Skip to content

build(deps): bump the npm_and_yarn group across 8 directories with 9 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump the npm_and_yarn group across 8 directories with 9 updates #1

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Aug 30, 2025

Bumps the npm_and_yarn group with 1 update in the /pkgs/applications/editors/vim/plugins/patches/markdown-preview-nvim directory: next.
Bumps the npm_and_yarn group with 2 updates in the /pkgs/by-name/aw/awk-language-server directory: brace-expansion and form-data.
Bumps the npm_and_yarn group with 1 update in the /pkgs/by-name/gr/grafana-image-renderer directory: multer.
Bumps the npm_and_yarn group with 1 update in the /pkgs/by-name/ma/matrix-appservice-discord directory: pg-promise.
Bumps the npm_and_yarn group with 1 update in the /pkgs/by-name/ma/matrix-appservice-slack directory: pg-promise.
Bumps the npm_and_yarn group with 2 updates in the /pkgs/by-name/re/react-static directory: tar-fs and webpack-dev-server.
Bumps the npm_and_yarn group with 1 update in the /pkgs/development/tools/yarn2nix-moretea/yarn2nix directory: brace-expansion.
Bumps the npm_and_yarn group with 3 updates in the /pkgs/tools/admin/meshcentral directory: tar-fs, sha.js and undici.

Updates next from 7.0.3 to 15.5.2

Release notes

Sourced from next's releases.

v15.5.2

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: disable unknownatrules lint rule entirely (#83059)
  • revert: add ?dpl to fonts in /_next/static/media (#83062)

Credits

Huge thanks to @​bgub and @​ztanner for helping!

v15.5.1

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: aliased navigations should apply scroll handling (#82900)
  • Turbopack: fix invalid NFT entry with file behind symlink (#82887)
  • fix: typesafe linking to route handlers and pages API routes (#82858)
  • fix: change "noUnknownAtRules" to "warn" for Biome (#82974)
  • fix: add path normalization to getRelativePath for Windows (#82918)
  • feat: add typesafety with config.typedRoutes to redirect() and permanentRedirect() (#82860)
  • fix: avoid importing types that will be unused (#82856)
  • fix: update the config.api.responseLimit type (#82852)
  • fix: update validation return types (#82854)

Credits

Huge thanks to @​bgub, @​mischnic, and @​ztanner for helping!

v15.5.1-canary.20

Misc Changes

  • Turbopack: hide blocking spans in trace server: #83167
  • Update Rspack production test manifest: #83207
  • [create-next-app] Generate route types after setup: #82956
  • Update Rspack development test manifest: #83208
  • docs: fix snippets in getting started: #83228

Credits

Huge thanks to @​sokra, @​vercel-release-bot, @​bgub, and @​icyJoseph for helping!

v15.5.1-canary.19

Core Changes

  • [sourcemaps] Always check for vendor chunks regardless of Node.js version: #83114
  • Turbopack: Remove undocumented legacy syntax for built-in conditions (e.g. foreign, browser): #83068
  • [metadata] update metadata routes cache headers: #83215

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for next since your current version.


Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates form-data from 3.0.1 to 3.0.4

Release notes

Sourced from form-data's releases.

v3.0.2

Fixes

  • npmignore temporary build files (#532)
  • move util.isArray to Array.isArray (#564)

Tests

  • migrate from travis to GHA
Changelog

Sourced from form-data's changelog.

v3.0.4 - 2025-07-16

Fixed

Commits

  • [eslint] update linting config f5e7eb0
  • [meta] add auto-changelog d2eb290
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 e8c574c
  • [Fix] Switch to using crypto random for boundary values c6ced61
  • [Refactor] use hasown 1a78b5d
  • [Fix] validate boundary type in setBoundary() method 70bbaa0
  • [Tests] add tests to check the behavior of getBoundary with non-strings b22a64e
  • [meta] actually ensure the readme backup isn’t published 0150851
  • [meta] remove local commit hooks fc42bb9
  • [Dev Deps] remove unused deps a14d09e
  • [meta] fix scripts to use prepublishOnly 11d9f73
  • [meta] fix readme capitalization fc38b48

v3.0.3 - 2025-02-14

Merged

Fixed

Commits

  • [Refactor] use Object.prototype.hasOwnProperty.call 7fecefe
  • [Dev Deps] update @types/node, browserify, coveralls, cross-spawn, eslint, formidable, in-publish, pkgfiles, pre-commit, puppeteer, request, tape, typescript 8261fcb
  • Only apps should have lockfiles b82f590
  • [Dev Deps] pin request which via tough-cookie ^2.4 depends on psl e5df7f2
  • [Deps] update mime-types 5a5bafe

v3.0.2 - 2024-10-10

Merged

Commits

  • [Tests] migrate from travis to GHA 8fdb3bc
  • [eslint] clean up ignores 3217b3d
  • fix: move util.isArray to Array.isArray (#564) edb555a
Commits
  • 9c82fcd v3.0.4
  • e8c574c [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
  • c6ced61 [Fix] Switch to using crypto random for boundary values
  • 0150851 [meta] actually ensure the readme backup isn’t published
  • fc38b48 [meta] fix readme capitalization
  • d2eb290 [meta] add auto-changelog
  • fc42bb9 [meta] remove local commit hooks
  • a14d09e [Dev Deps] remove unused deps
  • 002b9b0 [Fix] append: avoid a crash on nullish values
  • 70bbaa0 [Fix] validate boundary type in setBoundary() method
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.


Updates multer from 1.4.5-lts.2 to 2.0.2

Release notes

Sourced from multer's releases.

v2.0.2

Important

Full Changelog: expressjs/multer@v2.0.1...v2.0.2

v2.0.1

Important

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from multer's changelog.

2.0.2

2.0.1

2.0.0

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.


Updates pg-promise from 10.15.4 to 12.1.1

Release notes

Sourced from pg-promise's releases.

12.1.1

  • Added PostgreSql v17 into the CI, as officially supported.
  • Removed tslint from dev dependencies, as it is now obsolete.

No code changes.

12.1.0

  • Updated the library to use the latest spex v4.x, which also dumped obsolete custom promises, in favour of ES6 Promise, and improves exports and TypeScript declarations.
  • Removed deprecated label from Task.batch function, as its use is still quite alright. And added a note instead:

NOTE: Consider using async/await syntax instead, or if you must have pre-generated promises, then Promise.allSettled.

12.0.0

Legacy Clean-up

Gone: Custom Promises 🔨

Removed from the library everything related to supporting custom promises, external promise libraries, such as Bluebird, etc., as obsolete.

Now it is ES6 Promise all the way, nothing else, and no customization in that regard.

For example, initialization option promiseLib is gone also.

11.15.0

  • Updated underlying pg driver + pg-query-stream to their latest versions
  • Bumped minimum supported NodeJS version to 16

11.14.0

  • Extending EventContext with property queryFilePath, as per PR-951
  • Added NodeJS v24 compatibility badge.
  • Dependencies updated.

11.13.0

11.12.1

  • Adding enableChannelBinding connection option (see this PR) to the TypeScript declarations.

11.12.0

  • Updated the driver to the latest version
  • Added Vite support, see #955

11.11.0

  • Driver updated to the latest
  • DEV dependencies updated
  • CI link fixed

... (truncated)

Commits

Updates pg-promise from 10.15.4 to 12.1.1

Release notes

Sourced from pg-promise's releases.

12.1.1

  • Added PostgreSql v17 into the CI, as officially supported.
  • Removed tslint from dev dependencies, as it is now obsolete.

No code changes.

12.1.0

  • Updated the library to use the latest spex v4.x, which also dumped obsolete custom promises, in favour of ES6 Promise, and improves exports and TypeScript declarations.
  • Removed deprecated label from Task.batch function, as its use is still quite alright. And added a note instead:

NOTE: Consider using async/await syntax instead, or if you must have pre-generated promises, then Promise.allSettled.

12.0.0

Legacy Clean-up

Gone: Custom Promises 🔨

Removed from the library everything related to supporting custom promises, external promise libraries, such as Bluebird, etc., as obsolete.

Now it is ES6 Promise all the way, nothing else, and no customization in that regard.

For example, initialization option promiseLib is gone also.

11.15.0

  • Updated underlying pg driver + pg-query-stream to their latest versions
  • Bumped minimum supported NodeJS version to 16

11.14.0

  • Extending EventContext with property queryFilePath, as per PR-951
  • Added NodeJS v24 compatibility badge.
  • Dependencies updated.

11.13.0

11.12.1

  • Adding enableChannelBinding connection option (see this PR) to the TypeScript declarations.

11.12.0

  • Updated the driver to the latest version
  • Added Vite support, see #955

11.11.0

  • Driver updated to the latest
  • DEV dependencies updated
  • CI link fixed

... (truncated)

Commits

Updates tar-fs from 2.1.3 to 3.1.0

Commits

Updates webpack-dev-server from 3.11.3 to 5.2.2

Release notes

Sourced from webpack-dev-server's releases.

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

v5.2.1

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

  • speed up initial client bundling (145b5d0)

v5.1.0

5.1.0 (2024-09-03)

Features

  • add visual progress indicators (a8f40b7)
  • added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
  • allow the server option to be Function (#5275) (02a1c6d)
  • http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.2 (2025-06-03)

Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

  • speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

  • add visual progress indicators (a8f40b7)
  • added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
  • allow the server option to be Function (#5275) (02a1c6d)
  • http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

  • check the platform property to determinate the target (#5269) (c3b532c)

... (truncated)

Commits
  • 195a7e6 chore(release): 5.2.2
  • 620bef1 chore(deps): update (#5511)
  • 03d1214 fix: respect the allowedHosts option for cross-origin header check (#5510)
  • 5ba862e chore(deps-dev): bump the dependencies group across 1 directory with 7 update...
  • f7fec94 chore: fix typo (#5508)
  • 6ee8cd0 ci: add Node.js v24 (#5492)
  • d30f963 chore: update http-proxy-middleware to ^2.0.9 (#5503)
  • 66cf033 chore(deps-dev): bump the dependencies group with 2 updates (#5504)
  • 4367a5c refactor: use 'String#startsWith' & replace if-then-else (#5501)
  • 8e6604f chore(deps): bump the dependencies group across 1 directory with 4 updates (#...
  • Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates tar-fs from 2.1.2 to 2.1.3

Commits

Updates sha.js from 2.4.11 to 2.4.12

Changelog

Sourced from sha.js's changelog.

v2.4.12 - 2025-07-01

Commits

  • [eslint] switch to eslint 7acadfb
  • [meta] add auto-changelog b46e711
  • [eslint] fix package.json indentation df9d521
  • [Tests] migrate from travis to GHA c43c64a
  • [Fix] support multi-byte wide typed arrays f2a258e
  • [meta] reorder package.json d8d77c0
  • [meta] add npmignore 35aec35
  • [Tests] avoid console logs 73e33ae
  • [Tests] fix tests run in batch 2629130
  • [Tests] drop node requirement to 0.10 00c7f23
  • [Dev Deps] update buffer, hash-test-vectors, standard, tape, typedarray 92b5de5
  • [Tests] drop node requirement to v3 9b5eca8
  • [meta] set engines to &gt;= 4 807084c
  • Only apps should have lockfiles c72789c
  • [Deps] update inherits, safe-buffer 5428cfc
  • [Dev Deps] update @ljharb/eslint-config 2dbe0aa
  • update README to reflect LICENSE 8938256
  • [Dev Deps] add missing peer dep d528896
  • [Dev Deps] remove unused buffer dep 94ca724
Commits
  • eb4ea2f v2.4.12
  • d8d77c0 [meta] reorder package.json
  • df9d521 [eslint] fix package.json indentation
  • 35aec35 [meta] add npmignore
  • d528896 [Dev Deps] add missing peer dep
  • b46e711 [meta] add auto-changelog
  • 94ca724 [Dev Deps] remove unused buffer dep
  • 2dbe0aa [Dev Deps] update @ljharb/eslint-config
  • 73e33ae [Tests] avoid console logs
  • f2a258e [Fix] support multi-byte wide typed arrays
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for sha.js since your current version.


