Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

chore(deps): bump the npm_and_yarn group across 2 directories with 7 updates

Closed
Number: #898
Type: Pull Request
State: Closed
Author: dependabot[bot] dependabot[bot]
Association: Contributor
Comments: 3
Created: June 12, 2025 at 12:38 AM UTC
(3 months ago)
Updated: June 22, 2025 at 12:58 AM UTC
(3 months ago)
Closed: June 22, 2025 at 12:58 AM UTC
(3 months ago)
Time to Close: 10 days
Labels:
dependencies no-pr-activity javascript
Description:

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
fastify 4.29.0 4.29.1
undici 6.20.1 6.21.2
vitest 2.1.8 2.1.9
@babel/runtime 7.26.0 7.27.6
vite 5.4.11 5.4.19

Bumps the npm_and_yarn group with 3 updates in the /sdk directory: @babel/runtime, brace-expansion and @babel/helpers.

Updates fastify from 4.29.0 to 4.29.1

Release notes

Sourced from fastify's releases.

v4.29.1

⚠️ Security Release ⚠️

Fix for "Invalid content-type parsing could lead to validation bypass" and CVE-2025-32442.

Full Changelog: https://github.com/fastify/fastify/compare/v4.29.0...v4.29.1

Commits

Updates undici from 6.20.1 to 6.21.2

Release notes

Sourced from undici's releases.

v6.21.2

What's Changed

New Contributors

Full Changelog: https://github.com/nodejs/undici/compare/v6.21.1...v6.21.2

v6.21.1

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v6.21.0...v6.21.1

v6.21.0

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v6.20.1...v6.21.0

Commits

Updates vitest from 2.1.8 to 2.1.9

Release notes

Sourced from vitest's releases.

v2.1.9

This release includes security patches for:

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates @babel/runtime from 7.26.0 to 7.27.6

Release notes

Sourced from @​babel/runtime's releases.

v7.27.6 (2025-06-05)

:bug: Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • babel-generator, babel-parser, babel-types

Committers: 3

v7.27.5 (2025-06-03)

Thanks @​NullVoxPopuli for your first PR!

:bug: Bug Fix

:nail_care: Polish

Committers: 4

v7.27.4 (2025-05-30)

:eyeglasses: Spec Compliance

  • babel-parser, babel-plugin-proposal-explicit-resource-management

:nail_care: Polish

:microscope: Output optimization

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

... (truncated)

Changelog

Sourced from @​babel/runtime's changelog.

v7.27.6 (2025-06-05)

:bug: Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • babel-generator, babel-parser, babel-types

v7.27.5 (2025-06-03)

:bug: Bug Fix

:nail_care: Polish

v7.27.4 (2025-05-30)

:eyeglasses: Spec Compliance

  • babel-parser, babel-plugin-proposal-explicit-resource-management

:nail_care: Polish

:microscope: Output optimization

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

v7.27.3 (2025-05-27)

:bug: Bug Fix

  • babel-generator
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • babel-plugin-proposal-explicit-resource-management
  • babel-plugin-proposal-decorators, babel-types
    • #17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@​magic-akari)
  • babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
    • #17257 Preserve class id when transforming using declarations with exported class (@​JLHwung)

... (truncated)

Commits

Updates vite from 5.4.11 to 5.4.19

Release notes

Sourced from vite's releases.

v5.4.19

Please refer to CHANGELOG.md for details.

v5.4.18

Please refer to CHANGELOG.md for details.

v5.4.17

Please refer to CHANGELOG.md for details.

v5.4.16

Please refer to CHANGELOG.md for details.

v5.4.15

Please refer to CHANGELOG.md for details.

v5.4.14

Please refer to CHANGELOG.md for details.

v5.4.13

Please refer to CHANGELOG.md for details.

v5.4.12

This version contains a breaking change due to security fixes. See https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.19 (2025-04-30)

5.4.18 (2025-04-10)

5.4.17 (2025-04-03)

5.4.16 (2025-03-31)

5.4.15 (2025-03-24)

5.4.14 (2025-01-21)

5.4.13 (2025-01-20)

5.4.12 (2025-01-20)

  • fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (9da4abc)
  • fix!: default server.cors: false to disallow fetching from untrusted origins (dfea38f)
  • fix: verify token for HMR WebSocket connection (b71a5c8)
  • chore: add deps update changelog (ecd2375)
Commits

Updates @babel/runtime from 7.23.2 to 7.27.6

Release notes

Sourced from @​babel/runtime's releases.

v7.27.6 (2025-06-05)

:bug: Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • babel-generator, babel-parser, babel-types

Committers: 3

v7.27.5 (2025-06-03)

Thanks @​NullVoxPopuli for your first PR!

:bug: Bug Fix

:nail_care: Polish

Committers: 4

v7.27.4 (2025-05-30)

:eyeglasses: Spec Compliance

  • babel-parser, babel-plugin-proposal-explicit-resource-management

:nail_care: Polish

:microscope: Output optimization

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

... (truncated)

Changelog

Sourced from @​babel/runtime's changelog.

v7.27.6 (2025-06-05)

:bug: Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • babel-generator, babel-parser, babel-types

v7.27.5 (2025-06-03)

:bug: Bug Fix

:nail_care: Polish

v7.27.4 (2025-05-30)

:eyeglasses: Spec Compliance

  • babel-parser, babel-plugin-proposal-explicit-resource-management

:nail_care: Polish

:microscope: Output optimization

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

v7.27.3 (2025-05-27)

:bug: Bug Fix

  • babel-generator
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • babel-plugin-proposal-explicit-resource-management
  • babel-plugin-proposal-decorators, babel-types
    • #17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@​magic-akari)
  • babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
    • #17257 Preserve class id when transforming using declarations with exported class (@​JLHwung)

... (truncated)

Commits

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12

Commits

Updates @babel/helpers from 7.23.2 to 7.27.6

Release notes

Sourced from @​babel/helpers's releases.

v7.27.6 (2025-06-05)

:bug: Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • babel-generator, babel-parser, babel-types

Committers: 3

v7.27.5 (2025-06-03)

Thanks @​NullVoxPopuli for your first PR!

:bug: Bug Fix

:nail_care: Polish

Committers: 4

v7.27.4 (2025-05-30)

:eyeglasses: Spec Compliance

  • babel-parser, babel-plugin-proposal-explicit-resource-management

:nail_care: Polish

:microscope: Output optimization

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.27.6 (2025-06-05)

:bug: Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • babel-generator, babel-parser, babel-types

v7.27.5 (2025-06-03)

:bug: Bug Fix

:nail_care: Polish

v7.27.4 (2025-05-30)

:eyeglasses: Spec Compliance

  • babel-parser, babel-plugin-proposal-explicit-resource-management

:nail_care: Polish

:microscope: Output optimization

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

v7.27.3 (2025-05-27)

:bug: Bug Fix

  • babel-generator
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
    • PR-Codex overview

      This PR focuses on updating package dependencies in package.json and yarn.lock, ensuring the project utilizes the latest versions of several libraries, including fastify, undici, and vitest, among others.

      Detailed summary

      • Updated fastify from ^4.28.1 to ^4.29.1.
      • Updated undici from ^6.20.1 to ^6.21.2.
      • Updated vitest from ^2.0.3 to ^2.1.9.
      • Updated various Babel packages to version 7.27.x.
      • Updated brace-expansion from 1.1.11 to 1.1.12.
      • Updated picocolors from ^1.0.0 to ^1.1.1.

      ✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Pull Request Statistics
Commits:
1
Files Changed:
3
Additions:
+127
Deletions:
-94
Package Dependencies
Package:
vitest
Ecosystem:
npm
Version Change:
2.1.8 → 2.1.9
Update Type:
Patch
Package:
@babel/runtime
Ecosystem:
npm
Version Change:
7.26.0 → 7.27.6
Update Type:
Minor
Package:
vite
Ecosystem:
npm
Version Change:
5.4.11 → 5.4.19
Update Type:
Patch
Package:
undici
Ecosystem:
npm
Version Change:
6.20.1 → 6.21.2
Update Type:
Minor
Package:
fastify
Ecosystem:
npm
Version Change:
4.29.0 → 4.29.1
Update Type:
Patch
Security Advisories
Websites were able to send any requests to the development server and read the response in vite
GHSA-vg6x-rcgg-rjx6 CVE-2025-24010 MODERATE
### Summary Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket con...
Vitest browser mode serves arbitrary files
GHSA-8gvc-j273-4wm5 CVE-2025-24963 MODERATE
### Summary `__screenshot-error` handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by [`browser.api.host: true`](...
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
GHSA-mg2h-6x62-wpwc CVE-2025-32442 HIGH
### Impact In applications that specify different validation strategies for different content types, it's possible to bypass the validation by providing a _slightly altered_ content type such as w...
Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
GHSA-9crc-q9x8-hgqq CVE-2025-24964 CRITICAL
### Summary Arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. ### Details When [`api` optio...
Use of Insufficiently Random Values in undici
GHSA-c76h-2ccp-4975 CVE-2025-22150 MODERATE
### Impact [Undici `fetch()` uses Math.random()](https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113) to choose the boundary for a multipart/f...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 1489273
UUID: 2585699006
Node ID: PR_kwDOJEmqjs6aHqK-
Host: GitHub
Repository: thirdweb-dev/engine
Mergeable: Yes
Merge State: Clean