Bump the npm_and_yarn group across 2 directories with 17 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the /client directory:

Package	From	To
firebase	9.8.1	10.9.0
nanoid	3.3.4	3.3.11
postcss	8.4.13	8.4.31
vite	2.9.16	5.4.21
@babel/traverse	7.17.10	7.28.5
braces	3.0.2	3.0.3
ws	8.2.3	8.18.3

Bumps the npm_and_yarn group with 4 updates in the /server directory: braces, ws, express and cookie.

Updates firebase from 9.8.1 to 10.9.0

Commits

• 1eb302f Version Packages (#8063)
• b498867 Merge master into release
• ce88e71 snapshot listeners source from cache (#7982)
• 6d487d7 Prevent using authTokenSyncURL if the string begins with a double slash (#8060)
• b4d59d6 Merge master into release
• 2b22838 Fix glob pattern to work with Node 20 and its NPM version (#8059)
• feb5038 Update CI node.js versions to 20.x (#8055)
• 245dd26 Enforce authTokenSyncURL being a path and not a url. (#8056)
• e60188d Version Packages (#8046)
• 7e2efbf Merge master into release
• Additional commits viewable in compare view

Updates nanoid from 3.3.4 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

• Fixed React Native support.

3.3.10

• Fixed React Native support (by @​steida).

3.3.9

• Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.11

• Fixed React Native support.

3.3.10

• Fixed React Native support (by @​steida).

3.3.9

• Reduced npm package size.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

3.3.7

• Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

• Fixed package.

3.3.5

• Backport funding information.

Commits

• 37289ce Release 3.3.11 version
• 23690b7 Fix CI
• c147962 Fix RN support
• a83734e Move to manually ESM/CJS dual package
• bb12e8a Release 3.3.10 version
• 8f44264 Fix Expo support
• adf9b0c Release 3.3.9 version
• 1c6f088 Remove dev file from npm package
• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• Additional commits viewable in compare view

Updates postcss from 8.4.13 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
• Additional commits viewable in compare view

Updates vite from 2.9.16 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

v5.4.19

Please refer to CHANGELOG.md for details.

v5.4.18

Please refer to CHANGELOG.md for details.

v5.4.17

Please refer to CHANGELOG.md for details.

v4.5.14

Please refer to CHANGELOG.md for details.

v4.5.13

Please refer to CHANGELOG.md for details.

v4.5.12

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

• fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970) (cad1d31), closes #20968 #20970
• chore: update CHANGELOG (ca88ed7)

5.4.20 (2025-09-08)

• fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736
• fix: port sirv@3.0.2 changes to sirv@2.0.4 (#20737) (4f1c35b), closes #20737

5.4.19 (2025-04-30)

• fix: backport #19965, check static serve file inside sirv (#19966) (766947e), closes #19965 #19966

5.4.18 (2025-04-10)

• fix: backport #19830, reject requests with # in request-target (#19831) (823675b), closes #19830 #19831

5.4.17 (2025-04-03)

• fix: backport #19782, fs check with svg and relative paths (#19784) (84b2b46), closes #19782 #19784

5.4.16 (2025-03-31)

• fix: backport #19761, fs check in transform middleware (#19762) (b627c50), closes #19761 #19762

5.4.15 (2025-03-24)

• fix: backport #19702, fs raw query with query separators (#19703) (807d7f0), closes #19702 #19703

5.4.14 (2025-01-21)

• fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246
• fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

... (truncated)

Commits

• adce3c2 release: v5.4.21
• cad1d31 fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970)
• ca88ed7 chore: update CHANGELOG
• 997700f release: v5.4.20
• 482000f fix: apply fs.strict check to HTML files (#20736)
• 80a333a release: v5.4.19
• 766947e fix: backport #19965, check static serve file inside sirv (#19966)
• 731b77d release: v5.4.18
• 823675b fix: backport #19830, reject requests with # in request-target (#19831)
• 0a2518a release: v5.4.17
• Additional commits viewable in compare view

Updates @babel/traverse from 7.17.10 to 7.28.5

Release notes

Sourced from @​babel/traverse's releases.

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

Committers: 8

• Babel Bot (@​babel-bot)
• Byeongho Yoo (@​youthfulhps)
• Huáng Jùnliàng (@​JLHwung)
• Hyeon Dokko (@​CO0Ki3)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​Olexandr88
• @​liuxingbaoyu
• fisker Cheung (@​fisker)

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.28.5 (2025-10-23)

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

v7.28.4 (2025-09-05)

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime

... (truncated)

Commits

• 61647ae v7.28.5
• e579cb0 Enable strictNullChecks for traverse (#17499)
• 7385eae [Babel 8] Improve scope information collection performance (#17043)
• 26bc651 [Babel 8] Better node type definitions for computed (#17500)
• e626523 Fix JSXIdentifier handling in isReferencedIdentifier (#17503)
• 19c9126 fix: ensure scope.push register in anonymous fn (#17504)
• 35055e3 v7.28.4
• b41f8cd Update Jest to v30.1.1 (#17493)
• 22493b6 Improve @​babel/traverse typings (#17485)
• 18d88b8 Improve @​babel/core typings (#17471)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/traverse since your current version.

Updates @grpc/grpc-js from 1.6.7 to 1.9.15

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.9.15

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.9.14

• Fix a bug that could rarely cause connection leaks (#2644)
• Fix a bug that could cause clients to go IDLE incorrectly some time after calling waitForReady (#2643)

@​grpc/grpc-js 1.9.13

• Fix a bug that could cause the Node process to close early when establishing a connection while a request is pending (#2626)

@​grpc/grpc-js 1.9.12

• Fix a bug that could cause connectivity state information to become stale in some circumstances (#2623)

@​grpc/grpc-js 1.9.11

• Fix a busy loop when recovering from a failure to establish a connection to a unix domain socket address target (#2618)
• Fix a bug that caused clients to stop trying to connect to a fixed IP address target after a working connection drops (#2619)

@​grpc/grpc-js 1.9.10

• Provide the correct port to the proxy when connecting to a target without an explicitly specified port (#2608 contributed by @​segevfiner)
• Properly handle goaway events with no additional data attached (#2611)

@​grpc/grpc-js 1.9.9

• Fix a busy loop when recovering from a failure to establish a connection to a fixed IP address target (#2609)

@​grpc/grpc-js 1.9.8

• Fix a memory leak caused by creating and closing multiple clients (#2606)

@​grpc/grpc-js 1.9.7

• Fix a bug that could cause a client to not update name resolution after multiple failed connection attempts (#2602)

@​grpc/grpc-js 1.9.6

• Include more information in most "No connection established" errors (#2598)
• Remove the index tracer, and add more information to other trace logs (#2599)

@​grpc/grpc-js 1.9.5

• Fix a type inconsistency in server-call.ts (#2589 contributed by @​rsnullptr)
• Close ports if the server is shut down while the bind operation is ongoing (#2590)

@​grpc/grpc-js 1.9.4

• Fix a bug that could cause a client to sometimes incorrectly hold the process open when no longer in use (#2586)

@​grpc/grpc-js 1.9.3

• Make a few improvements to DNS resolving timing (#2571)

Experimental changes:

• Added grpc.experimental.BackoffTimeout#getEndTime

@​grpc/grpc-js 1.9.2

• Handle error when sending keepalive pings (#2563)

... (truncated)

Commits

• 08b0422 Merge pull request from GHSA-7v5v-9h63-cj86
• c75e048 grpc-js: Bump to 1.9.15
• d5d62b4 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
• 02d0344 Merge pull request #2741 from sergiitk/backport-1.9-psm-interop-common-prod-t...
• cf14020 Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
• da44229 Merge pull request #2738 from murgatroid99/backport-1.9-grpc-js_linkify-it_fix
• 5ae7c8c Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
• eed21ba Merge pull request #2714 from sergiitk/backport-1.9-psm-interop-pkg-dev
• 63763a4 Merge pull request #2712 from sergiitk/psm-interop-pkg-dev
• 5be83dd Merge pull request #2643 from murgatroid99/grpc-js_idle_timer_fix
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates esbuild from 0.14.39 to 0.21.5

Release notes

Sourced from esbuild's releases.

v0.21.5

• Fix Symbol.metadata on classes without a class decorator (#3781)

  This release fixes a bug with esbuild's support for the decorator metadata proposal. Previously esbuild only added the Symbol.metadata property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the Symbol.metadata property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.

• Allow unknown import attributes to be used with the copy loader (#3792)

  Import attributes (the with keyword on import statements) are allowed to alter how that path is loaded. For example, esbuild cannot assume that it knows how to load ./bagel.js as type bagel:

  // This is an error with "--bundle" without also using "--external:./bagel.js"
  import tasty from "./bagel.js" with { type: "bagel" }

  Because of that, bundling this code with esbuild is an error unless the file ./bagel.js is external to the bundle (such as with --bundle --external:./bagel.js).

  However, there is an additional case where it's ok for esbuild to allow this: if the file is loaded using the copy loader. That's because the copy loader behaves similarly to --external in that the file is left external to the bundle. The difference is that the copy loader copies the file into the output folder and rewrites the import path while --external doesn't. That means the following will now work with the copy loader (such as with --bundle --loader:.bagel=copy):

  // This is no longer an error with "--bundle" and "--loader:.bagel=copy"
  import tasty from "./tasty.bagel" with { type: "bagel" }

• Support import attributes with glob-style imports (#3797)

  This release adds support for import attributes (the with option) to glob-style imports (dynamic imports with certain string literal patterns as paths). These imports previously didn't support import attributes due to an oversight. So code like this will now work correctly:

  async function loadLocale(locale: string): Locale {
    const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
    return unpackLocale(locale, data)
  }

  Previously this didn't work even though esbuild normally supports forcing the JSON loader using an import attribute. Attempting to do this used to result in the following error:

  ✘ [ERROR] No loader is configured for ".data" files: locales/en-US.data
  example.ts:2:28:
    2 │   const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
      ╵                             ~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  

  In addition, this change means plugins can now access the contents of with for glob-style imports.

• Support ${configDir} in tsconfig.json files (#3782)

  This adds support for a new feature from the upcoming TypeScript 5.5 release. The character sequence ${configDir} is now respected at the start of baseUrl and paths values, which are used by esbuild during bundling to correctly map import paths to file system paths. This feature lets base tsconfig.json files specified via extends refer to the directory of the top-level tsconfig.json file. Here is an example:

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2022

This changelog documents all esbuild versions published in the year 2022 (versions 0.14.11 through 0.16.12).

0.16.12

• Loader defaults to js for extensionless files (#2776)

  Certain packages contain files without an extension. For example, the yargs package contains the file yargs/yargs which has no extension. Node, Webpack, and Parcel can all understand code that imports yargs/yargs because they assume that the file is JavaScript. However, esbuild was previously unable to understand this code because it relies on the file extension to tell it how to interpret the file. With this release, esbuild will now assume files without an extension are JavaScript files. This can be customized by setting the loader for "" (the empty string, representing files without an extension) to another loader. For example, if you want files without an extension to be treated as CSS instead, you can do that like this:

  • CLI:

    esbuild --bundle --loader:=css
    

  • JS:

    esbuild.build({
      bundle: true,
      loader: { '': 'css' },
    })

  • Go:

    api.Build(api.BuildOptions{
      Bundle: true,
      Loader: map[string]api.Loader{"": api.LoaderCSS},
    })

  In addition, the "type" field in package.json files now only applies to files with an explicit .js, .jsx, .ts, or .tsx extension. Previously it was incorrectly applied by esbuild to all files that had an extension other than .mjs, .mts, .cjs, or .cts including extensionless files. So for example an extensionless file in a "type": "module" package is now treated as CommonJS instead of ESM.

0.16.11

• Avoid a syntax error in the presence of direct eval (#2761)

  The behavior of nested function declarations in JavaScript depends on whether the code is run in strict mode or not. It would be problematic if esbuild preserved nested function declarations in its output because then the behavior would depend on whether the output was run in strict mode or not instead of respecting the strict mode behavior of the original source code. To avoid this, esbuild transforms nested function declarations to preserve the intended behavior of the original source code regardless of whether the output is run in strict mode or not:

  // Original code
  if (true) {
    function foo() {}
    console.log(!!foo)
    foo = null
    console.log(!!foo)
  }

... (truncated)

Commits

• fc37c2f publish 0.21.5 to npm
• cb11924 fix Symbol.metadata errors in decorator tests
• b93a2a9 fix #3781: add metadata to all decorated classes
• 953dae9 fix #3797: import attributes and glob-style import
• 98cb2ed fix #3782: support ${configDir} in tsconfig.json
• 8e6603b run make update-compat-table
• db1b8ca fix #3792: import attributes and the copy loader
• de572d0 fix non-deterministic import attribute plugin test
• ae8d1b4 fix #3794: --supported:object-accessors=false
• 67cbf87 publish 0.21.4 to npm
• Additional commits viewable in compare view

