Bump the npm_and_yarn group across 2 directories with 9 updates #342

dependabot · 2025-11-14T21:45:21Z

Bumps the npm_and_yarn group with 4 updates in the / directory: vite, brace-expansion, cross-spawn and micromatch.
Bumps the npm_and_yarn group with 7 updates in the /seeds/team-experiments directory:

Package	From	To
vite	`5.2.11`	`5.4.21`
brace-expansion	`2.0.1`	`2.0.2`
brace-expansion	`1.1.11`	`1.1.12`
cross-spawn	`7.0.3`	`7.0.6`
js-yaml	`4.1.0`	`4.1.1`
micromatch	`4.0.5`	`4.0.8`
on-headers	`1.0.2`	`1.1.0`
tar-fs	`3.0.5`	`3.1.1`

Updates vite from 5.2.11 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

v5.4.19

Please refer to CHANGELOG.md for details.

v5.4.18

Please refer to CHANGELOG.md for details.

v5.4.17

Please refer to CHANGELOG.md for details.

v5.4.16

Please refer to CHANGELOG.md for details.

v5.4.15

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970) (cad1d31), closes #20968 #20970

chore: update CHANGELOG (ca88ed7)

5.4.20 (2025-09-08)

fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736

fix: port [email protected] changes to [email protected] (#20737) (4f1c35b), closes #20737

5.4.19 (2025-04-30)

fix: backport #19965, check static serve file inside sirv (#19966) (766947e), closes #19965 #19966

5.4.18 (2025-04-10)

fix: backport #19830, reject requests with # in request-target (#19831) (823675b), closes #19830 #19831

5.4.17 (2025-04-03)

fix: backport #19782, fs check with svg and relative paths (#19784) (84b2b46), closes #19782 #19784

5.4.16 (2025-03-31)

fix: backport #19761, fs check in transform middleware (#19762) (b627c50), closes #19761 #19762

5.4.15 (2025-03-24)

fix: backport #19702, fs raw query with query separators (#19703) (807d7f0), closes #19702 #19703

5.4.14 (2025-01-21)

fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246

fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

... (truncated)

Commits

adce3c2 release: v5.4.21
cad1d31 fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970)
ca88ed7 chore: update CHANGELOG
997700f release: v5.4.20
482000f fix: apply fs.strict check to HTML files (#20736)
80a333a release: v5.4.19
766947e fix: backport #19965, check static serve file inside sirv (#19966)
731b77d release: v5.4.18
823675b fix: backport #19830, reject requests with # in request-target (#19831)
0a2518a release: v5.4.17
Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

disable regexp backtracking (#160) (5ff3a07)

Commits

77cd97f chore(release): 7.0.6
6717de4 chore: upgrade standard-version
f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
9a7e3b2 chore: fix build status badge
0852683 chore(release): 7.0.5
640d391 fix: fix escaping bug introduced by backtracking
bff0c87 chore: remove codecov
a7c6abc chore: replace travis with github workflows
9b9246e chore(release): 7.0.4
5ff3a07 fix: disable regexp backtracking (#160)
Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

37289ce Release 3.3.11 version
23690b7 Fix CI
c147962 Fix RN support
a83734e Move to manually ESM/CJS dual package
bb12e8a Release 3.3.10 version
8f44264 Fix Expo support
adf9b0c Release 3.3.9 version
1c6f088 Remove dev file from npm package
3044cd5 Release 3.3.8 version
4fe3495 Update size limit
Additional commits viewable in compare view

Updates rollup from 4.17.2 to 4.53.2

Release notes

Sourced from rollup's releases.

v4.53.2

4.53.2

2025-11-10

Bug Fixes

Do not throw when using invalid escape sequences in template literals (#6177)

Pull Requests

#6177: handle TemplateElement with null cooked value (@TrickyPi)

v4.53.1

4.53.1

2025-11-07

Bug Fixes

Fix install script (#6172)

