chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates #1

dependabot · 2025-01-17T22:00:45Z

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package	From	To
rollup	`4.9.5`	`4.22.4`
next	`14.1.4`	`14.2.21`
braces	`3.0.2`	`3.0.3`
dompurify	`3.0.8`	`3.2.3`
katex	`0.16.9`	`0.16.21`
mermaid	`10.7.0`	`10.9.3`
micromatch	`4.0.5`	`4.0.8`
nanoid	`3.3.7`	`3.3.8`
tar	`6.2.0`	`6.2.1`
vite	`5.0.11`	`5.4.11`
ws	`7.5.9`	`7.5.10`

Updates rollup from 4.9.5 to 4.22.4

Release notes

Sourced from rollup's releases.

v4.22.4

4.22.4

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5670: refactor: Use object.prototype to check for reserved properties (@YuHyeonWook)

#5671: Fix DOM Clobbering CVE (@lukastaegert)

v4.22.3

4.22.3

2024-09-21

Bug Fixes

Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

#5669: Ensure impure dependencies of pure modules are added (@lukastaegert)

v4.22.2

4.22.2

2024-09-20

Bug Fixes

Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

#5667: Partially revert #5658 and re-apply #5644 (@lukastaegert)

v4.22.1

4.22.1

2024-09-20

Bug Fixes

Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.22.4

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5670: refactor: Use object.prototype to check for reserved properties (@YuHyeonWook)

#5671: Fix DOM Clobbering CVE (@lukastaegert)

4.22.3

2024-09-21

Bug Fixes

Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

#5669: Ensure impure dependencies of pure modules are added (@lukastaegert)

4.22.2

2024-09-20

Bug Fixes

Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

#5667: Partially revert #5658 and re-apply #5644 (@lukastaegert)

4.22.1

2024-09-20

Bug Fixes

Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

#5663: chore(deps): update dependency inquirer to v11 (@renovate[bot], @lukastaegert)

#5664: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5665: fix: type in CI file (@YuHyeonWook)

... (truncated)

Commits

79c0aba 4.22.4
e2552c9 Fix DOM Clobbering CVE (#5671)
10ab90e refactor: Use object.prototype to check for reserved properties (#5670)
e1cba8e 4.22.3
59cec3e Ensure impure dependencies of pure modules are added (#5669)
b86ffd7 4.22.2
d5ff63d Partially revert #5658 and re-apply #5644 (#5667)
0a821d9 Create SECURITY.md
76e962d 4.22.1
68c23da Partially revert #5644
Additional commits viewable in compare view

Updates next from 14.1.4 to 14.2.21

Release notes

Sourced from next's releases.

v14.2.21

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade React from 14898b6a9 to 178c267a4e: vercel/next.js#74115

Fix unstable_allowDynamic when used with pnpm: vercel/next.js#73765

Misc Changes

chore(docs): add missing search: '' on remotePatterns: vercel/next.js#73927

chore(docs): update version history of next/image: vercel/next.js#73926

Credits

Huge thanks to @unstubbable, @ztanner, and @styfle for helping!

v14.2.20

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Fix fetch cloning bug (vercel/next.js#73532)

Credits

Huge thanks to @wyattjoh for helping!

v14.2.19

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

ensure worker exits bubble to parent process (#73433)

Increase max cache tags to 128 (#73125)

Misc Changes

Update max tag items limit in docs (#73445)

Credits

Huge thanks to @ztanner and @ijjk for helping!

v14.2.18

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Fix: (third-parties) sendGTMEvent not queueing events before GTM init (#68683) (#72111)

Ignore error pages for cache revalidate (#72412) (#72484)

Credits

... (truncated)