Updates rollup from 2.73.0 to 4.54.0

Release notes

Sourced from rollup's releases.

v4.54.0

4.54.0

2025-12-20

Features

• Enable tree-shaking for Symbol.hasInstance, Symbol.dispose and Symbol.asyncDispose properties if unused (#6046)

Bug Fixes

• Ensure that well-known-Symbol-valued properties are not tree-shaken except in select cases (#6046)
• Ensure namespace properties are included when referenced only from a try-catch (#6216)

Pull Requests

• #6046: fix: correctly handle wellknown protocols (@​cyyynthia, @​lukastaegert)
• #6201: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #6211: chore(deps): update msys2/setup-msys2 digest to 4f806de (@​renovate[bot], @​lukastaegert)
• #6212: chore(deps): update actions/cache action to v5 (@​renovate[bot])
• #6213: chore(deps): update github artifact actions (major) (@​renovate[bot])
• #6214: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6215: chore(deps): lock file maintenance (@​renovate[bot])
• #6216: fix: include namespace variable paths during try-catch deoptimization (@​schwing)

v4.53.5

4.53.5

2025-12-16

Bug Fixes

• Fix wrong semicolon insertion position when using JSX (#6206)
• Generate spec-compliant sourcemaps when sources content is excluded (#6196)

Pull Requests

• #6196: fix: set sourcesContent to undefined instead of null when excluding sources content (@​TrickyPi)
• #6206: Fix semicolon order in JSX (@​TrickyPi)

v4.53.4

4.53.4

2025-12-15

Bug Fixes

• Ensure Symbol.dispose and Symbol.asyncDispose properties are never removed with (await) using declarations. (#6209)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

rollup changelog

2.79.1

2022-09-22

Bug Fixes

• Avoid massive performance degradation when creating thousands of chunks (#4643)

Pull Requests

• #4639: fix: typo docs and contributors link in CONTRIBUTING.md ( @​takurinton)
• #4641: Update type definition of resolveId (@​ivanjonas)
• #4643: Improve performance of chunk naming collision check ( @​lukastaegert)

2.79.0

2022-08-31

Features

• Add amd.forceJsExtensionForImports to enforce using .js extensions for relative AMD imports (#4607)

Pull Requests

• #4607: add option to keep extensions for amd (@​wh1tevs)

2.78.1

2022-08-19

Bug Fixes

• Avoid inferring "arguments" as name for a default export placeholder variable (#4613)

Pull Requests

• #4613: Prevent using arguments for generated variable names ( @​lukastaegert)

2.78.0

2022-08-14

Features

• Support writing plugin hooks as objects with a "handler" property (#4600)
• Allow changing execution order per plugin hook (#4600)
• Add flag to execute plugins in async parallel hooks sequentially (#4600)

... (truncated)

Commits

• 88f1430 4.54.0
• e5e01c1 fix: include namespace variable paths during try-catch deoptimization (#6216)
• 107959c fix: correctly handle wellknown protocols (#6046)
• 160514d chore(deps): lock file maintenance (#6215)
• 59bda58 chore(deps): update msys2/setup-msys2 digest to 4f806de (#6211)
• 9b7ca4d chore(deps): update actions/cache action to v5 (#6212)
• abf1fb5 chore(deps): update github artifact actions (major) (#6213)
• 0dec3ca fix(deps): lock file maintenance minor/patch updates (#6214)
• c3fa50c chore(deps): update dependency lru-cache to v11 (#6201)
• 31bb66e 4.53.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Updates ws from 8.2.3 to 8.18.3

Release notes

Sourced from ws's releases.

8.18.3

Bug fixes

• Fixed a spec violation where the Sec-WebSocket-Version header was not added to the HTTP response if the client requested version was either invalid or unacceptable (#2291).

8.18.2

Bug fixes

• Fixed an issue that, during message decompression when the maximum size was exceeded, led to the emission of an inaccurate error and closure of the connection with an improper close code (#2285).

8.18.1

Bug fixes

• The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

8.18.0

Features

• Added...

  Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
chat-application-firebase	Error		Dec 30, 2025 11:05pm