chore(deps): bump the npm_and_yarn group across 2 directories with 21 updates by dependabot[bot] · Pull Request #34 · trust0-project/uaito

dependabot · 2026-02-24T13:48:47Z

Bumps the npm_and_yarn group with 20 updates in the / directory:

Package	From	To
nodemailer	`7.0.9`	`7.0.11`
vite	`6.3.6`	`6.4.1`
lodash	`4.17.21`	`4.17.23`
jspdf	`2.5.2`	`4.2.0`
next	`15.5.3`	`15.5.10`
next-auth	`4.24.11`	`4.24.12`
webpack	`5.101.3`	`5.104.1`
@isaacs/brace-expansion	`5.0.0`	`5.0.1`
@modelcontextprotocol/sdk	`1.20.0`	`1.27.0`
@smithy/config-resolver	`4.3.0`	`4.4.7`
axios	`1.12.2`	`1.13.5`
bn.js	`4.12.2`	`4.12.3`
diff	`4.0.2`	`4.0.4`
js-yaml	`3.14.1`	`3.14.2`
jws	`4.0.0`	`4.0.1`
mdast-util-to-hast	`13.2.0`	`13.2.1`
minimatch	`3.1.2`	`3.1.3`
playwright	`1.55.0`	`1.58.2`
preact	`10.27.1`	`10.28.4`
tar	`7.4.3`	`7.5.9`

Bumps the npm_and_yarn group with 2 updates in the /apps/uaito directory: jspdf and next.

Updates nodemailer from 7.0.9 to 7.0.11

Release notes

Sourced from nodemailer's releases.

v7.0.11

7.0.11 (2025-11-26)

Bug Fixes

prevent stack overflow DoS in addressparser with deeply nested groups (b61b9c0)

v7.0.10

7.0.10 (2025-10-23)

Bug Fixes

Increase data URI size limit from 100KB to 50MB and preserve content type (28dbf3f)

Changelog

Sourced from nodemailer's changelog.

7.0.11 (2025-11-26)

Bug Fixes

prevent stack overflow DoS in addressparser with deeply nested groups (b61b9c0)

7.0.10 (2025-10-23)

Bug Fixes

Increase data URI size limit from 100KB to 50MB and preserve content type (28dbf3f)

Commits

3d17dbe chore(master): release 7.0.11 (#1783)
15879f8 Bumped dev dependencies
b61b9c0 fix: prevent stack overflow DoS in addressparser with deeply nested groups
4175e4b chore(master): release 7.0.10 (#1776)
d882ccf Merge branch 'master' of github.com:nodemailer/nodemailer
1d7e4f7 Bumped deps
10bd871 chore: correct typo in variable name (#1773)
28dbf3f fix: Increase data URI size limit from 100KB to 50MB and preserve content type
See full diff in compare view

Updates vite from 6.3.6 to 6.4.1

Release notes

Sourced from vite's releases.

create-vite@6.4.1

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

Commits

5003434 fix(preview): use host url to open browser (#19836)
bf9728e release: v6.3.0-beta.2
380c10e fix(hmr): run HMR handler sequentially (#19793)
8bed1de fix: addWatchFile doesn't work if base is specified (fixes #19792) (#19794)
0a0c50a refactor: simplify pluginFilter implementation (#19828)
59d0b35 perf(css): avoid constructing renderedModules (#19775)
175a839 fix: reject requests with # in request-target (#19830)
e2e11b1 fix(module-runner): allow already resolved id as entry (#19768)
7200dee fix: correct the behavior when multiple transform filter options are specifie...
b125172 fix(css): remove empty chunk imports correctly when chunk file name contained...
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates jspdf from 2.5.2 to 4.2.0

Release notes

Sourced from jspdf's releases.

v4.2.0

This release fixes three security issues.

What's Changed

Fix PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton children) vulnerability.

Fix Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions vulnerability.

Fix PDF Object Injection via Unsanitized Input in addJS Method vulnerability.

Add "default" property to export section in package.json by @stefan-schweiger in parallax/jsPDF#3953

New Contributors

@stefan-schweiger made their first contribution in parallax/jsPDF#3953

Full Changelog: parallax/jsPDF@v4.1.0...v4.2.0

v4.1.0

This release fixes several security issues.

