Bump the npm_and_yarn group across 2 directories with 12 updates #47

dependabot · 2025-05-02T17:20:13Z

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package	From	To
sanitize-html	`2.14.0`	`2.16.0`
@types/sanitize-html	`2.13.0`	`2.15.0`
marked	`4.0.11`	`4.0.12`
semver	`7.5.3`	`7.5.4`
node-fetch	`2.6.8`	`2.6.9`
ws	`8.17.1`	`8.18.0`
vega	`5.23.0`	`5.32.0`
minimatch	`3.0.5`	`3.0.6`
@babel/helpers	`7.14.8`	`7.27.1`
@babel/runtime	`7.14.6`	`7.27.1`
dompurify	`2.5.7`	`2.5.8`

Bumps the npm_and_yarn group with 2 updates in the /jupyterlab/staging directory: vega and @babel/runtime.

Updates sanitize-html from 2.14.0 to 2.16.0

Changelog

Sourced from sanitize-html's changelog.

2.16.0 (2025-04-16)

Add onOpenTag and onCloseTag events to enable advanced filtering to hook into the parser. Thhanks to Rimvydas Naktinis.

2.15.0 (2025-03-19)

Allow keeping tag content when discarding with exclusive filter by returning "excludeTag". Thanks to rChaoz.

Commits

3b45c7c Merge pull request #702 from apostrophecms/release-2.16.0
7caf6d2 release 2.16.0
0313050 Merge pull request #701 from apostrophecms/thanks-692
4248936 thanks
b3dd0e6 Merge pull request #692 from naktinis/add-tag-and-text-events
3f609e3 chore: add a note about tag open/close event example being illustrative
fb7a13b Merge branch 'main' into add-tag-and-text-events
be113c6 chore: add a CHANGELOG entry
0d67ebd chore: update test to demonstrate isImplied argument, demonstrate all argumen...
007523a fix: example output
Additional commits viewable in compare view

Updates @types/sanitize-html from 2.13.0 to 2.15.0

Commits

See full diff in compare view

Updates marked from 4.0.11 to 4.0.12

Release notes

Sourced from marked's releases.

v4.0.12

4.0.12 (2022-01-27)

Bug Fixes

fix nbsp after table (#2372) (ed66bf8)

Commits

4c5b974 chore(release): 4.0.12 [skip ci]
a200d0a 🗜️ build [skip ci]
5fba688 fix: fix nbsp after table
ed66bf8 Add check in splitCells to prevent calling trim on undefined (#2372)
See full diff in compare view

Updates semver from 7.5.3 to 7.5.4

Release notes

Sourced from semver's releases.

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

cc6fde2 #588 trim each range set before parsing (@lukekarrys)

99d8287 #583 correctly parse long build ids as valid (#583) (@lukekarrys)

Changelog

Sourced from semver's changelog.

7.5.4 (2023-07-07)

Bug Fixes

cc6fde2 #588 trim each range set before parsing (@lukekarrys)

99d8287 #583 correctly parse long build ids as valid (#583) (@lukekarrys)

Commits

36cd334 chore: release 7.5.4
8456d87 chore: postinstall for dependabot template-oss PR
dde1f00 chore: postinstall for dependabot template-oss PR
dffcd1b chore: bump @npmcli/template-oss from 4.16.0 to 4.17.0
d619f66 chore: postinstall for dependabot template-oss PR
3bc4247 chore: bump @npmcli/template-oss from 4.15.1 to 4.16.0
cc6fde2 fix: trim each range set before parsing
99d8287 fix: correctly parse long build ids as valid (#583)
4f0f6b1 chore: fix arguments in whitespace test (#574)
6bd1a37 chore: remove duplicate test in semver class (#575)
See full diff in compare view

Updates node-fetch from 2.6.8 to 2.6.9

Release notes

Sourced from node-fetch's releases.

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

"global is not defined" (#1704) (70f592d)

Commits

70f592d fix: "global is not defined" (#1704)
0f1ebb0 Prevent error when response is null (#1699)
See full diff in compare view

Updates ws from 8.17.1 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

Added support for Blob (#2229).

Commits

976c53c [dist] 8.18.0
59b9629 [feature] Add support for Blob (#2229)
0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
15f11a0 [security] Add new DoS vulnerability to SECURITY.md
See full diff in compare view

Updates vega from 5.23.0 to 5.32.0

Release notes

Sourced from vega's releases.

v5.32.0

Changes since v5.31.0

vega-expression

Add base64 string encoder/decoder to vega-expression and vega-interpreter (via #4009). (Thanks @hydrosquall!)

vega-typings

Add Typescript Types for vega-loader (via #4000). (Thanks @hydrosquall!)

docs

Correct data year citation in dorling-cartogram example (via #4006). (Thanks @dsmedia!)

Update typo in vega.timeFloor description (via #4010). (Thanks @hydrosquall!)

Add Security Advisory Policy for Vega (via #4008). (Thanks @hydrosquall!)

Replace redirect url in expressions.md (via #3996). (Thanks @dangotbanned!)

correct queries to query in crossfilter.md (via #4005). (Thanks @danmarshall!)

v5.31.0

changes since v5.30.0

vega-utils

use Object.hasOwn instead of Object.prototype.hasOwnProperty (via #3951). (Thanks @domoritz!)

vega-parser

Add discrete legend type (via #3957). (Thanks @hydrosquall!)

vega-functions

Add sort function to vega-functions (and vega-interpreter) (via #3973). (Thanks @hydrosquall!)

vega-selections

Add field predicate types to selectionTest (via #3675). (Thanks @jonathanzong!)

monorepo

Replace flights-5k.json external reference (via #3999). (Thanks @dwootton!)

docs

Update packed bubble example (via #3955). (Thanks @PBI-David!)

Correct typo in production rules documentation (via #3958). (Thanks @shanebruggeman!)

Update README.md to fix broken link to current roadmap (via #3979). (Thanks @cahogan & @joelostblom!)

v5.30.0

Changes since v5.29.0

vega-functions

make default vega format null as "null" (via #3926). (Thanks @kanitw & @domoritz )!

docs

Add 4 new examples (via #3851). (Thanks @avatorl & @domoritz!)

monorepo

Deploy editor preview (via #3925, #3931). (Thanks @hydrosquall!)

... (truncated)

Commits

c46889d chore: update vega-cli to v5.32.0 (#4015)
2fe2e63 chore: v5.32.0 (#4014)
81ed011 chore: remove extra space in test name
6026887 fix: correct data year citation in dorling-cartogram example (#4006)
a3af49e feat: Add base64 string encoder/decoder to vega-expression and `vega-interp...
cd88cc8 fix(docs): Update typo in vega.timeFloor description (#4010)
694560c Merge commit from fork
560aeec docs: Add Security Advisory Policy for vega (#4008)
0b6a114 feat(vega-typings): add Typescript Types for vega-loader (#4000)
b83b8e5 docs: Replace redirect url in expressions.md (#3996)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lhermann, a new releaser for vega since your current version.

Updates minimatch from 3.0.5 to 3.0.6

Commits

5b7cd33 3.0.6
20b4b56 [fix] revert all breaking syntax changes
2ff0388 document, expose, and test 'partial:true' option
5dbd6a7 ci: tests and makework
dbda065 full test coverage, adding tests, deleting dead code
47e0e45 Credit @yetingli for the regexp improvement
See full diff in compare view

Updates @babel/helpers from 7.14.8 to 7.27.1

Release notes

Sourced from @babel/helpers's releases.

v7.27.1 (2025-04-30)

Thanks @kermanx and @woaitsAryan for your first PRs!

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

All packages

#17207 Enforce node protocol import (@JLHwung)

... (truncated)

Changelog

Sourced from @babel/helpers's changelog.

v7.27.1 (2025-04-30)

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

Other

#17232 Bump typescript-eslint to 8.29.1 (@JLHwung)

#17219 test: add basic typescript-eslint integration tests (@JLHwung)

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-cli, babel-compat-data, babel-core, babel-generator, babel-helper-compilation-targets, babel-helper-fixtures, babel-helper-module-imports, babel-helper-module-transforms, babel-helper-plugin-test-runner, babel-helper-transform-fixture-test-runner, babel-helpers, babel-node, babel-parser, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-react-display-name, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-preset-env, babel-register, babel-standalone, babel-types

#17207 Enforce node protocol import (@JLHwung)

babel-plugin-transform-regenerator

... (truncated)

Commits

eebd3a0 v7.27.1
b1f9184 Reduce interopRequireWildcard size (#16538)
9c351e5 Use class and add type definitions for regenerator (#17220)
0f95b74 Reduce regeneratorRuntime size (#17213)
317e332 Enforce node protocol import (#17207)
14ef1e9 Babel 8 cleanup (#17211)
97105cb Re-convert regeneratorRuntime to helper format (#17205)
1b93b0c Move regenerator files to the relevant packages (#17205)
b953a8f Remove bundled regeneratorRuntime helper (#17205)
6874c25 Prepare LICENSE files for incorporating regenerator (#17205)
Additional commits viewable in compare view

Updates @babel/runtime from 7.14.6 to 7.27.1

Release notes

Sourced from @babel/runtime's releases.

v7.27.1 (2025-04-30)

Thanks @kermanx and @woaitsAryan for your first PRs!

