Skip to content

Bump the npm_dependencies group with 5 updates#321

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_dependencies-a151bd85e4
Open

Bump the npm_dependencies group with 5 updates#321
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_dependencies-a151bd85e4

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 12, 2025
edited
Loading

Bumps the npm_dependencies group with 5 updates:

Package From To
@rails/actioncable 7.0.2 8.0.201
@rails/activestorage 7.0.2 8.0.201
@rails/ujs 7.0.2 7.1.502
webpack 5.94.0 5.101.3
webpack-cli 5.1.4 6.0.1

Updates @rails/actioncable from 7.0.2 to 8.0.201

Release notes

Sourced from @​rails/actioncable's releases.

8.0.2.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Call inspect on ids in RecordNotFound error

    [CVE-2025-55193]

    Gannon McGibbon, John Hawthorn

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

Remove dangerous transformations

[CVE-2025-24293]

... (truncated)

Commits

Updates @rails/activestorage from 7.0.2 to 8.0.201

Release notes

Sourced from @​rails/activestorage's releases.

8.0.2.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Call inspect on ids in RecordNotFound error

    [CVE-2025-55193]

    Gannon McGibbon, John Hawthorn

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

Remove dangerous transformations

[CVE-2025-24293]

... (truncated)

Commits

Updates @rails/ujs from 7.0.2 to 7.1.502

Release notes

Sourced from @​rails/ujs's releases.

7.1.5.2

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Call inspect on ids in RecordNotFound error

    [CVE-2025-55193]

    Gannon McGibbon, John Hawthorn

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

Remove dangerous transformations

[CVE-2025-24293]

... (truncated)

Commits

Updates webpack from 5.94.0 to 5.101.3

Release notes

Sourced from webpack's releases.

v5.101.3

Fixes

  • Fixed resolve execution order issue from extra await in async modules
  • Avoid empty block for unused statement
  • Collect only specific expressions for destructuring assignment

v5.101.2

Fixes

  • Fixed syntax error when comment is on the last line
  • Handle var declaration for createRequire
  • Distinguish free variable and tagged variable

v5.101.1

Fixes

  • Filter deleted assets in processAdditionalAssets hook
  • HMR failure in defer module
  • Emit assets even if invalidation occurs again
  • Export types for serialization and deserialization in plugins and export the ModuleFactory class
  • Fixed the failure export of internal function for ES module chunk format
  • Fixed GetChunkFilename failure caused by dependOn entry
  • Fixed the import of missing dependency chunks
  • Fixed when entry chunk depends on the runtime chunk hash
  • Fixed module.exports bundle to ESM library
  • Adjusted the time of adding a group depending on the fragment of execution time
  • Fixed circle dependencies when require RawModule and condition of isDeferred
  • Tree-shakable module library should align preconditions of allowInlineStartup

v5.101.0

Fixes

  • Fixed concatenate optimization for ESM that caused undefined export
  • Respect the output.environment.nodePrefixForCoreModules option everywhere
  • Respect the output.importMetaName option everywhere
  • Fixed await async dependencies when accepting them during HMR
  • Better typescript types

Features

  • Added colors helpers for CLI
  • Enable tree-shaking for ESM external modules with named imports
  • Added the deferImport option to parser options

Performance Improvements

  • Fixed a regression in module concatenation after implementing deferred import support
  • Fixed a potential performance issue in CleanPlugin
  • Avoid extra require in some places

... (truncated)

Commits
  • 07b1ac0 chore(release): 5.101.3
  • 8d7efb8 chore(deps-dev): bump the dependencies group with 2 updates (#19816)
  • 935cbd8 docs: update examples (#19812)
  • dc79e95 fix: collect only specific expressions for destructuring assignment
  • 90ae8af fix: avoid empty block for unused statement
  • 8db97f8 fix: resolve execution order issue from extra await in async modules
  • c92deaf ci: pin Node.js 24.x to 24.5.0 in CI workflow (#19813)
  • c50930b refactor(test): correct the value retrieval
  • 613a5ad chore(deps-dev): bump @​babel/core in the dependencies group (#19807)
  • 1d9cc24 chore(release): 5.101.2
  • Additional commits viewable in compare view

Updates webpack-cli from 5.1.4 to 6.0.1

Release notes

Sourced from webpack-cli's releases.

v6.0.1

6.0.1 (2024-12-20)

Bug Fixes

v6.0.0

6.0.0 (2024-12-19)

BREAKING CHANGES

  • the minimum required Node.js version is 18.12.0
  • removed init, loader and plugin commands in favor create-webpack-app
  • dropped support for webpack-dev-server@v4
  • minimum supported webpack version is 5.82.0
  • The --define-process-env-node-env option was renamed to --config-node-env

Bug Fixes

Features

  • output pnpm version with info/version command (#3906) (38f3c6f)
Changelog

Sourced from webpack-cli's changelog.

6.0.1 (2024-12-20)

Bug Fixes

6.0.0 (2024-12-19)

BREAKING CHANGES

  • the minimum required Node.js version is 18.12.0
  • removed init, loader and plugin commands in favor create-webpack-app
  • dropped support for webpack-dev-server@v4
  • minimum supported webpack version is 5.82.0
  • The --define-process-env-node-env option was renamed to --config-node-env

Bug Fixes

Features

  • output pnpm version with info/version command (#3906) (38f3c6f)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 12, 2025
@dependabot @ChaelCodes
Bump the npm_dependencies group with 5 updates
1102167 
Bumps the npm_dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@rails/actioncable](https://github.com/rails/rails) | `7.0.2` | `8.0.201` |
| [@rails/activestorage](https://github.com/rails/rails) | `7.0.2` | `8.0.201` |
| [@rails/ujs](https://github.com/rails/rails) | `7.0.2` | `7.1.502` |
| [webpack](https://github.com/webpack/webpack) | `5.94.0` | `5.101.3` |
| [webpack-cli](https://github.com/webpack/webpack-cli) | `5.1.4` | `6.0.1` |


Updates `@rails/actioncable` from 7.0.2 to 8.0.201
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/commits)

Updates `@rails/activestorage` from 7.0.2 to 8.0.201
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/commits)

Updates `@rails/ujs` from 7.0.2 to 7.1.502
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/commits)

Updates `webpack` from 5.94.0 to 5.101.3
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.94.0...v5.101.3)

Updates `webpack-cli` from 5.1.4 to 6.0.1
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/webpack-cli@5.1.4...webpack-cli@6.0.1)

---
updated-dependencies:
- dependency-name: "@rails/actioncable"
  dependency-version: 8.0.201
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm_dependencies
- dependency-name: "@rails/activestorage"
  dependency-version: 8.0.201
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm_dependencies
- dependency-name: "@rails/ujs"
  dependency-version: 7.1.502
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm_dependencies
- dependency-name: webpack
  dependency-version: 5.101.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm_dependencies
- dependency-name: webpack-cli
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm_dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@ChaelCodes ChaelCodes force-pushed the dependabot/npm_and_yarn/npm_dependencies-a151bd85e4 branch from 52aac60 to 1102167 Compare September 23, 2025 18:49
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 6, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants