Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump the npm_and_yarn group across 5 directories with 37 updates

Open
Number: #1
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: None
Comments: 0
Created: September 03, 2025 at 12:52 AM UTC
(7 days ago)
Updated: September 03, 2025 at 12:52 AM UTC
(7 days ago)
Labels:
dependencies javascript
Description:

Bumps the npm_and_yarn group with 16 updates in the / directory:

Package From To
ws 8.18.1 8.18.2
@babel/runtime 7.27.4 7.28.3
cookie 0.4.2 0.7.2
light-my-request 5.13.0 5.14.0
socket.io 4.7.5 4.8.1
@bundled-es-modules/cookie 2.0.0 2.0.1
find-my-way 8.2.0 8.2.2
@octokit/endpoint 10.1.1 10.1.4
@octokit/plugin-paginate-rest 11.3.5 11.6.0
@octokit/request 9.1.3 9.2.4
form-data 2.5.1 2.5.5
form-data 4.0.1 4.0.4
brace-expansion 2.0.1 2.0.2
brace-expansion 1.1.11 1.1.12
simple-get 3.1.0 3.1.1
sha.js 2.4.11 2.4.12
tar-fs 2.1.1 2.1.3
tmp 0.2.3 0.2.5

Bumps the npm_and_yarn group with 3 updates in the /scripts/commit-lint directory: form-data, cross-spawn and axios.
Bumps the npm_and_yarn group with 11 updates in the /test/e2e directory:

Package From To
cookie 0.6.0 0.7.2
light-my-request 5.11.1 5.14.0
find-my-way 8.1.0 8.2.2
brace-expansion 1.1.11 1.1.12
braces 3.0.2 3.0.3
cross-spawn 7.0.3 7.0.6
micromatch 4.0.5 4.0.8
serialize-javascript 6.0.0 6.0.2
mocha 10.3.0 10.8.2
undici 5.28.3 5.29.0
ejs 3.1.9 3.1.10

Bumps the npm_and_yarn group with 13 updates in the /webviews/vue2 directory:

Package From To
ws 8.16.0 8.18.3
esbuild 0.15.18 0.25.9
vite 3.2.7 7.1.4
json5 0.5.1 2.2.3
find-babel-config 1.2.0 1.2.2
@babel/runtime 7.22.11 7.28.3
form-data 4.0.0 4.0.4
brace-expansion 1.1.11 1.1.12
braces 3.0.2 3.0.3
cross-spawn 7.0.3 7.0.6
micromatch 4.0.5 4.0.8
dompurify 3.1.6 3.2.6
vue 2.7.16 3.0.0

Bumps the npm_and_yarn group with 13 updates in the /webviews/vue3 directory:

Package From To
ws 8.13.0 8.18.3
esbuild 0.17.19 0.25.9
@vitejs/plugin-vue 4.2.3 6.0.1
vite 4.3.9 7.1.4
vitest 0.32.2 3.2.4
@babel/runtime 7.22.5 7.28.3
form-data 4.0.0 4.0.4
brace-expansion 1.1.11 1.1.12
cross-spawn 7.0.3 7.0.6
serialize-javascript 6.0.1 6.0.2
dompurify 3.0.5 3.2.4
vue 3.3.4 3.3.5
webpack 5.88.0 5.101.3

Updates ws from 8.18.1 to 8.18.2

Release notes

Sourced from ws's releases.

8.18.2

Bug fixes

  • Fixed an issue that, during message decompression when the maximum size was exceeded, led to the emission of an inaccurate error and closure of the connection with an improper close code (#2285).
Commits

Updates @babel/runtime from 7.27.4 to 7.28.3

Release notes

Sourced from @​babel/runtime's releases.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

:bug: Bug Fix

:nail_care: Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

:memo: Documentation

:house: Internal

:microscope: Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

v7.28.2 (2025-07-24)

Thanks @​souhailaS for your first PR!

:bug: Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

Committers: 4

v7.28.1 (2025-07-12)

... (truncated)

Changelog

Sourced from @​babel/runtime's changelog.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

:bug: Bug Fix

:nail_care: Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

:memo: Documentation

:house: Internal

:microscope: Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

:bug: Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

:bug: Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

:memo: Documentation

:leftwards_arrow_with_hook: Revert

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-types

v7.28.0 (2025-07-02)

:rocket: New Feature

... (truncated)

Commits

Updates cookie from 0.4.2 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

  • Fix object assignment of hasOwnProperty (#177) bc38ffd

https://github.com/jshttp/cookie/compare/v0.7.1...v0.7.2

0.7.1

Fixed

  • Allow leading dot for domain (#174)
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1

0.7.0

https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0

0.6.0

  • Add partitioned option

0.5.0

  • Add priority option
  • Fix expires option to reject invalid dates
  • pref: improve default decode speed
  • pref: remove slow string split in parse
Commits
Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.


Updates light-my-request from 5.13.0 to 5.14.0

Release notes

Sourced from light-my-request's releases.

v5.14.0

What's Changed

Full Changelog: https://github.com/fastify/light-my-request/compare/v5.13.0...v5.14

Commits

Updates socket.io from 4.7.5 to 4.8.1

Release notes

Sourced from socket.io's releases.

socket.io@4.8.1

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

socket.io-client@4.8.1

Bug Fixes

  • bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

socket.io-client@4.8.0

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:

import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";

const socket = io({
transports: [XHR, WebSocket]
});

Here is the list of provided implementations:

Transport Description
Fetch HTTP long-polling based on the built-in fetch() method.
NodeXHR HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.
XHR HTTP long-polling based on the built-in XMLHttpRequest object.
NodeWebSocket WebSocket transport based on the WebSocket object provided by the ws package.
WebSocket WebSocket transport based on the built-in WebSocket object.
WebTransport WebTransport transport based on the built-in WebTransport object.

Usage:

Transport browser Node.js Deno Bun

... (truncated)

Commits
  • 91e1c8b chore(release): socket.io@4.8.1
  • 8d5528a chore(release): socket.io-client@4.8.1
  • 71387e5 refactor(sio-client): reexport transports from the engine
  • aead835 refactor(sio): make Namespace._fns private (#5196)
  • 029e010 chore(release): engine.io-client@6.6.2
  • 4ca6ddb docs(nuxt): update example with latest version
  • ca9e994 fix(sio-client): do not mangle the "_placeholder" attribute
  • 4865f2e fix(eio-client): prevent infinite loop with Node.js built-in WebSocket
  • d4b3dde ci: use Node.js 22
  • 3b68658 chore: bump @​fails-components/webtransport to version 1.1.4 (dev)
  • Additional commits viewable in compare view

Updates @bundled-es-modules/cookie from 2.0.0 to 2.0.1

Commits
Maintainer changes

This version was pushed to npm by bashmish, a new releaser for @​bundled-es-modules/cookie since your current version.


Updates find-my-way from 8.2.0 to 8.2.2

Release notes

Sourced from find-my-way's releases.

v8.2.2

⚠️ Security Release ⚠️

Fixes: https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6 CVE-2024-45813

Full Changelog: https://github.com/delvedor/find-my-way/compare/v8.2.0...v8.2.2

Commits

Updates @octokit/endpoint from 10.1.1 to 10.1.4

Release notes

Sourced from @​octokit/endpoint's releases.

v10.1.4

10.1.4 (2025-04-10)

Bug Fixes

  • deps: update dependency @​octokit/types to v14 (#523) (ca8c366)

v10.1.3

10.1.3 (2025-02-13)

Bug Fixes

v10.1.2

10.1.2 (2024-12-31)

Bug Fixes

  • deps: bump @octokit/types to improve Deno compat (#507) (15d700b)
Commits
  • ca8c366 fix(deps): update dependency @​octokit/types to v14 (#523)
  • 7b9a884 maint: cleanup package.json and use Node LTS instead of v16 (#519)
  • bcc0f97 build(deps): bump vite from 6.1.0 to 6.2.5 (#522)
  • 255c59d ci(action): update actions/create-github-app-token action to v2 (#521)
  • adeee3e chore(deps): update dependency prettier to v3.5.3 (#518)
  • ea60e07 chore(deps): update dependency semantic-release-plugin-update-version-in-file...
  • 8f43346 chore(deps): update dependency prettier to v3.5.2 (#517)
  • 2209b07 chore(deps): update dependency prettier to v3.5.1 (#513)
  • d6cf1ad fix: linting issues breaking ci (#514)
  • 6c9c5be Merge commit from fork
  • Additional commits viewable in compare view

Updates @octokit/plugin-paginate-rest from 11.3.5 to 11.6.0

Release notes

Sourced from @​octokit/plugin-paginate-rest's releases.

v11.6.0

11.6.0 (2025-03-18)

Features

  • new /orgs/{org}/issue-types, /orgs/{org}/issue-types/{issue_type_id} enpoints (#666) (1f44b54)

v11.5.0

11.5.0 (2025-03-18)

Features

  • new GET /orgs/{org}/actions/hosted-runners, GET /orgs/{org}/actions/runner-groups/{runner_group_id}/hosted-runners, GET /orgs/{org}/rulesets/{ruleset_id}/history, GET /orgs/{org}/settings/network-configurations, GET /repos/{owner}/{repo}/rulesets/{ruleset_id}/history endpoints (#649) (ef30a05)

v11.4.4-cjs.2

11.4.4-cjs.2 (2025-02-26)

[!IMPORTANT] This is a special release to backport newer changes to CJS and address a ReDos vulnerability

Bug Fixes

  • deps: update @octokit/plugin-rest-endpoint-methods (2c70eaf)

v11.4.4-cjs.1

11.4.4-cjs.1 (2025-02-26)

[!IMPORTANT] This is a special release to backport newer changes to CJS and address a ReDos vulnerability

Bug Fixes

Reverts

  • Revert "docs(README): update examples to use ESM (#611)" (1389b71)
  • Revert "feat: package is now ESM (#596)" (64ba6f4)
  • Revert "fix(pkg): add default fallback and types export (#612)" (27a8552)

v11.4.3

... (truncated)

Commits
  • 1f44b54 feat: new /orgs/{org}/issue-types, `/orgs/{org}/issue-types/{issue_type_id}...
  • ef30a05 feat: new GET /orgs/{org}/actions/hosted-runners, `GET /orgs/{org}/actions/...
  • fbadb74 chore(deps): update dependency prettier to v3.5.3 (#665)
  • 1c297ca chore(deps): update dependency semantic-release-plugin-update-version-in-file...
  • 60d26d9 chore(deps): update dependency prettier to v3.5.2 (#664)
  • 9a51aad fix(types): correct pagination return type for data which is an array (#662)
  • 8b8c500 fix(types): add back the pagination keys (#653)
  • 41876f4 chore(deps): update dependency prettier to v3.5.1 (#658)
  • 7d1fade fix: mitigate ReDos issues & linting issues (#659)
  • bb6c4f9 Merge commit from fork
  • Additional commits viewable in compare view

Updates @octokit/request from 9.1.3 to 9.2.4

Release notes

Sourced from @​octokit/request's releases.

v9.2.4

9.2.4 (2025-06-20)

Bug Fixes

  • pkg: unreplaced version number in dist-bundle/ (#765) (afa9d09)

v9.2.3

9.2.3 (2025-04-10)

Bug Fixes

  • deps: update dependency @​octokit/types to v14 (#753) (7d576b0)

v9.2.2

9.2.2 (2025-02-14)

Bug Fixes

  • deps: update dependency @​octokit/request-error to v6.1.7 [security] (#740) (4b2f485)

v9.2.1

9.2.1 (2025-02-13)

Bug Fixes

  • mitigate ReDos vulnerabilities & lint (#738) (6bb29ba)

v9.2.0

9.2.0 (2025-01-16)

Features

  • correctly parse response bodies as JSON where the Content-Type is application/scim+json (#731) (00bf316)

v9.1.4

9.1.4 (2024-12-29)

Bug Fixes

  • deps: bump @octokit/types to fix deno compat (#730) (324ffef)
Commits
  • afa9d09 fix(pkg): unreplaced version number in dist-bundle/ (#765)
  • 3773e64 ci: replace OCTOKITBOT_PROJECT_ACTION_TOKEN and OCTOKITBOT_PAT with a tok...
  • 7d576b0 fix(deps): update dependency @​octokit/types to v14 (#753)
  • c9bfc37 build(deps): bump vite from 6.1.0 to 6.2.5 (#750)
  • f7b9616 ci(prettier): use Node LTS instead of Node 16 (#748)
  • 1955847 chore(deps): update dependency prettier to v3.5.3 (#745)
  • b71107b chore(deps): update dependency semantic-release-plugin-update-version-in-file...
  • c855943 chore(deps): update dependency prettier to v3.5.2 (#743)
  • 4b2f485 fix(deps): update dependency @​octokit/request-error to v6.1.7 [security] (#740)
  • 0320a42 chore(deps): update dependency prettier to v3.5.1 (#737)
  • Additional commits viewable in compare view

