Skip to content

deps: bump the major-app-dependencies group across 1 directory with 6 updates #495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

deps: bump the major-app-dependencies group across 1 directory with 6 updates #495

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 1, 2025
edited
Loading

Bumps the major-app-dependencies group with 6 updates in the / directory:

Package From To
firebase 11.10.0 12.2.1
@types/node 22.17.0 24.3.0
@vitejs/plugin-react 4.7.0 5.0.2
dotenv-cli 8.0.0 10.0.0
vite 6.3.5 7.1.4
dotenv 16.6.1 17.2.2

Updates firebase from 11.10.0 to 12.2.1

Release notes

Sourced from firebase's releases.

firebase@12.2.1

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/ai@​2.2.1

Patch Changes

firebase@12.2.1

Patch Changes

firebase@12.2.0

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/ai@​2.2.0

Minor Changes

  • 984086b #9224 - Add support for the Gemini Live API.

  • 9b63cd6 #9192 - Add thoughtSummary() convenience method to EnhancedGenerateContentResponse.

  • 02280d7 #9201 - Add App Check limited use token option to getAI().

Patch Changes

  • 84b8bed #9222 - Fixed an issue where AIError messages were too long after including an entire response body.

  • c5f08a9 #9216 - Add 'includeSafetyAttributes' field to Predict request payloads.

  • cbef6c6 #9225 - Exclude ChromeAdapterImpl code from Node entry point.

firebase@12.2.0

Minor Changes

  • 984086b #9224 - Add support for the Gemini Live API.

  • 9b63cd6 #9192 - Add thoughtSummary() convenience method to EnhancedGenerateContentResponse.

  • 02280d7 #9201 - Add App Check limited use token option to getAI().

... (truncated)

Commits

Updates @types/node from 22.17.0 to 24.3.0

Commits

Updates @vitejs/plugin-react from 4.7.0 to 5.0.2

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@5.0.2

Skip transform hook completely in rolldown-vite in dev if possible (#783)

plugin-react@5.0.1

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

Fix reactRefreshHost option on rolldown-vite (#716)

Fix RefreshRuntime being injected twice for class components on rolldown-vite (#708)

Skip babel-plugin-react-compiler on non client environment (689)

plugin-react@5.0.0

(Same content as v5.0.0-beta.0 https://github.com/vitejs/vite-plugin-react/releases/tag/plugin-react%405.0.0-beta.0)

Use Oxc for react refresh transform in rolldown-vite

When used with rolldown-vite, this plugin now uses Oxc for react refresh transform.

Since this behavior is what @vitejs/plugin-react-oxc did, @vitejs/plugin-react-oxc is now deprecated and the disableOxcRecommendation option is removed.

Also, while @vitejs/plugin-react-oxc used the production JSX transform even for NODE_ENV=development build, @vitejs/plugin-react uses the development JSX transform for NODE_ENV=development build.

Allow processing files in node_modules

The default value of exclude options is now [/\/node_modules\//] to allow processing files in node_modules directory. It was previously [] and files in node_modules was always excluded regardless of the value of exclude option.

react and react-dom is no longer added to resolve.dedupe automatically

Adding values to resolve.dedupe forces Vite to resolve them differently from how Node.js does, which can be confusing and may not be expected. This plugin no longer adds react and react-dom to resolve.dedupe automatically.

If you encounter errors after upgrading, check your package.json for version mismatches in dependencies or devDependencies, as well as your package manager’s configuration. If you prefer the previous behavior, you can manually add react and react-dom to resolve.dedupe.

Remove old babel-plugin-react-compiler support that requires runtimeModule option

runtimeModule option is no longer needed in newer babel-plugin-react-compiler versions. Make sure to use a newer version of babel-plugin-react-compiler that supports target option.

Require Node 20.19+, 22.12+

This plugin now requires Node 20.19+ or 22.12+.

plugin-react@5.0.0-beta.0

Use Oxc for react refresh transform in rolldown-vite

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react's changelog.

5.0.2 (2025-08-28)

Skip transform hook completely in rolldown-vite in dev if possible (#783)

5.0.1 (2025-08-19)

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

Fix reactRefreshHost option on rolldown-vite (#716)

Fix RefreshRuntime being injected twice for class components on rolldown-vite (#708)

Skip babel-plugin-react-compiler on non client environment (689)

5.0.0 (2025-08-07)

5.0.0-beta.0 (2025-07-28)

Use Oxc for react refresh transform in rolldown-vite

When used with rolldown-vite, this plugin now uses Oxc for react refresh transform.

Since this behavior is what @vitejs/plugin-react-oxc did, @vitejs/plugin-react-oxc is now deprecated and the disableOxcRecommendation option is removed.

Also, while @vitejs/plugin-react-oxc used the production JSX transform even for NODE_ENV=development build, @vitejs/plugin-react uses the development JSX transform for NODE_ENV=development build.

Allow processing files in node_modules

The default value of exclude options is now [/\/node_modules\//] to allow processing files in node_modules directory. It was previously [] and files in node_modules was always excluded regardless of the value of exclude option.

react and react-dom is no longer added to resolve.dedupe automatically

Adding values to resolve.dedupe forces Vite to resolve them differently from how Node.js does, which can be confusing and may not be expected. This plugin no longer adds react and react-dom to resolve.dedupe automatically.

If you encounter errors after upgrading, check your package.json for version mismatches in dependencies or devDependencies, as well as your package manager’s configuration. If you prefer the previous behavior, you can manually add react and react-dom to resolve.dedupe.

Remove old babel-plugin-react-compiler support that requires runtimeModule option

runtimeModule option is no longer needed in newer babel-plugin-react-compiler versions. Make sure to use a newer version of babel-plugin-react-compiler that supports target option.

Require Node 20.19+, 22.12+

This plugin now requires Node 20.19+ or 22.12+.

Commits
  • 1f4b4d9 release: plugin-react@5.0.2
  • c719e5d perf(react): skip transform hook completely in rolldown-vite in dev if possib...
  • 9989897 fix(deps): update all non-major dependencies (#773)
  • 1ab2666 build: watch common package (#748)
  • efe4344 release: plugin-react@5.0.1
  • 126bdb0 feat: set optimizeDeps.rollupOptions.transform.jsx instead of `optimizeDeps...
  • d3934ad perf(react): skip react compiler when compilationMode: "annotation" but no ...
  • e2f0c78 fix(react): respect tsconfig jsxImportSource by default (#726)
  • ba0323c fix(deps): update all non-major dependencies (#729)
  • d33f37d refactor(react): simplify rolldown-vite only plugins (#720)
  • Additional commits viewable in compare view

Updates dotenv-cli from 8.0.0 to 10.0.0

Release notes

Sourced from dotenv-cli's releases.

v10.0.0: bump dotenv-expand

Fixes entropitor/dotenv-cli#121

v9.0.0 Bump dotenv and be quiet by default

entropitor/dotenv-cli#129

Commits

Updates vite from 6.3.5 to 7.1.4

Release notes

Sourced from vite's releases.

v7.1.4

Please refer to CHANGELOG.md for details.

v7.1.3

Please refer to CHANGELOG.md for details.

create-vite@7.1.3

Please refer to CHANGELOG.md for details.

v7.1.2

Please refer to CHANGELOG.md for details.

create-vite@7.1.2

Please refer to CHANGELOG.md for details.

v7.1.1

Please refer to CHANGELOG.md for details.

create-vite@7.1.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.1.0

Please refer to CHANGELOG.md for details.

create-vite@7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0-beta.1

Please refer to CHANGELOG.md for details.

v7.1.0-beta.0

Please refer to CHANGELOG.md for details.

