chore(deps): bump the npm-security-updates group across 1 directory with 2 updates
Closed
Number: #8
Type: Pull Request
State: Closed
Type: Pull Request
State: Closed
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: None
Comments: 2
dependabot[bot]Association: None
Comments: 2
Created:
September 09, 2025 at 09:28 PM UTC
(3 months ago)
(3 months ago)
Updated:
September 22, 2025 at 05:14 PM UTC
(3 months ago)
(3 months ago)
Closed:
September 22, 2025 at 05:14 PM UTC
(3 months ago)
(3 months ago)
Time to Close:
13 days
Labels:
dependencies javascript
dependencies javascript
Description:
Bumps the npm-security-updates group with 2 updates in the / directory: vite and devalue.
Updates vite from 7.0.6 to 7.1.5
Release notes
Sourced from vite's releases.
v7.1.5
Please refer to CHANGELOG.md for details.
v7.1.4
Please refer to CHANGELOG.md for details.
v7.1.3
Please refer to CHANGELOG.md for details.
v7.1.2
Please refer to CHANGELOG.md for details.
v7.1.1
Please refer to CHANGELOG.md for details.
create-vite@7.1.1
Please refer to CHANGELOG.md for details.
plugin-legacy@7.1.0
Please refer to CHANGELOG.md for details.
create-vite@7.1.0
Please refer to CHANGELOG.md for details.
v7.1.0
Please refer to CHANGELOG.md for details.
v7.1.0-beta.1
Please refer to CHANGELOG.md for details.
v7.1.0-beta.0
Please refer to CHANGELOG.md for details.
v7.0.7
Please refer to CHANGELOG.md for details.
Changelog
Sourced from vite's changelog.
7.1.5 (2025-09-08)
Bug Fixes
- apply
fs.strictcheck to HTML files (#20736) (14015d7)- deps: update all non-major dependencies (#20732) (122bfba)
- upgrade sirv to 3.0.2 (#20735) (09f2b52)
7.1.4 (2025-09-01)
Bug Fixes
- add missing awaits (#20697) (79d10ed)
- deps: update all non-major dependencies (#20676) (5a274b2)
- deps: update all non-major dependencies (#20709) (0401feb)
- pass rollup watch options when building in watch mode (#20674) (f367453)
Miscellaneous Chores
Code Refactoring
7.1.3 (2025-08-19)
Features
- cli: add Node.js version warning for unsupported versions (#20638) (a1be1bf)
- generate code frame for parse errors thrown by terser (#20642) (a9ba017)
- support long lines in
generateCodeFrame(#20640) (1559577)Bug Fixes
- deps: update all non-major dependencies (#20634) (4851cab)
- optimizer: incorrect incompatible error (#20439) (446fe83)
- support multiline new URL(..., import.meta.url) expressions (#20644) (9ccf142)
Performance Improvements
Miscellaneous Chores
Code Refactoring
- replace startsWith with strict equality (#20603) (42816de)
- use
importin worker threads (#20641) (530687a)Tests
... (truncated)
Commits
5647540release: v7.1.509f2b52fix: upgrade sirv to 3.0.2 (#20735)14015d7fix: applyfs.strictcheck to HTML files (#20736)122bfbafix(deps): update all non-major dependencies (#20732)bcc3144release: v7.1.40401febfix(deps): update all non-major dependencies (#20709)537fcf9chore: remove unused constants entry from rolldown.config.ts (#20710)79d10edfix: add missing awaits (#20697)8099582refactor: remove unnecessaryminifyparameter fromfinalizeCss(#20701)f367453fix: pass rollup watch options when building in watch mode (#20674)- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite since your current version.
Updates devalue from 5.1.1 to 5.3.2
Release notes
Sourced from devalue's releases.
v5.3.2
Patch Changes
- 0623a47: fix: disallow array method access when parsing
- 0623a47: fix: disallow
__proto__properties on objectsv5.3.1
Patch Changes
- ae904c5: fix: correctly differentiate between +0 and -0
v5.3.0
Minor Changes
- 2896e7b: feat: support Temporal
- fec694d: feat: support
URLandURLSearchParamsobjects
Changelog
Sourced from devalue's changelog.
5.3.2
Patch Changes
- 0623a47: fix: disallow array method access when parsing
- 0623a47: fix: disallow
__proto__properties on objects5.3.1
Patch Changes
- ae904c5: fix: correctly differentiate between +0 and -0
5.3.0
Minor Changes
- 2896e7b: feat: support Temporal
- fec694d: feat: support
URLandURLSearchParamsobjects5.2.1
Patch Changes
- e46f4c8: fix: handle repeated array buffers and subarrays
- 2dfa504: fix: handle custom classes with null proto as pojo
5.2.0
- Handle custom classes with null proto as pojo (#95)
Commits
86a6a66Version Packages (#109)0623a47Merge commit from fork02d20e8Version Packages (#108)ae904c5fix stringify not picking up negative zero if a normal zero has appeared befo...e95b87afix pkg.repository8300172fix changeset config434d8aeVersion Packages (#106)67c8334mention support for URL/URLSearchParams/Temporal in READMEfec694dfeat: support URL and URLSearchParams (#92)2896e7bAdd support for Temporal objects (#98)- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by svelte-admin, a new releaser for devalue since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.
Pull Request Statistics
Commits:
1
1
Files Changed:
2
2
Additions:
+82
+82
Deletions:
-19
-19
Technical Details
| ID: | 7335557 |
| UUID: | 2813357777 |
| Node ID: | PR_kwDOPU0lfM6nsG7R |
| Host: | GitHub |
| Repository: | zitadel/example-auth-sveltekit |
| Mergeable: | Yes |
| Merge State: | Clean |
| Rebaseable: | Yes |