What's Changed

Upgrade optional dompurify dependency to 3.3.1 in parallax/jsPDF#3948

Fix PDF Injection in AcroForm module allows Arbitrary JavaScript Execution vulnerability

Fix Stored XMP Metadata Injection (Spoofing & Integrity Violation) vulnerability

Fix Shared State Race Condition in addJS Method vulnerability

Fix Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder vulnerability

Full Changelog: parallax/jsPDF@v4.0.0...v4.1.0

v4.0.0

This release fixes a critical path traversal/local file inclusion security vulnerability in the jsPDF Node.js build. File system access is now restricted by default and can be enabled by either using node's --permission flag or the new jsPDF.allowFsRead property.

There are no other breaking changes.

v3.0.4

This release includes a bunch of bugfixes. Thanks to all contributors!

What's Changed

[Snyk] Upgrade @babel/runtime from 7.28.3 to 7.28.4 by @MrRio in parallax/jsPDF#3895

fix: cell function now properly accepts align parameter by @vishal-rathod-07 in parallax/jsPDF#3896

Remove duplicated function "ga" from WebPDecoder.js by @jvdp in parallax/jsPDF#3902

Fix font state management issue #3890 by @srikanth-s2003 in parallax/jsPDF#3891

Fix pages property to always return current array reference ( #3898 ) by @Opineppes in parallax/jsPDF#3899

Fix jsPDF + Vite compatibility issue #3851 by @tishajain25 in parallax/jsPDF#3903

Do not add pages dynamically unless autoPaging is enabled by @anmiles in parallax/jsPDF#3915

Fix: Context2d font regex too restrictive ( #3904 ) by @Opineppes in parallax/jsPDF#3906

Fix Incorrect Typing for Margins in the TableConfig Interface Definition by @Maito1794 in parallax/jsPDF#3816

New Contributors

@survivant made their first contribution in parallax/jsPDF#3897

@vishal-rathod-07 made their first contribution in parallax/jsPDF#3896

@jvdp made their first contribution in parallax/jsPDF#3902

@srikanth-s2003 made their first contribution in parallax/jsPDF#3891

... (truncated)

Commits

7af912c 4.2.0
56b46d4 Merge commit from fork
2e5e156 Merge commit from fork
71ad2db Merge commit from fork
885a777 fix: upgrade @babel/runtime from 7.28.4 to 7.28.6 (#3954)
3b92c7d Add default export to package.json (#3953)
0227381 4.1.0
ae4b93f Merge commit from fork
2863e5c Merge commit from fork
efe54bf Merge commit from fork
Additional commits viewable in compare view

Updates next from 15.5.3 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates next-auth from 4.24.11 to 4.24.12

Commits

1f48cf7 chore(release): bump version [skip ci]
4758a2f ci: add workflow_dispatch for release.yml
d3aecfe feat: add next 16 support (#13303)
82efcf8 fix: security issue from nodemailer (#13304)
798c3d5 docs: update banner
02d3480 chore: remove clerk ads
7f88fa0 chore: remove sponsors
46e01af chore(docs): update credentials.md app router route.js filename (#13025)
11939f2 feat(core): add default cache control headers for GET endpoints (#12627)
918a6ac docs: Update FAQ with allowDangerousEmailAccountLinking (#12586)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by himself_65, a new releaser for next-auth since your current version.

Updates webpack from 5.101.3 to 5.104.1

Release notes

Sourced from webpack's releases.

v5.104.1

5.104.1

Patch Changes

2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.

c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

5.104.0

Minor Changes

d3dd841: Use method shorthand to render module content in __webpack_modules__ object.

d3dd841: Enhance import.meta.env to support object access.

4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.

04cd530: Handle more at-rules for CSS modules.

cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.

d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.

5983843: Provide a stable runtime function variable __webpack_global__.

d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

22c48fb: Added module existence check for informative error message in development mode.

50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.

d3dd841: Support universal lazy compilation.

d3dd841: Fixed module library export definitions when multiple runtimes.

d3dd841: Fixed CSS nesting and CSS custom properties parsing.

d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.

aab1da9: Fixed bugs for css/global type.

d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.

d3dd841: Handle nested __webpack_require__.

728ddb7: The speed of identifier parsing has been improved.

0f8b31b: Improve types.

d3dd841: Don't corrupt debugId injection when hidden-source-map is used.

2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.

d3dd841: Serialize HookWebpackError.

d3dd841: Added ability to use built-in properties in dotenv and define plugin.

3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.

d3dd841: Reduce collision for local indent name in CSS.

d3dd841: Remove CSS link tags when CSS imports are removed.

v5.103.0

Features

Added DotenvPlugin and top level dotenv option to enable this plugin

Added WebpackManifestPlugin

Added support the ignoreList option in devtool plugins

Allow to use custom javascript parse function

... (truncated)

Changelog

Sourced from webpack's changelog.

5.104.1

Patch Changes

2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.

c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

5.104.0

Minor Changes

d3dd841: Use method shorthand to render module content in __webpack_modules__ object.

d3dd841: Enhance import.meta.env to support object access.

4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.

04cd530: Handle more at-rules for CSS modules.

cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.

d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.

5983843: Provide a stable runtime function variable __webpack_global__.

d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

22c48fb: Added module existence check for informative error message in development mode.

50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.

d3dd841: Support universal lazy compilation.

d3dd841: Fixed module library export definitions when multiple runtimes.

d3dd841: Fixed CSS nesting and CSS custom properties parsing.

d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.

aab1da9: Fixed bugs for css/global type.

d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.

d3dd841: Handle nested __webpack_require__.

728ddb7: The speed of identifier parsing has been improved.

0f8b31b: Improve types.

d3dd841: Don't corrupt debugId injection when hidden-source-map is used.

2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.

d3dd841: Serialize HookWebpackError.

d3dd841: Added ability to use built-in properties in dotenv and define plugin.

3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.

d3dd841: Reduce collision for local indent name in CSS.

d3dd841: Remove CSS link tags when CSS imports are removed.

Commits

24e3c2d chore(release): new release (#20253)
2efd21b fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...
c510070 fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris
4b0501c ci: fix release (#20252)
0c213ce ci: use \<@&1450591255485743204> over @here for discord notificationw
5bf8bc5 refactor: types for benchmarks and tests
505a5e7 chore(release): new release (#20188)
0c06680 refactor: update eslint configuration
2eb0d6a ci: release announcement (#20238)
b2b2459 ci: cancel in progress (#20239)
Additional commits viewable in compare view

Updates @isaacs/brace-expansion from 5.0.0 to 5.0.1

Updates @modelcontextprotocol/sdk from 1.20.0 to 1.27.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.27.0

What's Changed

feat: add conformance test infrastructure for v1.x by @felixweinberger in modelcontextprotocol/typescript-sdk#1518

feat: backport discoverOAuthServerInfo() and discovery caching to v1.x by @felixweinberger in modelcontextprotocol/typescript-sdk#1533

feat: add url property to RequestInfo interface by @valentinbeggi in modelcontextprotocol/typescript-sdk#1353

[v1.x] feat(tasks): add streaming methods for elicitation and sampling by @LucaButBoring in modelcontextprotocol/typescript-sdk#1528

chore: bump version for v1.27.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1541

New Contributors

@valentinbeggi made their first contribution in modelcontextprotocol/typescript-sdk#1353

Full Changelog: modelcontextprotocol/typescript-sdk@v1.26.0...v1.27.0

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcarleton in modelcontextprotocol/typescript-sdk#1412

fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @samuv in modelcontextprotocol/typescript-sdk#1382

Fix #1430: Client Credentials providers scopes support (backported) by @NSeydoux in modelcontextprotocol/typescript-sdk#1442

chore: bump version to 1.26.0 by @pcarleton in modelcontextprotocol/typescript-sdk#1479

New Contributors

@samuv made their first contribution in modelcontextprotocol/typescript-sdk#1382

@NSeydoux made their first contribution in modelcontextprotocol/typescript-sdk#1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

ci: trigger workflow on v1.x branch by @felixweinberger in modelcontextprotocol/typescript-sdk#1319

fix: README badges links destinations by @antonpk1 in modelcontextprotocol/typescript-sdk#907

fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

@antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

... (truncated)

Commits

8cbc658 chore: bump version for v1.27.0 (#1541)
5c16ae3 [v1.x] feat(tasks): add streaming methods for elicitation and sampling (#1528)
97ab379 feat: add url property to RequestInfo interface (#1353)
825e9ab feat: backport discoverOAuthServerInfo() and discovery caching to v1.x (#1533)
b0cf837 feat: add conformance test infrastructure for v1.x (#1518)
fe9c07b chore: bump version to 1.26.0 (#1479)
4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
a05be17 Merge commit from fork
50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @modelcontextprotocol/sdk since your current version.

Updates @smithy/config-resolver from 4.3.0 to 4.4.7

Release notes

Sourced from @smithy/config-resolver's releases.

