Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump the npm_and_yarn group across 1 directory with 8 updates

Open
Number: #1
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: None
Comments: 0
Created: October 07, 2025 at 04:34 AM UTC
(about 2 months ago)
Updated: October 07, 2025 at 04:34 AM UTC
(about 2 months ago)
Labels:
dependencies javascript
Description:

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package From To
vite 6.1.0 6.3.6
@babel/helpers 7.26.7 7.28.4
@eslint/plugin-kit 0.2.5 0.2.8
brace-expansion 1.1.11 1.1.12
form-data 4.0.1 4.0.4
hono 4.7.0 4.9.10

Updates vite from 6.1.0 to 6.3.6

Release notes

Sourced from vite's releases.

v6.3.6

Please refer to CHANGELOG.md for details.

v6.3.5

Please refer to CHANGELOG.md for details.

v6.3.4

Please refer to CHANGELOG.md for details.

v6.3.3

Please refer to CHANGELOG.md for details.

v6.3.2

Please refer to CHANGELOG.md for details.

create-vite@6.3.1

Please refer to CHANGELOG.md for details.

v6.3.1

Please refer to CHANGELOG.md for details.

create-vite@6.3.0

Please refer to CHANGELOG.md for details.

v6.3.0

Please refer to CHANGELOG.md for details.

v6.3.0-beta.2

Please refer to CHANGELOG.md for details.

v6.3.0-beta.1

Please refer to CHANGELOG.md for details.

v6.3.0-beta.0

Please refer to CHANGELOG.md for details.

v6.2.7

Please refer to CHANGELOG.md for details.

v6.2.6

Please refer to CHANGELOG.md for details.

v6.2.5

Please refer to CHANGELOG.md for details.

v6.2.4

Please refer to CHANGELOG.md for details.

v6.2.3

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.3.6 (2025-09-08)

6.3.5 (2025-05-05)

6.3.4 (2025-04-30)

  • fix: check static serve file inside sirv (#19965) (c22c43d), closes #19965
  • fix(optimizer): return plain object when using require to import externals in optimized dependenci (efc5eab), closes #19940
  • refactor: remove duplicate plugin context type (#19935) (d6d01c2), closes #19935

6.3.3 (2025-04-24)

  • fix: ignore malformed uris in tranform middleware (#19853) (e4d5201), closes #19853
  • fix(assets): ensure ?no-inline is not included in the asset url in the production environment (#1949 (16a73c0), closes #19496
  • fix(css): resolve relative imports in sass properly on Windows (#19920) (ffab442), closes #19920
  • fix(deps): update all non-major dependencies (#19899) (a4b500e), closes #19899
  • fix(ssr): fix execution order of re-export (#19841) (ed29dee), closes #19841
  • fix(ssr): fix live binding of default export declaration and hoist exports getter (#19842) (80a91ff), closes #19842
  • perf: skip sourcemap generation for renderChunk hook of import-analysis-build plugin (#19921) (55cfd04), closes #19921
  • test(ssr): test ssrTransform re-export deps and test stacktrace with first line (#19629) (9399cda), closes #19629

6.3.2 (2025-04-18)

6.3.1 (2025-04-17)

... (truncated)

Commits

Updates @babel/helpers from 7.26.7 to 7.28.4

Release notes

Sourced from @​babel/helpers's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

:house: Internal

Committers: 5

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

:bug: Bug Fix

:nail_care: Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

:memo: Documentation

:house: Internal

:microscope: Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.28.4 (2025-09-05)

:house: Internal

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

:bug: Bug Fix

:nail_care: Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

:memo: Documentation

:house: Internal

:microscope: Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

:bug: Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

:bug: Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

:memo: Documentation

... (truncated)

Commits

Updates @eslint/plugin-kit from 0.2.5 to 0.2.8

Release notes

Sourced from @​eslint/plugin-kit's releases.

plugin-kit: v0.2.8

0.2.8 (2025-04-01)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.12.0 to ^0.13.0

plugin-kit: v0.2.7

0.2.7 (2025-02-21)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.11.0 to ^0.12.0

plugin-kit: v0.2.6

0.2.6 (2025-01-31)

Bug Fixes

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.10.0 to ^0.11.0
Changelog

Sourced from @​eslint/plugin-kit's changelog.

0.2.8 (2025-04-01)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.12.0 to ^0.13.0

0.2.7 (2025-02-21)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.11.0 to ^0.12.0

0.2.6 (2025-01-31)

Bug Fixes

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.10.0 to ^0.11.0
Commits

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12

Commits

Updates esbuild from 0.24.2 to 0.25.10

Release notes

Sourced from esbuild's releases.

v0.25.10

  • Fix a panic in a minification edge case (#4287)

    This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

    function identity(x) { return x }
identity({ y: identity(123) })

  • Fix @supports nested inside pseudo-element (#4265)

    When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

    The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

    However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

    /* Original code */
::placeholder {
  color: red;
  body & { color: green }
  @supports (color: blue) { color: blue }
}

    /* Old output (with --supported:nesting=false) */
    
::placeholder {
    
color: red;
    
}
    
body :is() {
    
color: green;
    
}
    
@​supports (color: blue) {
    
{
    
color: blue;
    
}
    
}
    

    /* New output (with --supported:nesting=false) */
    
::placeholder {
    
color: red;
    
}
    
body :is() {
    
color: green;
    
}
    
@​supports (color: blue) {
    
::placeholder {
    
color: blue;
    