Commits

2655f6e v14.2.21
8803d2b Backport (v14): Upgrade React from 14898b6a9 to 178c267a4e (#74115)
6e35243 chore(docs): add missing search: '' on remotePatterns (#73925) (#73927)
54919d2 chore(docs): update version history of next/image (#73926)
049a690 Backport: Fix unstable_allowDynamic when used with pnpm (#73765)
663fa9c Fix SWC and React versions for 14-2-1 branch (#73791)
ed78a4a v14.2.20
530421d [backport] Fix/dedupe fetch clone (#73532)
cbc62ad v14.2.19
92280dc [backport] Update max tag items limit in docs (#73445)
Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates dompurify from 3.0.8 to 3.2.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.3

Fixed two conditional sanitizer bypasses discovered by @parrot409 and @Slonser

Updated the attribute clobbering checks to prevent future bypasses, thanks @parrot409

DOMPurify 3.2.2

Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @yaniv-git

Fixed several minor issues with the type definitions, thanks again @reduckted

Fixed a minor issue with the types reference for trusted types, thanks @reduckted

Fixed a minor problem with the template detection regex on some systems, thanks @svdb99

DOMPurify 3.2.1

Fixed several minor issues with the type definitions, thanks @reduckted @ghiscoding @asamuzaK @MiniDigger

Fixed an issue with non-minified dist files and order of imports, thanks @reduckted

DOMPurify 3.2.0

Added type declarations, thanks @reduckted , @philmayfield, @aloisklink, @ssi02014 and others

Fixed a minor issue with the handling of hooks, thanks @kevin-mizu

DOMPurify 3.1.7

Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @masatokinugawa

Fixed several smaller typos in documentation and test & build files, thanks @christianhg

Added better support for Angular compiler, thanks @jeroen1602

Added several new attributes to HTML and SVG allow-list, thanks @Gigabyte5671 and @Rotzbua

Removed the foreignObject element from the list of HTML entry-points, thanks @masatokinugawa

Bumped several dependencies to be more up to date

DOMPurify 3.1.6

Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @kevin-mizu

Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @realansgar

Fixed a minor problem with the bower file pointing to the wrong dist path

Fixed several minor typos in docs, comments and comment blocks, thanks @Rotzbua

Updated several development dependencies

DOMPurify 3.1.5

Fixed a minor issue with the dist paths in bower.js, thanks @HakumenNC

Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @kakao-bishop-cho

DOMPurify 3.1.4

Fixed an issue with the recently implemented isNaN checks, thanks @tulach

Added several new popover attributes to allow-list, thanks @Gigabyte5671

Fixed the tests and adjusted the test runner to cover all branches

DOMPurify 3.1.3

Fixed several mXSS variations found by and thanks to @kevin-mizu & @Ry0taK

Added better configurability for comment scrubbing default behavior

Added better hardening against Prototype Pollution attacks, thanks @kevin-mizu

Added better handling and readability of the nodeType property, thanks @ssi02014

Fixed some smaller issues in README and other documentation

DOMPurify 3.1.2

... (truncated)

Commits

f1106aa chore: Preparing 3.2.3 release
9c71e04 fix: Added clobbering check for sanitizeAttribute to prevent an error
c183cd6 fix: Fixed a config-dependent bypass caused by skipped attribute checks, than...
6e76ece fix: Fixed a config-dependent bypass relating to data-attributes, thanks @Slo...
c3879a5 Merge pull request #1041 from CoryHrycko/patch-1
0e1c724 Update tags.ts
8513afd Update README.md
b883b9e Update README.md
3b4b5e9 Merge pull request #1037 from svdb99/main
b9e9087 Fix #1033
Additional commits viewable in compare view

Updates katex from 0.16.9 to 0.16.21

Release notes

Sourced from katex's releases.

v0.16.21

0.16.21 (2025-01-17)

Bug Fixes

escape \htmlData attribute name (57914ad)

See security advisory GHSA-cg87-wmx4-v546

v0.16.20

0.16.20 (2025-01-12)

Bug Fixes

\providecommand does not overwrite existing macro (#4000) (6d30fe4), closes #3928

v0.16.19

0.16.19 (2024-12-29)