@smithy/config-resolver@4.4.7

Patch Changes

03c3dc8: update for rollup build externalLiveBindings=false

Updated dependencies [03c3dc8]

@smithy/node-config-provider@4.3.9

@smithy/types@4.12.1

@smithy/util-config-provider@4.2.1

@smithy/util-endpoints@3.2.9

@smithy/util-middleware@4.2.9

Changelog

Sourced from @smithy/config-resolver's changelog.

4.4.7

Patch Changes

03c3dc8: update for rollup build externalLiveBindings=false

Updated dependencies [03c3dc8]

@smithy/node-config-provider@4.3.9

@smithy/types@4.12.1

@smithy/util-config-provider@4.2.1

@smithy/util-endpoints@3.2.9

@smithy/util-middleware@4.2.9

4.4.6

Patch Changes

Updated dependencies [745867a]

@smithy/types@4.12.0

@smithy/node-config-provider@4.3.8

@smithy/util-endpoints@3.2.8

@smithy/util-middleware@4.2.8

4.4.5

Patch Changes

Updated dependencies [9ccb841]

@smithy/types@4.11.0

@smithy/node-config-provider@4.3.7

@smithy/util-endpoints@3.2.7

@smithy/util-middleware@4.2.7

4.4.4

Patch Changes

Updated dependencies [5a56762]

@smithy/types@4.10.0

@smithy/node-config-provider@4.3.6

@smithy/util-endpoints@3.2.6

@smithy/util-middleware@4.2.6

4.4.3

Patch Changes

Updated dependencies [3926fd7]

@smithy/types@4.9.0

@smithy/node-config-provider@4.3.5

@smithy/util-endpoints@3.2.5

... (truncated)

Commits

1f51a0c Version NPM packages
a028fc5 chore: replace rimraf with premove (#1834)
0e8cc49 Version NPM packages
7e4bbf6 chore: upgrade rimraf to v5.0.10 (#1829)
521d67c Version NPM packages
8b90f36 Version NPM packages
cc0124e Version NPM packages
07f95d9 Version NPM packages
372b46f fix(config-resolver): allow asterisk region with warning (#1760)
472a5ea Version NPM packages
Additional commits viewable in compare view

Updates axios from 1.12.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

29f7542 chore(release): prepare release 1.13.5 (#7379)
431c3a3 ci: fix run condition (#7373)
9ff3a78 ci: update ymls (#7372)
265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
475e75a feat: add input validation to isAbsoluteURL (#7326)
28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
04cf019 docs: clarify object check comment (#7323)
696fa75 fix: status is...
Description has been truncated

… updates Bumps the npm_and_yarn group with 20 updates in the / directory: | Package | From | To | | --- | --- | --- | | [nodemailer](https://github.com/nodemailer/nodemailer) | `7.0.9` | `7.0.11` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.6` | `6.4.1` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [jspdf](https://github.com/parallax/jsPDF) | `2.5.2` | `4.2.0` | | [next](https://github.com/vercel/next.js) | `15.5.3` | `15.5.10` | | [next-auth](https://github.com/nextauthjs/next-auth) | `4.24.11` | `4.24.12` | | [webpack](https://github.com/webpack/webpack) | `5.101.3` | `5.104.1` | | @isaacs/brace-expansion | `5.0.0` | `5.0.1` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.20.0` | `1.27.0` | | [@smithy/config-resolver](https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver) | `4.3.0` | `4.4.7` | | [axios](https://github.com/axios/axios) | `1.12.2` | `1.13.5` | | [bn.js](https://github.com/indutny/bn.js) | `4.12.2` | `4.12.3` | | [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` | | [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` | | [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.3` | | [playwright](https://github.com/microsoft/playwright) | `1.55.0` | `1.58.2` | | [preact](https://github.com/preactjs/preact) | `10.27.1` | `10.28.4` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.9` | Bumps the npm_and_yarn group with 2 updates in the /apps/uaito directory: [jspdf](https://github.com/parallax/jsPDF) and [next](https://github.com/vercel/next.js). Updates `nodemailer` from 7.0.9 to 7.0.11 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v7.0.9...v7.0.11) Updates `vite` from 6.3.6 to 6.4.1 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@6.4.1/packages/vite) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `jspdf` from 2.5.2 to 4.2.0 - [Release notes](https://github.com/parallax/jsPDF/releases) - [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md) - [Commits](parallax/jsPDF@v2.5.2...v4.2.0) Updates `next` from 15.5.3 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.3...v15.5.10) Updates `next-auth` from 4.24.11 to 4.24.12 - [Release notes](https://github.com/nextauthjs/next-auth/releases) - [Commits](https://github.com/nextauthjs/next-auth/compare/next-auth@4.24.11...next-auth@4.24.12) Updates `webpack` from 5.101.3 to 5.104.1 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.101.3...v5.104.1) Updates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1 Updates `@modelcontextprotocol/sdk` from 1.20.0 to 1.27.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.20.0...v1.27.0) Updates `@smithy/config-resolver` from 4.3.0 to 4.4.7 - [Release notes](https://github.com/smithy-lang/smithy-typescript/releases) - [Changelog](https://github.com/smithy-lang/smithy-typescript/blob/main/packages/config-resolver/CHANGELOG.md) - [Commits](https://github.com/smithy-lang/smithy-typescript/commits/@smithy/config-resolver@4.4.7/packages/config-resolver) Updates `axios` from 1.12.2 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.12.2...v1.13.5) Updates `bn.js` from 4.12.2 to 4.12.3 - [Release notes](https://github.com/indutny/bn.js/releases) - [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md) - [Commits](indutny/bn.js@v4.12.2...v4.12.3) Updates `diff` from 4.0.2 to 4.0.4 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4) Updates `dompurify` from 2.5.8 to 3.3.1 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@2.5.8...3.3.1) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `jws` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v4.0.0...v4.0.1) Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) Updates `minimatch` from 3.1.2 to 3.1.3 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.3) Updates `playwright` from 1.55.0 to 1.58.2 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.55.0...v1.58.2) Updates `preact` from 10.27.1 to 10.28.4 - [Release notes](https://github.com/preactjs/preact/releases) - [Commits](preactjs/preact@10.27.1...10.28.4) Updates `tar` from 7.4.3 to 7.5.9 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.9) Updates `jspdf` from 2.5.2 to 4.2.0 - [Release notes](https://github.com/parallax/jsPDF/releases) - [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md) - [Commits](parallax/jsPDF@v2.5.2...v4.2.0) Updates `next` from 15.5.3 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.3...v15.5.10) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 7.0.11 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jspdf dependency-version: 4.2.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next-auth dependency-version: 4.24.12 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.104.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@isaacs/brace-expansion" dependency-version: 5.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.27.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@smithy/config-resolver" dependency-version: 4.4.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bn.js dependency-version: 4.12.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dompurify dependency-version: 3.3.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 4.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: playwright dependency-version: 1.58.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: preact dependency-version: 10.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jspdf dependency-version: 4.2.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 24, 2026

dependabot bot mentioned this pull request Feb 24, 2026

chore(deps): Bump the npm_and_yarn group across 2 directories with 2 updates #29

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 2 directories with 21 updates#34

chore(deps): bump the npm_and_yarn group across 2 directories with 21 updates#34
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-4793a8d8ba

dependabot bot commented on behalf of github Feb 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 24, 2026

v7.0.11

7.0.11 (2025-11-26)

Bug Fixes

v7.0.10

7.0.10 (2025-10-23)

Bug Fixes

7.0.11 (2025-11-26)

Bug Fixes

7.0.10 (2025-10-23)

Bug Fixes

create-vite@6.4.1

v6.4.1

v6.4.0

v6.3.7

v4.2.0

What's Changed

New Contributors

v4.1.0

What's Changed

v4.0.0

v3.0.4

What's Changed

New Contributors

v15.5.10

v5.104.1

5.104.1

Patch Changes

v5.104.0

5.104.0

Minor Changes

Patch Changes

v5.103.0

Features

5.104.1

Patch Changes

5.104.0

Minor Changes

Patch Changes

v1.27.0

What's Changed

New Contributors

v1.26.0

What's Changed

New Contributors

v1.25.3

What's Changed

v1.25.2

What's Changed

New Contributors

1.25.1

What's Changed

@​smithy/config-resolver@​4.4.7

Patch Changes

4.4.7

Patch Changes

4.4.6

Patch Changes

4.4.5

Patch Changes

4.4.4

Patch Changes

4.4.3

Patch Changes

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements

Documentation

CI / Maintenance

New Contributors

v1.13.4

Overview

What's New in v1.13.4

Bug Fixes

`@smithy/config-resolver@4`.4.7