Updates @octokit/request-error from 6.1.5 to 6.1.8

Release notes

Sourced from @​octokit/request-error's releases.

v6.1.8

6.1.8 (2025-04-10)

Bug Fixes

  • deps: update dependency @​octokit/types to v14 (#505) (ab4ea7b)

v6.1.7

6.1.7 (2025-02-13)

Bug Fixes

  • ReDos regex vulnerability, reported by @​DayShift (d558320874a4bc8d356babf1079e6f0056a59b9e)

v6.1.6

6.1.6 (2024-12-29)

Bug Fixes

  • deps: bump @octokit/types to fix Deno compat (#483) (e01d470)
Commits
  • ab4ea7b fix(deps): update dependency @​octokit/types to v14 (#505)
  • 7eba3d2 chore(deps): update dependency tinybench to v4 (#501)
  • 549624b build(deps): bump vite from 6.2.2 to 6.2.5 (#504)
  • 11c1adc build(deps): lock file maintenance (#502)
  • de5f24d chore(deps): update dependency prettier to v3.5.3 (#499)
  • ef66347 build(deps): lock file maintenance (#500)
  • 787201d build(deps): lock file maintenance (#498)
  • 5ab6a76 chore(deps): update dependency prettier to v3.5.2 (#497)
  • f8f8c4a build(deps): lock file maintenance (#496)
  • eee2491 chore(deps): update dependency prettier to v3.5.1 (#493)
  • Additional commits viewable in compare view

Updates form-data from 2.5.1 to 2.5.5

Release notes

Sourced from form-data's releases.

v2.5.2

Fixes

  • Buffer.from and Buffer.alloc require node 4+
  • npmignore temporary build files (#532)
  • move util.isArray to Array.isArray (#564)

Tests

  • migrate from travis to GHA
Changelog

Sourced from form-data's changelog.

v2.5.5 - 2025-07-18

Commits

  • [meta] actually ensure the readme backup isn’t published 10626c0
  • [Fix] use proper dependency 026abe5

v2.5.4 - 2025-07-17

Fixed

Commits

  • [eslint] update linting config 8bf2492
  • [meta] add auto-changelog b5101ad
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 0e93122
  • [Fix] Switch to using crypto random for boundary values b88316c
  • [Fix] validate boundary type in setBoundary() method 131ae5e
  • [Tests] Switch to newer v8 prediction library; enable node 24 testing c97cfbe
  • [Refactor] use hasown 97ac9c2
  • [meta] remove local commit hooks be99d4e
  • [Dev Deps] remove unused deps ddbc89b
  • [meta] fix scripts to use prepublishOnly e351a97
  • [Dev Deps] remove unused script 8f23366
  • [Dev Deps] add missing peer dep 02ff026
  • [meta] fix readme capitalization 2fd5f61

v2.5.3 - 2025-02-14

Merged

Fixed

Commits

  • [Refactor] use Object.prototype.hasOwnProperty.call 6e682d4
  • [Dev Deps] update @types/node, browserify, coveralls, eslint, formidable, in-publish, phantomjs-prebuilt, pkgfiles, pre-commit, request, tape, typescript 819f6b7
  • Only apps should have lockfiles b170ee2
  • [Deps] update combined-stream, mime-types 6b1ca1d
  • Bumped version 2.5.3 9457283
  • [Dev Deps] pin request which via tough-cookie ^2.4 depends on psl 9dbe192

v2.5.2 - 2024-10-10

... (truncated)

Commits
  • 40de5a7 v2.5.5
  • 026abe5 [Fix] use proper dependency
  • 10626c0 [meta] actually ensure the readme backup isn’t published
  • efe6c26 v2.5.4
  • c97cfbe [Tests] Switch to newer v8 prediction library; enable node 24 testing
  • 0e93122 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
  • b88316c [Fix] Switch to using crypto random for boundary values
  • b70869d [Fix] append: avoid a crash on nullish values
  • 131ae5e [Fix] validate boundary type in setBoundary() method
  • 8bf2492 [eslint] update linting config
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.