Pull Requests

#6172: fix: move patch-package from postinstall to prepare script (@mshima)

v4.53.0

4.53.0

2025-11-07

Features

Improve rendering performance by caching generated variable names (#5947)

Pull Requests

#5947: refactor: store safe variable names in cache for subsequent usage (@Aslemammad, @lukastaegert, @Service account user)

#6149: chore(deps): update dependency vite to v7.1.11 [security] (@renovate[bot], @Service account user)

#6151: fix(deps): update swc monorepo (major) (@renovate[bot], @Service account user)

#6152: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @Service account user)

#6153: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @Service account user)

#6155: Fix tests: Do not swallow warnings for multi-format tests (@lukastaegert, @Service account user)

#6159: chore(deps): update dependency eslint-plugin-unicorn to v62 (@renovate[bot])

#6160: chore(deps): update github artifact actions (major) (@renovate[bot])

#6161: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6164: chore(deps): update dependency @rollup/plugin-alias to v6 (@renovate[bot])

#6165: chore(deps): update dependency @rollup/plugin-commonjs to v29 (@renovate[bot])

#6166: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6167: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.53.2

2025-11-10

Bug Fixes

Do not throw when using invalid escape sequences in template literals (#6177)

Pull Requests

#6177: handle TemplateElement with null cooked value (@TrickyPi)

4.53.1

2025-11-07

Bug Fixes

Fix install script (#6172)

Pull Requests

#6172: fix: move patch-package from postinstall to prepare script (@mshima)

4.53.0

2025-11-07

Features

Improve rendering performance by caching generated variable names (#5947)

Pull Requests

#5947: refactor: store safe variable names in cache for subsequent usage (@Aslemammad, @lukastaegert, @Service account user)

#6149: chore(deps): update dependency vite to v7.1.11 [security] (@renovate[bot], @Service account user)

#6151: fix(deps): update swc monorepo (major) (@renovate[bot], @Service account user)

#6152: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @Service account user)

#6153: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @Service account user)

#6155: Fix tests: Do not swallow warnings for multi-format tests (@lukastaegert, @Service account user)

#6159: chore(deps): update dependency eslint-plugin-unicorn to v62 (@renovate[bot])

#6160: chore(deps): update github artifact actions (major) (@renovate[bot])

#6161: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6164: chore(deps): update dependency @rollup/plugin-alias to v6 (@renovate[bot])

#6165: chore(deps): update dependency @rollup/plugin-commonjs to v29 (@renovate[bot])

#6166: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6167: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

4.52.5

... (truncated)

Commits

d8b0150 4.53.2
4f43f03 handle TemplateElement with null cooked value (#6177)
e3bdcdf 4.53.1
96b5453 fix: move patch-package from postinstall to prepare script (#6172)
ecff532 4.53.0
05a6c01 refactor: store safe variable names in cache for subsequent usage (#5947)
5cf4264 fix(deps): update swc monorepo (major) (#6166)
75c4346 chore(deps): lock file maintenance minor/patch updates (#6167)
1ba7efe chore(deps): update dependency @rollup/plugin-alias to v6 (#6164)
e64d220 chore(deps): update dependency @rollup/plugin-commonjs to v29 (#6165)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Updates tar-fs from 3.0.5 to 3.1.1

Commits

0aa57de 3.1.1
0bd54cd expand check
cb1c571 3.1.0
374460e add optional disablement of symlink validation (#119)
5bfe6df 3.0.10
63e12f9 bare support
2ceedf4 3.0.9
647447b check windows tweak (#115)
e4a7a40 3.0.8
504ca0f upgrade bare packages
Additional commits viewable in compare view

Updates vite from 5.2.11 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

v5.4.19

Please refer to CHANGELOG.md for details.

v5.4.18

Please refer to CHANGELOG.md for details.

v5.4.17

Please refer to CHANGELOG.md for details.

v5.4.16

Please refer to CHANGELOG.md for details.

v5.4.15

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970) (cad1d31), closes #20968 #20970

chore: update CHANGELOG (ca88ed7)

5.4.20 (2025-09-08)

fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736

fix: port [email protected] changes to [email protected] (#20737) (4f1c35b), closes #20737

5.4.19 (2025-04-30)

fix: backport #19965, check static serve file inside sirv (#19966) (766947e), closes #19965 #19966

5.4.18 (2025-04-10)

fix: backport #19830, reject requests with # in request-target (#19831) (823675b), closes #19830 #19831

5.4.17 (2025-04-03)

fix: backport #19782, fs check with svg and relative paths (#19784) (84b2b46), closes #19782 #19784

5.4.16 (2025-03-31)

fix: backport #19761, fs check in transform middleware (#19762) (b627c50), closes #19761 #19762

5.4.15 (2025-03-24)

fix: backport #19702, fs raw query with query separators (#19703) (807d7f0), closes #19702 #19703

5.4.14 (2025-01-21)

fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246

fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

... (truncated)

Commits

adce3c2 release: v5.4.21
cad1d31 fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970)
ca88ed7 chore: update CHANGELOG
997700f release: v5.4.20
482000f fix: apply fs.strict check to HTML files (#20736)
80a333a release: v5.4.19
766947e fix: backport #19965, check static serve file inside sirv (#19966)
731b77d release: v5.4.18
823675b fix: backport #19830, reject requests with # in request-target (#19831)
0a2518a release: v5.4.17
Additional commits viewable in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

disable regexp backtracking (#160) (5ff3a07)

Commits

77cd97f chore(release): 7.0.6
6717de4 chore: upgrade standard-version
f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
9a7e3b2 chore: fix build status badge
0852683 chore(release): 7.0.5
640d391 fix: fix escaping bug introduced by backtracking
bff0c87 chore: remove codecov
a7c6abc chore: replace travis with github workflows
9b9246e chore(release): 7.0.4
5ff3a07 fix: disable regexp backtracking (#160)
Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

37289ce Release 3.3.11 version
23690b7 Fix CI
c147962 Fix RN support
a83734e Move to manually ESM/CJS dual package
bb12e8a Release 3.3.10 version
8f44264 Fix Expo support
adf9b0c Release 3.3.9 version
1c6f088 Remove dev file from npm package
3044cd5 Release 3.3.8 version
4fe3495 Update size limit
Additional commits viewable in compare view

Updates on-headers from 1.0.2 to 1.1.0

Release notes

Sourced from on-headers's releases.

1.1.0

Important

Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

What's Changed

Migrate CI pipeline to GitHub actions by @carpasse in jshttp/on-headers#12

fix README.md badges by @carpasse in jshttp/on-headers#13

add OSSF scorecard action by @carpasse in jshttp/on-headers#14

fix: use ubuntu-latest as ci runner by @UlisesGascon in jshttp/on-headers#19

ci: apply OSSF Scorecard security best practices by @UlisesGascon in jshttp/on-headers#20

👷 add upstream change detection by @ctcpip in jshttp/on-headers#31

✨ add script to update known hashes by @ctcpip in jshttp/on-headers#32

💚 update CI - add newer node versions by @ctcpip in jshttp/on-headers#33

New Contributors

@carpasse made their first contribution in jshttp/on-headers#12

@UlisesGascon made their first contribution in jshttp/on-headers#19

@ctcpip made their first contribution in jshttp/on-headers#31

Full Changelog: jshttp/on-headers@v1.0.2...v1.1.0

Changelog

Sourced from on-headers's changelog.

1.1.0 / 2025-07-17

Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

Commits

4b017af 1.1.0
b636f2d ♻️ refactor header array code
3e2c2d4 ✨ ignore falsy header keys, matching node behavior
172eb41 ✨ support duplicate headers
c6e3849 🔒️ fix array handling
6893518 💚 update CI - add newer node versions
56a345d ✨ add script to update known hashes
175ab21 👷 add upstream change detection (#31)
ce0b2c8 ci: apply OSSF Scorecard security best practices (#20)
1a38c54 fix: use ubuntu-latest as ci runner (#19)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for on-headers since your current version.

Updates rollup from 4.17.2 to 4.53.2

Release notes

Sourced from rollup's releases.

v4.53.2

4.53.2

2025-11-10

Bug Fixes

Do not throw when using invalid escape sequences in template literals (#6177)

Pull Requests

#6177: handle TemplateElement with null cooked value (@TrickyPi)

v4.53.1

4.53.1

2...
Description has been truncated

Bumps the npm_and_yarn group with 4 updates in the / directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [brace-expansion](https://github.com/juliangruber/brace-expansion), [cross-spawn](https://github.com/moxystudio/node-cross-spawn) and [micromatch](https://github.com/micromatch/micromatch). Bumps the npm_and_yarn group with 7 updates in the /seeds/team-experiments directory: | Package | From | To | | --- | --- | --- | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.2.11` | `5.4.21` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.0.2` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `3.0.5` | `3.1.1` | Updates `vite` from 5.2.11 to 5.4.21 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `nanoid` from 3.3.7 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.11) Updates `rollup` from 4.17.2 to 4.53.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.17.2...v4.53.2) Updates `tar-fs` from 3.0.5 to 3.1.1 - [Commits](mafintosh/tar-fs@v3.0.5...v3.1.1) Updates `vite` from 5.2.11 to 5.4.21 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) Updates `brace-expansion` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `nanoid` from 3.3.7 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.11) Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `rollup` from 4.17.2 to 4.53.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.17.2...v4.53.2) Updates `tar-fs` from 3.0.5 to 3.1.1 - [Commits](mafintosh/tar-fs@v3.0.5...v3.1.1) --- updated-dependencies: - dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.53.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 3.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.53.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 3.1.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 14, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 2 directories with 9 updates #342

Bump the npm_and_yarn group across 2 directories with 9 updates #342

Uh oh!

dependabot bot commented on behalf of github Nov 14, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Bump the npm_and_yarn group across 2 directories with 9 updates #342

Are you sure you want to change the base?

Bump the npm_and_yarn group across 2 directories with 9 updates #342

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 14, 2025

v5.4.21

v5.4.20

v5.4.19

v5.4.18

v5.4.17

v5.4.16

v5.4.15

5.4.21 (2025-10-20)

5.4.20 (2025-09-08)

5.4.19 (2025-04-30)

5.4.18 (2025-04-10)

5.4.17 (2025-04-03)

5.4.16 (2025-03-31)

5.4.15 (2025-03-24)

5.4.14 (2025-01-21)

v1.1.12

7.0.6 (2024-11-18)

Bug Fixes

7.0.5 (2024-11-07)

Bug Fixes

7.0.4 (2024-11-07)

Bug Fixes

4.0.8

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

[4.0.6] - 2024-05-21

3.3.11

3.3.10

3.3.9

3.3.11

3.3.10

3.3.9

3.3.8

v4.53.2

4.53.2

Bug Fixes

Pull Requests

v4.53.1

4.53.1

Bug Fixes

Pull Requests

v4.53.0

4.53.0

Features

Pull Requests

4.53.2

Bug Fixes

Pull Requests

4.53.1

Bug Fixes

Pull Requests

4.53.0

Features

Pull Requests

4.52.5

v5.4.21

v5.4.20

v5.4.19

v5.4.18

v5.4.17

v5.4.16

v5.4.15

5.4.21 (2025-10-20)

5.4.20 (2025-09-08)

5.4.19 (2025-04-30)

5.4.18 (2025-04-10)

5.4.17 (2025-04-03)

5.4.16 (2025-03-31)

5.4.15 (2025-03-24)

5.4.14 (2025-01-21)

v1.1.12

v1.1.12

7.0.6 (2024-11-18)

Bug Fixes