Bug Fixes

types: improve strict function type (#4009) (4228b4e)

v0.16.18

0.16.18 (2024-12-18)

Bug Fixes

Actually publish TypeScript type definitions (#4008) (629b873)

v0.16.17

0.16.17 (2024-12-17)

Bug Fixes

MathML combines multidigit numbers with sup/subscript, comma separators, and multicharacter text when outputting to DOM (#3999) (7d79e22), closes #3995

v0.16.16

0.16.16 (2024-12-17)

Features

ESM exports, TypeScript types (#3992) (ea9c173)

... (truncated)

Changelog

Sourced from katex's changelog.

0.16.21 (2025-01-17)

Bug Fixes

escape \htmlData attribute name (57914ad)

0.16.20 (2025-01-12)

Bug Fixes

\providecommand does not overwrite existing macro (#4000) (6d30fe4), closes #3928

0.16.19 (2024-12-29)

Bug Fixes

types: improve strict function type (#4009) (4228b4e)

0.16.18 (2024-12-18)

Bug Fixes

Actually publish TypeScript type definitions (#4008) (629b873)

0.16.17 (2024-12-17)

Bug Fixes

MathML combines multidigit numbers with sup/subscript, comma separators, and multicharacter text when outputting to DOM (#3999) (7d79e22), closes #3995

0.16.16 (2024-12-17)

Features

ESM exports, TypeScript types (#3992) (ea9c173)

0.16.15 (2024-12-09)

Features

italic sans-serif in math mode via \mathsfit command (#3998) (2218901)

0.16.14 (2024-12-08)

... (truncated)

Commits

923f2aa chore(release): 0.16.21 [ci skip]
57914ad fix: escape \htmlData attribute name
ff28995 Merge commit from fork
28a0bf5 chore(release): 0.16.20 [ci skip]
6d30fe4 fix: \providecommand does not overwrite existing macro (#4000)
8f47dba chore(deps): update actions/upload-artifact to v4 (#4012)
88b5056 chore(release): 0.16.19 [ci skip]
4228b4e fix(types): improve strict function type (#4009)
f934646 chore(release): 0.16.18 [ci skip]
629b873 fix: Actually publish TypeScript type definitions (#4008)
Additional commits viewable in compare view

Updates mermaid from 10.7.0 to 10.9.3

Commits

85ec96a chore: bump mermaid version to v10.9.3
9301a57 style: prettify src/diagrams/block/blockDB.ts
2bedd0e chore(deps): update katex to 0.16.11
92a07ff chore(deps): update bundled DOMPurify to 3.1.6
4dd4997 chore: Bump version
fc61512 [10] ci: upgrade to pnpm/action-setup@v4 to avoid CI failures
402abdf [10] fix: ban version v3.1.7 of DOMPurify
8d815f8 Lint fix
dab26df Fix for proper handling of block-diagram labels
c7fe9a6 Fix for proper handling of block-diagram labels
Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

3044cd5 Release 3.3.8 version
4fe3495 Update size limit
d643045 Fix pool pollution, infinite loop (#510)
See full diff in compare view

Updates tar from 6.2.0 to 6.2.1

Commits

bef7b1e 6.2.1
fe8cd57 prevent extraction in excessively deep subfolders
fe7ebfd remove security.md
See full diff in compare view

Updates vite from 5.0.11 to 5.4.11

Release notes

Sourced from vite's releases.

v5.4.11

Please refer to CHANGELOG.md for details.

v5.4.10

Please refer to CHANGELOG.md for details.

v5.4.9

Please refer to CHANGELOG.md for details.

v5.4.8

Please refer to CHANGELOG.md for details.

v5.4.7

Please refer to CHANGELOG.md for details.

v5.4.6

Please refer to CHANGELOG.md for details.

v5.4.5

Please refer to CHANGELOG.md for details.

v5.4.4

Please refer to CHANGELOG.md for details.