Updates form-data from 4.0.1 to 4.0.4

Release notes

Sourced from form-data's releases.

v2.5.2

Fixes

  • Buffer.from and Buffer.alloc require node 4+
  • npmignore temporary build files (#532)
  • move util.isArray to Array.isArray (#564)

Tests

  • migrate from travis to GHA
Changelog

Sourced from form-data's changelog.

v2.5.5 - 2025-07-18

Commits

  • [meta] actually ensure the readme backup isn’t published 10626c0
  • [Fix] use proper dependency 026abe5

v2.5.4 - 2025-07-17

Fixed

Commits

  • [eslint] update linting config 8bf2492
  • [meta] add auto-changelog b5101ad
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 0e93122
  • [Fix] Switch to using crypto random for boundary values b88316c
  • [Fix] validate boundary type in setBoundary() method 131ae5e
  • [Tests] Switch to newer v8 prediction library; enable node 24 testing c97cfbe
  • [Refactor] use hasown 97ac9c2
  • [meta] remove local commit hooks be99d4e
  • [Dev Deps] remove unused deps ddbc89b
  • [meta] fix scripts to use prepublishOnly e351a97
  • [Dev Deps] remove unused script 8f23366
  • [Dev Deps] add missing peer dep 02ff026
  • [meta] fix readme capitalization 2fd5f61

v2.5.3 - 2025-02-14

Merged

Fixed

Commits

  • [Refactor] use Object.prototype.hasOwnProperty.call 6e682d4
  • [Dev Deps] update @types/node, browserify, coveralls, eslint, formidable, in-publish, phantomjs-prebuilt, pkgfiles, pre-commit, request, tape, typescript 819f6b7
  • Only apps should have lockfiles b170ee2
  • [Deps] update combined-stream, mime-types 6b1ca1d
  • Bumped version 2.5.3 9457283
  • [Dev Deps] pin request which via tough-cookie ^2.4 depends on psl 9dbe192

v2.5.2 - 2024-10-10

... (truncated)

Commits
Package Dependencies
Package:
 @babel/runtime
Ecosystem:
npm
Version Change:
7.27.4 → 7.28.3
Update Type:
Minor
Package:
tar-fs
Ecosystem:
npm
Version Change:
2.1.1 → 2.1.3
Update Type:
Patch
Package:
ws
Ecosystem:
npm
Version Change:
8.18.1 → 8.18.2
Update Type:
Patch
Package:
form-data
Ecosystem:
npm
Version Change:
2.5.1 → 2.5.5
Update Type:
Patch
Package:
cookie
Ecosystem:
npm
Version Change:
0.4.2 → 0.7.2
Update Type:
Minor
Package:
@octokit/plugin-paginate-rest
Ecosystem:
npm
Version Change:
11.3.5 → 11.6.0
Update Type:
Minor
Package:
@octokit/request
Ecosystem:
npm
Version Change:
9.1.3 → 9.2.4
Update Type:
Minor
Package:
socket.io
Ecosystem:
npm
Version Change:
4.7.5 → 4.8.1
Update Type:
Minor
Package:
simple-get
Ecosystem:
npm
Version Change:
3.1.0 → 3.1.1
Update Type:
Patch
Package:
find-my-way
Ecosystem:
npm
Version Change:
8.2.0 → 8.2.2
Update Type:
Patch
Package:
light-my-request
Ecosystem:
npm
Version Change:
5.13.0 → 5.14.0
Update Type:
Minor
Package:
@octokit/endpoint
Ecosystem:
npm
Version Change:
10.1.1 → 10.1.4
Update Type:
Patch
Package:
@bundled-es-modules/cookie
Ecosystem:
npm
Version Change:
2.0.0 → 2.0.1
Update Type:
Patch
Package:
tmp
Ecosystem:
npm
Version Change:
0.2.3 → 0.2.5
Update Type:
Patch
Package:
brace-expansion
Ecosystem:
npm
Version Change:
2.0.1 → 2.0.2
Update Type:
Patch
Package:
sha.js
Ecosystem:
npm
Version Change:
2.4.11 → 2.4.12
Update Type:
Patch
Security Advisories
find-my-way has a ReDoS vulnerability in multiparametric routes
GHSA-rrr8-f88r-h8q6 CVE-2024-45813 HIGH
### Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. ### Patches Update to find-my-way v8.2.2 ...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 6686885
UUID: 2794303816
Node ID: PR_kwDOPoNdws6mjbFI
Host: GitHub
Repository: gitworkflows/neoai-vscode
Merge State: Unknown