}

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

Commits

Updates form-data from 4.0.1 to 4.0.4

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

Fixed

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

Fixed

Commits

  • Merge tags v2.5.3 and v3.0.3 92613b9
  • [Tests] migrate from travis to GHA 806eda7
  • [Tests] migrate from travis to GHA 8fdb3bc

... (truncated)

Commits
  • 41996f5 v4.0.4
  • 316c82b [meta] actually ensure the readme backup isn’t published
  • 2300ca1 [meta] fix readme capitalization
  • 811f682 [meta] add auto-changelog
  • 5e34080 [Tests] fix linting errors
  • 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
  • 58c25d7 [Dev Deps] update @ljharb/eslint-config
  • 3d17230 [Fix] Switch to using crypto random for boundary values
  • d8d67dc v4.0.3
  • e6e83cc [meta] remove local commit hooks
  • Additional commits viewable in compare view

Updates hono from 4.7.0 to 4.9.10

Release notes

Sourced from hono's releases.

v4.9.10

What's Changed

Full Changelog: https://github.com/honojs/hono/compare/v4.9.9...v4.9.10

v4.9.9

What's Changed

New Contributors

Full Changelog: https://github.com/honojs/hono/compare/v4.9.8...v4.9.9

v4.9.8

What's Changed

New Contributors

Full Changelog: https://github.com/honojs/hono/compare/v4.9.7...v4.9.8

v4.9.7

Security

  • Fixed an issue in the bodyLimit middleware where the body size limit could be bypassed when both Content-Length and Transfer-Encoding headers were present. If you are using this middleware, please update immediately. Security Advisory

What's Changed

New Contributors

Full Changelog: https://github.com/honojs/hono/compare/v4.9.6...v4.9.7

v4.9.6

Security

... (truncated)

Commits
  • cc8868d 4.9.10
  • 38f756d fix(aws-lambda): sanitize non-ASCII header values to prevent ByteString error...
  • e3bf8c8 fix(context): Fix #4427 type regression by removing non-public export JSONRes...
  • 16eb882 4.9.9
  • 81bda2e feat(helper/route): enable to get route path at specific index (#4423)
  • 393ded9 fix(service-worker): correct generics for handle (#4421)
  • 3f89b6f fix(service-worker): Update service-worker fire() to accept generic variants ...
  • ba98aa2 4.9.8
  • 3fe60f1 fix(request): return empty string for empty catch-all param (#4395)
  • 9987081 refactor(types): fix the type definitions in hono-base (#4407)
  • Additional commits viewable in compare view

Updates sha.js from 2.4.11 to 2.4.12

Changelog

Sourced from sha.js's changelog.

v2.4.12 - 2025-07-01

Commits

  • [eslint] switch to eslint 7acadfb
  • [meta] add auto-changelog b46e711
  • [eslint] fix package.json indentation df9d521
  • [Tests] migrate from travis to GHA c43c64a
  • [Fix] support multi-byte wide typed arrays f2a258e
  • [meta] reorder package.json d8d77c0
  • [meta] add npmignore 35aec35
  • [Tests] avoid console logs 73e33ae
  • [Tests] fix tests run in batch 2629130
  • [Tests] drop node requirement to 0.10 00c7f23
  • [Dev Deps] update buffer, hash-test-vectors, standard, tape, typedarray 92b5de5
  • [Tests] drop node requirement to v3 9b5eca8
  • [meta] set engines to &gt;= 4 807084c
  • Only apps should have lockfiles c72789c
  • [Deps] update inherits, safe-buffer 5428cfc
  • [Dev Deps] update @ljharb/eslint-config 2dbe0aa
  • update README to reflect LICENSE 8938256
  • [Dev Deps] add missing peer dep d528896
  • [Dev Deps] remove unused buffer dep 94ca724
Commits
  • eb4ea2f v2.4.12
  • d8d77c0 [meta] reorder package.json
  • df9d521 [eslint] fix package.json indentation
  • 35aec35 [meta] add npmignore
  • d528896 [Dev Deps] add missing peer dep
  • b46e711 [meta] add auto-changelog
  • 94ca724 [Dev Deps] remove unused buffer dep
  • 2dbe0aa [Dev Deps] update @ljharb/eslint-config
  • 73e33ae [Tests] avoid console logs
  • f2a258e [Fix] support multi-byte wide typed arrays
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for sha.js since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabo...

Description has been truncated

Pull Request Statistics
Commits:
1
Files Changed:
2
Additions:
+494
Deletions:
-302
Package Dependencies
Package:
@babel/helpers
Ecosystem:
npm
Version Change:
7.26.7 → 7.28.4
Update Type:
Minor
Package:
vite
Ecosystem:
npm
Version Change:
6.1.0 → 6.3.6
Update Type:
Minor
Package:
form-data
Ecosystem:
npm
Version Change:
4.0.1 → 4.0.4
Update Type:
Patch
Package:
hono
Ecosystem:
npm
Version Change:
4.7.0 → 4.9.10
Update Type:
Minor
Package:
@eslint/plugin-kit
Ecosystem:
npm
Version Change:
0.2.5 → 0.2.8
Update Type:
Patch
Package:
brace-expansion
Ecosystem:
npm
Version Change:
1.1.11 → 1.1.12
Update Type:
Patch
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 9746218
UUID: 2892600099
Node ID: PR_kwDOP9nTAs6saZMj
Host: GitHub
Repository: DRAWING99/https-github.com-DRAWING99-se-2-docs
Merge State: Unknown