v5.4.3

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v5.4.2

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v5.4.1

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v5.4.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.0.7 (2025-01-02)

fix: fix minify when builder.sharedPlugins: true (#19025) (f7b1964), closes #19025

fix: skip the plugin if it has been called before with the same id and importer (#19016) (b178c90), closes #19016

fix(html): error while removing vite-ignore attribute for inline script (#19062) (a492253), closes #19062

fix(ssr): fix semicolon injection by ssr transform (#19097) (1c102d5), closes #19097

perf: skip globbing for static path in warmup (#19107) (677508b), closes #19107

feat(css): show lightningcss warnings (#19076) (b07c036), closes #19076

6.0.6 (2024-12-26)

fix: replace runner-side path normalization with fetchModule-side resolve (#18361) (9f10261), closes #18361

fix(css): resolve style tags in HTML files correctly for lightningcss (#19001) (afff05c), closes #19001

fix(css): show correct error when unknown placeholder is used for CSS modules pattern in lightningcs (9290d85), closes #19070

fix(resolve): handle package.json with UTF-8 BOM (#19000) (902567a), closes #19000

fix(ssrTransform): preserve line offset when transforming imports (#19004) (1aa434e), closes #19004

chore: fix typo in comment (#19067) (eb06ec3), closes #19067

chore: update comment about build.target (#19047) (0e9e81f), closes #19047

revert: unpin esbuild version (#19043) (8bfe247), closes #19043

test(ssr): test virtual module with query (#19044) (a1f4b46), closes #19044

6.0.5 (2024-12-20)

fix: esbuild regression (pin to 0.24.0) (#19027) (4359e0d), closes #19027

6.0.4 (2024-12-19)

fix: this.resolve skipSelf should not skip for different id or import (#18903) (4727320), closes #18903

fix: fallback terser to main thread when function options are used (#18987) (12b612d), closes #18987

fix: merge client and ssr values for pluginContainer.getModuleInfo (#18895) (258cdd6), closes #18895

fix(css): escape double quotes in url() when lightningcss is used (#18997) (3734f80), closes #18997

fix(css): root relative import in sass modern API on Windows (#18945) (c4b532c), closes #18945

fix(css): skip non css in custom sass importer (#18970) (21680bd), closes #18970

fix(deps): update all non-major dependencies (#18967) (d88d000), closes #18967

fix(deps): update all non-major dependencies (#18996) (2b4f115), closes #18996

fix(optimizer): keep NODE_ENV as-is when keepProcessEnv is true (#18899) (8a6bb4e), closes #18899

fix(ssr): recreate ssrCompatModuleRunner on restart (#18973) (7d6dd5d), closes #18973

chore: better validation error message for dts build (#18948) (63b82f1), closes #18948

chore(deps): update all non-major dependencies (#18916) (ef7a6a3), closes #18916

chore(deps): update dependency @rollup/plugin-node-resolve to v16 (#18968) (62fad6d), closes #18968

refactor: make internal invoke event to use the same interface with handleInvoke (#18902) (27f691b), closes #18902

refactor: simplify manifest plugin code (#18890) (1bfe21b), closes #18890

test: test ModuleRunnerTransport invoke API (#18865) (e5f5301), closes #18865

test: test output hash changes (#18898) (bfbb130), closes #18898

... (truncated)

Commits

c54c860 release: v5.4.11
5f52bc8 release: v5.4.10
7d1a3bc fix: backport #18367,augment hash for CSS files to prevent chromium erroring ...
898d61f release: v5.4.9
508d9ab fix: bump launch-editor-middleware to v2.9.1 (#18348)
dc5434c fix(deps): bump tsconfck (#18322)
851b258 fix(hmr): don't try to rewrite imports for direct CSS soft invalidation (#18252)
96084d6 fix(data-uri): only match ids starting with data: (#18241)
eae00b5 fix(css): fix lightningcss dep url resolution with custom root (#18125)
c23558a chore: update all url references of vitejs.dev to vite.dev (#18276)
Additional commits viewable in compare view

Updates ws from 7.5.9 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

Backported e55e5106 to the 7.x release line (22c28763).

Commits

d962d70 [dist] 7.5.10
22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…pdates Bumps the npm_and_yarn group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [rollup](https://github.com/rollup/rollup) | `4.9.5` | `4.22.4` | | [next](https://github.com/vercel/next.js) | `14.1.4` | `14.2.21` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.0.8` | `3.2.3` | | [katex](https://github.com/KaTeX/KaTeX) | `0.16.9` | `0.16.21` | | [mermaid](https://github.com/mermaid-js/mermaid) | `10.7.0` | `10.9.3` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.8` | | [tar](https://github.com/isaacs/node-tar) | `6.2.0` | `6.2.1` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.0.11` | `5.4.11` | | [ws](https://github.com/websockets/ws) | `7.5.9` | `7.5.10` | Updates `rollup` from 4.9.5 to 4.22.4 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.9.5...v4.22.4) Updates `next` from 14.1.4 to 14.2.21 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.1.4...v14.2.21) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `dompurify` from 3.0.8 to 3.2.3 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.0.8...3.2.3) Updates `katex` from 0.16.9 to 0.16.21 - [Release notes](https://github.com/KaTeX/KaTeX/releases) - [Changelog](https://github.com/KaTeX/KaTeX/blob/main/CHANGELOG.md) - [Commits](KaTeX/KaTeX@v0.16.9...v0.16.21) Updates `mermaid` from 10.7.0 to 10.9.3 - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Changelog](https://github.com/mermaid-js/mermaid/blob/develop/CHANGELOG.md) - [Commits](mermaid-js/mermaid@v10.7.0...v10.9.3) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `nanoid` from 3.3.7 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.8) Updates `tar` from 6.2.0 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) Updates `vite` from 5.0.11 to 5.4.11 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.11/packages/vite) Updates `ws` from 7.5.9 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.9...7.5.10) --- updated-dependencies: - dependency-name: rollup dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dompurify dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: katex dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mermaid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Jan 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates #1

chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates #1

dependabot bot commented on behalf of github Jan 17, 2025

chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates #1

Are you sure you want to change the base?

chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates #1

Conversation

dependabot bot commented on behalf of github Jan 17, 2025

v4.22.4

4.22.4

Bug Fixes

Pull Requests

v4.22.3

4.22.3

Bug Fixes

Pull Requests

v4.22.2

4.22.2

Bug Fixes

Pull Requests

v4.22.1

4.22.1

Bug Fixes

Pull Requests

4.22.4

Bug Fixes

Pull Requests

4.22.3

Bug Fixes

Pull Requests

4.22.2

Bug Fixes

Pull Requests

4.22.1

Bug Fixes

Pull Requests

v14.2.21

Core Changes

Misc Changes

Credits

v14.2.20

Core Changes

Credits

v14.2.19

Core Changes

Misc Changes

Credits

v14.2.18

Core Changes

Credits

DOMPurify 3.2.3

DOMPurify 3.2.2

DOMPurify 3.2.1

DOMPurify 3.2.0

DOMPurify 3.1.7

DOMPurify 3.1.6

DOMPurify 3.1.5

DOMPurify 3.1.4

DOMPurify 3.1.3

DOMPurify 3.1.2

v0.16.21

0.16.21 (2025-01-17)

Bug Fixes

v0.16.20

0.16.20 (2025-01-12)

Bug Fixes

v0.16.19

0.16.19 (2024-12-29)

Bug Fixes

v0.16.18

0.16.18 (2024-12-18)

Bug Fixes

v0.16.17

0.16.17 (2024-12-17)

Bug Fixes

v0.16.16

0.16.16 (2024-12-17)

Features

0.16.21 (2025-01-17)

Bug Fixes

0.16.20 (2025-01-12)

Bug Fixes

0.16.19 (2024-12-29)