows when to clean it. @​purpshell
• Changed shouldSyncHistoryMessage behavior and enriched Contact data types across all that produces them, so they are consistent across the library and lack no data @​purpshell
• Fix for ghost sessions!! Discovered partly with bartender @​jlucaso1
• Unified session telemetry @​Santosl2
• Rust App state sync @​jlucaso1
• Caching and batching overhaul @​jlucaso1

... (truncated)

Changelog

Sourced from @​whiskeysockets/baileys's changelog.

7.0.0-rc12 (2026-05-20)

Bug Fixes

• process-message: only drop self-only protocolMessages from non-self senders (3beb08e)

Commits

• 1aee6ed chore(release): v7.0.0-rc12
• 3beb08e fix(process-message): only drop self-only protocolMessages from non-self senders
• 28ca087 fix: guard fetch dispatcher option (#2557)
• 988a34f chore(release): v7.0.0-rc11
• 25bc999 Fix release and move to NPM based libsignal
• 6cb7d34 feat: expose group online count in presence updates (#2545)
• a263cb0 chore: bump whatsapp-rust-bridge@0.5.4 to support non simd (#2542)
• dfad98f fix release
• 04f6d70 ci: Update publishing to use Trusted Publishers
• 42c19c7 chore(release): v7.0.0-rc10
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​whiskeysockets/baileys since your current version.

Install script changes

This version adds preinstall, prepare scripts that run during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.