v7.0.8

Please refer to CHANGELOG.md for details.

v7.0.7

Please refer to CHANGELOG.md for details.

v7.0.6

Please refer to CHANGELOG.md for details.

v7.0.5

Please refer to CHANGELOG.md for details.

v7.0.4

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.1.4 (2025-09-01)

Bug Fixes

Miscellaneous Chores

  • remove unused constants entry from rolldown.config.ts (#20710) (537fcf9)

Code Refactoring

  • remove unnecessary minify parameter from finalizeCss (#20701) (8099582)

7.1.3 (2025-08-19)

Features

  • cli: add Node.js version warning for unsupported versions (#20638) (a1be1bf)
  • generate code frame for parse errors thrown by terser (#20642) (a9ba017)
  • support long lines in generateCodeFrame (#20640) (1559577)

Bug Fixes

  • deps: update all non-major dependencies (#20634) (4851cab)
  • optimizer: incorrect incompatible error (#20439) (446fe83)
  • support multiline new URL(..., import.meta.url) expressions (#20644) (9ccf142)

Performance Improvements

Miscellaneous Chores

Code Refactoring

Tests

7.1.2 (2025-08-12)

Bug Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite since your current version.


Updates dotenv from 16.6.1 to 17.2.2

Changelog

Sourced from dotenv's changelog.

17.2.2 (2025-09-02)

Added

  • 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

  • Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

  • Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
  • Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})
# .env
DOTENV_CONFIG_QUIET=true
HELLO="World"
// index.js
require('dotenv').config()
console.log(`Hello ${process.env.HELLO}`)
$ node index.js
Hello World
or
$ DOTENV_CONFIG_QUIET=true node index.js

17.1.0 (2025-07-07)

Added

  • Add additional security and configuration tips to the runtime log (#884)
  • Dim the tips text from the main injection information text
const TIPS = [
  '🔐 encrypt with dotenvx: https://dotenvx.com',
  '🔐 prevent committing .env to code: https://dotenvx.com/precommit',
  '🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
</tr></table>

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps: bump the major-app-dependencies group across 1 directory with 6…
f94cf24 
… updates

Bumps the major-app-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [firebase](https://github.com/firebase/firebase-js-sdk) | `11.10.0` | `12.2.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.17.0` | `24.3.0` |
| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `4.7.0` | `5.0.2` |
| [dotenv-cli](https://github.com/entropitor/dotenv-cli) | `8.0.0` | `10.0.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `7.1.4` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.6.1` | `17.2.2` |



Updates `firebase` from 11.10.0 to 12.2.1
- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)
- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@11.10.0...firebase@12.2.1)

Updates `@types/node` from 22.17.0 to 24.3.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vitejs/plugin-react` from 4.7.0 to 5.0.2
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.0.2/packages/plugin-react)

Updates `dotenv-cli` from 8.0.0 to 10.0.0
- [Release notes](https://github.com/entropitor/dotenv-cli/releases)
- [Commits](entropitor/dotenv-cli@v8.0.0...v10.0.0)

Updates `vite` from 6.3.5 to 7.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.4/packages/vite)

Updates `dotenv` from 16.6.1 to 17.2.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.6.1...v17.2.2)

---
updated-dependencies:
- dependency-name: firebase
  dependency-version: 12.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-app-dependencies
- dependency-name: "@types/node"
  dependency-version: 24.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-app-dependencies
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 5.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-app-dependencies
- dependency-name: dotenv-cli
  dependency-version: 10.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-app-dependencies
- dependency-name: vite
  dependency-version: 7.1.4
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-app-dependencies
- dependency-name: dotenv
  dependency-version: 17.2.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-app-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 1, 2025
@stdavis stdavis self-assigned this Nov 3, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 25, 2025

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot bot closed this Nov 25, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/major-app-dependencies-0e9b5899fb branch November 25, 2025 00:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@stdavis stdavis

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stdavis