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

All packages

#17207 Enforce node protocol import (@JLHwung)

... (truncated)

Changelog

Sourced from @babel/runtime's changelog.

v7.27.1 (2025-04-30)

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

Other

#17232 Bump typescript-eslint to 8.29.1 (@JLHwung)

#17219 test: add basic typescript-eslint integration tests (@JLHwung)

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-cli, babel-compat-data, babel-core, babel-generator, babel-helper-compilation-targets, babel-helper-fixtures, babel-helper-module-imports, babel-helper-module-transforms, babel-helper-plugin-test-runner, babel-helper-transform-fixture-test-runner, babel-helpers, babel-node, babel-parser, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-react-display-name, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-preset-env, babel-register, babel-standalone, babel-types

#17207 Enforce node protocol import (@JLHwung)

babel-plugin-transform-regenerator

... (truncated)

Commits

eebd3a0 v7.27.1
296cdc5 Remove unused regenerator-runtime dep in @babel/runtime (#17263)
fdc0fb5 [Babel 8] Bump nodejs requirements to ^20.19.0 || >= 22.12.0 (#17204)
5c350ea v7.27.0
ca4865a Fix: align behaviour to tsc rewriteRelativeImportExtensions (#17118)
e1ce99d v7.26.10
d5952e8 Fix processing of replacement pattern with named capture groups (#17173)
64bca7b v7.26.9
2d95140 v7.26.7
63d3038 v7.26.0
Additional commits viewable in compare view

Updates dompurify from 2.5.7 to 2.5.8

Release notes

Sourced from dompurify's releases.

DOMPurify 2.5.8

Fixed two conditional sanitizer bypasses discovered by @parrot409 and @Slonser

Updated the attribute clobbering checks to prevent future bypasses, thanks @parrot409

Commits

ee992fc test: Updated a custom element test for IE11 on Windows 10
8b68e9e test: Trying to work around a false alert in IE11 Win 8.1
0d770cd chore: Preparing 2.5.8 release
9cd4f11 fix: Added same attribute clobbering check for 2.x branch
f7120a3 fix: Fixed two conditional bypasses discovered by @parrot409 and @Slonser
193eef2 Update README.md
f7712e4 Update README.md
1bb377b Update README.md
See full diff in compare view

Updates vega-functions from 5.13.2 to 5.17.0

Release notes

Sourced from vega-functions's releases.

v5.17.0

Changes from v5.16.1:

vega-canvas

Fix browser index route for ES modules. (#2907)

vega-loader

Add iterable support to JSON loader. Iterable inputs are expanded to arrays, then ingested.

Fix browser index route for ES modules. (#2907)

vega-util

Add isIterable utility.

v5.16.1

Changes from v5.16.0:

monorepo

Fix rollup config to use umd rather than iife bundles. (#2896)

v5.16.0

Notable Changes

The new label transform automatically positions labels without overlapping other marks. (Thanks @chanwutk!)

Completes the transition to using vega-datasets 2.0+, including swapping out the Iris dataset for a more adorable Penguins dataset. 🐧

Major update of build system to use a centralized rollup configuration. (Thanks @domoritz!)

Changelog

Changes from v5.15.0:

docs

Add Calendar View example.

Add Labeled Scatter Plot example.

Update Box Plot example to use penguins data.

Update Violin Plot example to use penguins data.

monorepo

Complete transition to vega-datasets 2.0.

Use centralized rollup config. (thanks @domoritz!)

vega

Use centralized rollup config. (thanks @domoritz!)

Update and extend test specifications.

vega-canvas

... (truncated)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by lhermann, a new releaser for vega-functions since your current version.

Updates vega from 5.30.0 to 5.33.0

Release notes

Sourced from vega's releases.

v5.32.0

Changes since v5.31.0

vega-expression

Add base64 string encoder/decoder to vega-expression and vega-interpreter (via #4009). (Thanks @hydrosquall!)

vega-typings

Add Typescript Types for vega-loader (via #4000). (Thanks @hydrosquall!)

docs

Correct data year citation in dorling-cartogram example (via #4006). (Thanks @dsmedia!)

Update typo in vega.timeFloor description (via #4010). (Thanks @hydrosquall!)

Add Security Advisory Policy for Vega (via #4008). (Thanks @hydrosquall!)

Replace redirect url in expressions.md (via #3996). (Thanks @dangotbanned!)

correct queries to query in crossfilter.md (via #4005). (Thanks @danmarshall!)

v5.31.0

changes since v5.30.0

vega-utils

use Object.hasOwn instead of Object.prototype.hasOwnProperty (via #3951). (Thanks @domoritz!)

vega-parser

Add discrete legend type (via #3957). (Thanks @hydrosquall!)

vega-functions

Add sort function to vega-functions (and vega-interpreter) (via #3973). (Thanks @hydrosquall!)

vega-selections

Add field predicate types to selectionTest (via #3675). (Thanks @jonathanzong!)

monorepo

Replace flights-5k.json external reference (via #3999). (Thanks @dwootton!)

docs

Update packed bubble example (via #3955). (Thanks @PBI-David!)

Correct typo in production rules documentation (via #3958). (Thanks @shanebruggeman!)

Update README.md to fix broken link to current roadmap (via #3979). (Thanks @cahogan & @joelostblom!)

v5.30.0

Changes since v5.29.0

vega-functionsDescription has been truncated

Bumps the npm_and_yarn group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [sanitize-html](https://github.com/apostrophecms/sanitize-html) | `2.14.0` | `2.16.0` | | [@types/sanitize-html](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sanitize-html) | `2.13.0` | `2.15.0` | | [marked](https://github.com/markedjs/marked) | `4.0.11` | `4.0.12` | | [semver](https://github.com/npm/node-semver) | `7.5.3` | `7.5.4` | | [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.8` | `2.6.9` | | [ws](https://github.com/websockets/ws) | `8.17.1` | `8.18.0` | | [vega](https://github.com/vega/vega) | `5.23.0` | `5.32.0` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.5` | `3.0.6` | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.14.8` | `7.27.1` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.14.6` | `7.27.1` | | [dompurify](https://github.com/cure53/DOMPurify) | `2.5.7` | `2.5.8` | Bumps the npm_and_yarn group with 2 updates in the /jupyterlab/staging directory: [vega](https://github.com/vega/vega) and [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime). Updates `sanitize-html` from 2.14.0 to 2.16.0 - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md) - [Commits](apostrophecms/sanitize-html@2.14.0...2.16.0) Updates `@types/sanitize-html` from 2.13.0 to 2.15.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sanitize-html) Updates `marked` from 4.0.11 to 4.0.12 - [Release notes](https://github.com/markedjs/marked/releases) - [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json) - [Commits](markedjs/marked@v4.0.11...v4.0.12) Updates `semver` from 7.5.3 to 7.5.4 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.5.3...v7.5.4) Updates `node-fetch` from 2.6.8 to 2.6.9 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v2.6.8...v2.6.9) Updates `ws` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.17.1...8.18.0) Updates `vega` from 5.23.0 to 5.32.0 - [Release notes](https://github.com/vega/vega/releases) - [Commits](vega/vega@v5.23.0...v5.32.0) Updates `minimatch` from 3.0.5 to 3.0.6 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.5...v3.0.6) Updates `@babel/helpers` from 7.14.8 to 7.27.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-helpers) Updates `@babel/runtime` from 7.14.6 to 7.27.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-runtime) Updates `dompurify` from 2.5.7 to 2.5.8 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@2.5.7...2.5.8) Updates `vega-functions` from 5.13.2 to 5.17.0 - [Release notes](https://github.com/vega/vega/releases) - [Commits](https://github.com/vega/vega/commits/v5.17.0) Updates `vega` from 5.30.0 to 5.33.0 - [Release notes](https://github.com/vega/vega/releases) - [Commits](vega/vega@v5.23.0...v5.32.0) Updates `@babel/runtime` from 7.17.2 to 7.27.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-runtime) Updates `vega-functions` from 5.15.0 to 5.18.0 - [Release notes](https://github.com/vega/vega/releases) - [Commits](https://github.com/vega/vega/commits/v5.17.0) --- updated-dependencies: - dependency-name: sanitize-html dependency-version: 2.16.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@types/sanitize-html" dependency-version: 2.15.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: marked dependency-version: 4.0.12 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 7.5.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: node-fetch dependency-version: 2.6.9 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vega dependency-version: 5.32.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.0.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/helpers" dependency-version: 7.27.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.27.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dompurify dependency-version: 2.5.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vega-functions dependency-version: 5.17.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vega dependency-version: 5.33.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.27.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vega-functions dependency-version: 5.18.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 2, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 2 directories with 12 updates #47

Bump the npm_and_yarn group across 2 directories with 12 updates #47

Uh oh!

dependabot bot commented on behalf of github May 2, 2025

Uh oh!

Uh oh!

Bump the npm_and_yarn group across 2 directories with 12 updates #47

Are you sure you want to change the base?

Bump the npm_and_yarn group across 2 directories with 12 updates #47

Uh oh!

Conversation

dependabot bot commented on behalf of github May 2, 2025

2.16.0 (2025-04-16)

2.15.0 (2025-03-19)

v4.0.12

4.0.12 (2022-01-27)

Bug Fixes

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

7.5.4 (2023-07-07)

Bug Fixes

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

8.18.0

Features

v5.32.0

v5.31.0

v5.30.0

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

DOMPurify 2.5.8

v5.17.0

v5.16.1

v5.16.0

Notable Changes

Changelog

v5.32.0

v5.31.0

v5.30.0

Uh oh!

Uh oh!