Updates undici from 5.28.5 to 5.29.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

Commits
  • 9528f68 Bumped v5.29.0
  • f1d75a4 increase timeout for redirect test
  • 2d31ed6 remove fuzzing tests
  • 6b36d49 fix redirect test in Node v16
  • 648dd8f more fix for the wpt runner on Windows
  • a0516ba don't use internal header state for cookies (#3295)
  • 87ce4af fix test/client for node 20
  • c2c8fd5 fix: accept v20 SSL specific error for alpn selection...

    Description has been truncated

@dependabot
build(deps): bump the npm_and_yarn group across 8 directories with 9 …
f148899 
…updates

Bumps the npm_and_yarn group with 1 update in the /pkgs/applications/editors/vim/plugins/patches/markdown-preview-nvim directory: [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 2 updates in the /pkgs/by-name/aw/awk-language-server directory: [brace-expansion](https://github.com/juliangruber/brace-expansion) and [form-data](https://github.com/form-data/form-data).
Bumps the npm_and_yarn group with 1 update in the /pkgs/by-name/gr/grafana-image-renderer directory: [multer](https://github.com/expressjs/multer).
Bumps the npm_and_yarn group with 1 update in the /pkgs/by-name/ma/matrix-appservice-discord directory: [pg-promise](https://github.com/vitaly-t/pg-promise).
Bumps the npm_and_yarn group with 1 update in the /pkgs/by-name/ma/matrix-appservice-slack directory: [pg-promise](https://github.com/vitaly-t/pg-promise).
Bumps the npm_and_yarn group with 2 updates in the /pkgs/by-name/re/react-static directory: [tar-fs](https://github.com/mafintosh/tar-fs) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).
Bumps the npm_and_yarn group with 1 update in the /pkgs/development/tools/yarn2nix-moretea/yarn2nix directory: [brace-expansion](https://github.com/juliangruber/brace-expansion).
Bumps the npm_and_yarn group with 3 updates in the /pkgs/tools/admin/meshcentral directory: [tar-fs](https://github.com/mafintosh/tar-fs), [sha.js](https://github.com/crypto-browserify/sha.js) and [undici](https://github.com/nodejs/undici).


Updates `next` from 7.0.3 to 15.5.2
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@7.0.3...v15.5.2)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `form-data` from 3.0.1 to 3.0.4
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/v3.0.4/CHANGELOG.md)
- [Commits](form-data/form-data@v3.0.1...v3.0.4)

Updates `multer` from 1.4.5-lts.2 to 2.0.2
- [Release notes](https://github.com/expressjs/multer/releases)
- [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md)
- [Commits](expressjs/multer@v1.4.5-lts.2...v2.0.2)

Updates `pg-promise` from 10.15.4 to 12.1.1
- [Release notes](https://github.com/vitaly-t/pg-promise/releases)
- [Commits](vitaly-t/pg-promise@10.15.4...12.1.1)

Updates `pg-promise` from 10.15.4 to 12.1.1
- [Release notes](https://github.com/vitaly-t/pg-promise/releases)
- [Commits](vitaly-t/pg-promise@10.15.4...12.1.1)

Updates `tar-fs` from 2.1.3 to 3.1.0
- [Commits](mafintosh/tar-fs@v2.1.3...v3.1.0)

Updates `webpack-dev-server` from 3.11.3 to 5.2.2
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v3.11.3...v5.2.2)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `tar-fs` from 2.1.2 to 2.1.3
- [Commits](mafintosh/tar-fs@v2.1.3...v3.1.0)

Updates `sha.js` from 2.4.11 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.11...v2.4.12)

Updates `undici` from 5.28.5 to 5.29.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.5...v5.29.0)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 3.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: multer
  dependency-version: 2.0.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: pg-promise
  dependency-version: 12.1.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: pg-promise
  dependency-version: 12.1.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 3.1.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-server
  dependency-version: 5.2.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Aug 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant