Bump the npm_and_yarn group across 3 directories with 9 updates by dependabot[bot] · Pull Request #9 · DevGruGold/XMRT-Project-Backup

dependabot · 2026-02-26T09:41:35Z

Bumps the npm_and_yarn group with 5 updates in the /XMRT-Ecosystem-main/app directory:

Package	From	To
vite	`7.0.3`	`7.0.8`
@eslint/plugin-kit	`0.3.3`	`0.3.5`
ajv	`6.12.6`	`6.14.0`
js-yaml	`4.1.0`	`4.1.1`
minimatch	`3.1.2`	`3.1.5`

Bumps the npm_and_yarn group with 6 updates in the /XMRT-Ecosystem-main/frontend/xmrt-dao-frontend directory:

Package	From	To
vite	`5.4.19`	`5.4.21`
ajv	`6.12.6`	`6.14.0`
js-yaml	`4.1.0`	`4.1.1`
minimatch	`3.1.2`	`3.1.5`
@modelcontextprotocol/sdk	`1.11.3`	`1.27.1`
tar	`7.4.3`	`7.5.9`

Bumps the npm_and_yarn group with 5 updates in the /XMRT-Ecosystem-main/frontend/xmrt-dao-frontend/app directory:

Package	From	To
vite	`7.0.3`	`7.3.1`
@eslint/plugin-kit	`0.3.3`	`0.3.5`
ajv	`6.12.6`	`6.14.0`
js-yaml	`4.1.0`	`4.1.1`
minimatch	`3.1.2`	`3.1.5`
minimatch	`9.0.5`	`9.0.8`

Updates vite from 7.0.3 to 7.0.8

Release notes

Sourced from vite's releases.

v7.0.8

Please refer to CHANGELOG.md for details.

v7.0.7

Please refer to CHANGELOG.md for details.

v7.0.6

Please refer to CHANGELOG.md for details.

v7.0.5

Please refer to CHANGELOG.md for details.

v7.0.4

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.0.8 (2025-10-20)

Bug Fixes

dev: trim trailing slash before server.fs.deny check (#20968) (6a6db37)

7.0.7 (2025-09-08)

Bug Fixes

apply fs.strict check to HTML files (#20736) (6f01ff4)

upgrade sirv to 3.0.2 (#20735) (63e2a5d)

Tests

detect ts support via process.features (#20544) (45fdb16)

7.0.6 (2025-07-24)

Bug Fixes

deps: update all non-major dependencies (#20442) (e49f505)

dev: incorrect sourcemap when optimized CJS is imported (#20458) (ead2dec)

module-runner: normalize file:// on windows (#20449) (1c9cb49)

respond with correct headers and status code for HEAD requests (#20421) (23d04fc)

Miscellaneous Chores

deps: update rolldown-related dependencies (#20441) (f689d61)

remove some files from prettier ignore (#20459) (8403f69)

Code Refactoring

use environment transform request (#20430) (24e6a0c)

7.0.5 (2025-07-17)

Bug Fixes

deps: update all non-major dependencies (#20406) (1a1cc8a)

remove special handling for Accept: text/html (#20376) (c9614b9)

watch assets referenced by new URL(, import.meta.url) (#20382) (6bc8bf6)

Miscellaneous Chores

deps: update dependency rolldown to ^1.0.0-beta.27 (#20405) (1165667)

Code Refactoring

use foo.endsWith("bar") instead of /bar$/.test(foo) (#20413) (862e192)

7.0.4 (2025-07-10)

Bug Fixes

... (truncated)

Commits

d3c2167 release: v7.0.8
6a6db37 fix(dev): trim trailing slash before server.fs.deny check (#20968)
f88a1c0 release: v7.0.7
45fdb16 test: detect ts support via process.features (#20544)
63e2a5d fix: upgrade sirv to 3.0.2 (#20735)
6f01ff4 fix: apply fs.strict check to HTML files (#20736)
bdde0f9 release: v7.0.6
23d04fc fix: respond with correct headers and status code for HEAD requests (#20421)
ead2dec fix(dev): incorrect sourcemap when optimized CJS is imported (#20458)
e49f505 fix(deps): update all non-major dependencies (#20442)
Additional commits viewable in compare view

Updates @eslint/plugin-kit from 0.3.3 to 0.3.5

Release notes

Sourced from @eslint/plugin-kit's releases.

plugin-kit: v0.3.5

0.3.5 (2025-08-05)

Dependencies

The following workspace dependencies were updated

dependencies

@eslint/core bumped from ^0.15.1 to ^0.15.2

plugin-kit: v0.3.4

0.3.4 (2025-07-21)

Bug Fixes

potential quadratic runtime in regular expression (#240) (b283f64)

Changelog

Sourced from @eslint/plugin-kit's changelog.

0.3.5 (2025-08-05)

Dependencies

The following workspace dependencies were updated

dependencies

@eslint/core bumped from ^0.15.1 to ^0.15.2

0.3.4 (2025-07-21)

Bug Fixes

potential quadratic runtime in regular expression (#240) (b283f64)

Commits

9e68ab6 chore: release main (#252)
e39a386 docs: Update README sponsors
57734b4 docs: Update README sponsors
380c224 chore: release main (#242)
17276ff docs: Update README sponsors
b283f64 fix: potential quadratic runtime in regular expression (#240)
46cd5da docs: Update README sponsors
9677965 docs: Update README sponsors
20799b5 docs: Update README sponsors
See full diff in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates vite from 5.4.19 to 5.4.21

Release notes

Sourced from vite's releases.

v7.0.8

Please refer to CHANGELOG.md for details.

v7.0.7

Please refer to CHANGELOG.md for details.

v7.0.6

Please refer to CHANGELOG.md for details.

v7.0.5

Please refer to CHANGELOG.md for details.

v7.0.4

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.0.8 (2025-10-20)

Bug Fixes

dev: trim trailing slash before server.fs.deny check (#20968) (6a6db37)

7.0.7 (2025-09-08)

Bug Fixes

apply fs.strict check to HTML files (#20736) (6f01ff4)

upgrade sirv to 3.0.2 (#20735) (63e2a5d)

Tests

detect ts support via process.features (#20544) (45fdb16)

7.0.6 (2025-07-24)

Bug Fixes

deps: update all non-major dependencies (#20442) (e49f505)

dev: incorrect sourcemap when optimized CJS is imported (#20458) (ead2dec)

module-runner: normalize file:// on windows (#20449) (1c9cb49)

respond with correct headers and status code for HEAD requests (#20421) (23d04fc)

Miscellaneous Chores

deps: update rolldown-related dependencies (#20441) (f689d61)

remove some files from prettier ignore (#20459) (8403f69)

Code Refactoring

use environment transform request (#20430) (24e6a0c)

7.0.5 (2025-07-17)

Bug Fixes

deps: update all non-major dependencies (#20406) (1a1cc8a)

remove special handling for Accept: text/html (#20376) (c9614b9)

watch assets referenced by new URL(, import.meta.url) (#20382) (6bc8bf6)

Miscellaneous Chores

deps: update dependency rolldown to ^1.0.0-beta.27 (#20405) (1165667)

Code Refactoring

use foo.endsWith("bar") instead of /bar$/.test(foo) (#20413) (862e192)

7.0.4 (2025-07-10)

Bug Fixes

... (truncated)

Commits

d3c2167 release: v7.0.8
6a6db37 fix(dev): trim trailing slash before server.fs.deny check (#20968)
f88a1c0 release: v7.0.7
45fdb16 test: detect ts support via process.features (#20544)
63e2a5d fix: upgrade sirv to 3.0.2 (#20735)
6f01ff4 fix: apply fs.strict check to HTML files (#20736)
bdde0f9 release: v7.0.6
23d04fc fix: respond with correct headers and status code for HEAD requests (#20421)
ead2dec fix(dev): incorrect sourcemap when optimized CJS is imported (#20458)
e49f505 fix(deps): update all non-major dependencies (#20442)
Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.11.3 to 1.27.1

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.27.1

What's Changed

feat: implement auth/pre-registration conformance scenario by @felixweinberger in modelcontextprotocol/typescript-sdk#1545

docs: add governance documentation for SEP-1730 by @felixweinberger in modelcontextprotocol/typescript-sdk#1547

docs: comprehensive feature documentation for SEP-1730 Tier 1 by @felixweinberger in modelcontextprotocol/typescript-sdk#1548

fix: prevent command injection in example URL opening (v1.x backport) by @maxisbey in modelcontextprotocol/typescript-sdk#1579

fix: call onerror for silently swallowed transport errors by @qing-ant in modelcontextprotocol/typescript-sdk#1580

chore: bump version to 1.27.1 by @felixweinberger in modelcontextprotocol/typescript-sdk#1581

New Contributors

@qing-ant made their first contribution in modelcontextprotocol/typescript-sdk#1580

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

feat: add conformance test infrastructure for v1.x by @felixweinberger in modelcontextprotocol/typescript-sdk#1518

feat: backport discoverOAuthServerInfo() and discovery caching to v1.x by @felixweinberger in modelcontextprotocol/typescript-sdk#1533

feat: add url property to RequestInfo interface by @valentinbeggi in modelcontextprotocol/typescript-sdk#1353

[v1.x] feat(tasks): add streaming methods for elicitation and sampling by @LucaButBoring in modelcontextprotocol/typescript-sdk#1528

chore: bump version for v1.27.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1541

New Contributors

@valentinbeggi made their first contribution in modelcontextprotocol/typescript-sdk#1353

Full Changelog: modelcontextprotocol/typescript-sdk@v1.26.0...v1.27.0

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcarleton in modelcontextprotocol/typescript-sdk#1412

fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @samuv in modelcontextprotocol/typescript-sdk#1382

Fix #1430: Client Credentials providers scopes support (backported) by @NSeydoux in modelcontextprotocol/typescript-sdk#1442

chore: bump version to 1.26.0 by @pcarleton in modelcontextprotocol/typescript-sdk#1479

New Contributors

@samuv made their first contribution in modelcontextprotocol/typescript-sdk#1382

@NSeydoux made their first contribution in modelcontextprotocol/typescript-sdk#1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

... (truncated)

Commits

4faa8c8 chore: bump version to 1.27.1 (#1581)
09a85a8 fix: call onerror for silently swallowed transport errors (#1580)
e79d14a fix: prevent command injection in example URL opening (v1.x backport) (#1579)
342ea39 docs: comprehensive feature documentation for SEP-1730 Tier 1 (#1548)
2084a22 docs: add governance documentation for SEP-1730 (#1547)
f2d2145 feat: implement auth/pre-registration conformance scenario (#1545)
8cbc658 chore: bump version for v1.27.0 (#1541)
5c16ae3 [v1.x] feat(tasks): add streaming methods for elicitation and sampling (#1528)
97ab379 feat: add url property to RequestInfo interface (#1353)
825e9ab feat: backport discoverOAuthServerInfo() and discovery caching to v1.x (#1533)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @modelcontextprotocol/sdk since your current version.

Updates body-parser from 2.2.0 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

docs: update README links by @efekrskl in expressjs/body-parser#673

docs: release notes for the v1.20.4 release by @Phillip9587 in expressjs/body-parser#674

docs: update URL-encoded parser description to include ISO-8859-1 encoding support by @Phillip9587 in expressjs/body-parser#679

docs: use standard jsdoc tags everywhere by @Phillip9587 in expressjs/body-parser#677

deps: qs@^6.14.1 by @UlisesGascon in expressjs/body-parser#689

refactor(json): simplify strict mode error string construction by @jonchurch in expressjs/body-parser#693

Release: 2.2.2 by @UlisesGascon in expressjs/body-parser#691

New Contributors

@efekrskl made their first contribution in expressjs/body-parser#673

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

ci: add dependabot by @Phillip9587 in expressjs/body-parser#593

ci: use full SHAs for github action versions by @Phillip9587 in expressjs/body-parser#594

deps: type-is@^2.0.1 by @Phillip9587 in expressjs/body-parser#599

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/body-parser#609

build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in expressjs/body-parser#610

build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in expressjs/body-parser#611

build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in expressjs/body-parser#613

build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in expressjs/body-parser#612

ci: add codeql github workflows scanning by @Phillip9587 in expressjs/body-parser#614

ci: update CodeQL config to ignore the test directory by @Phillip9587 in expressjs/body-parser#615

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/body-parser#620

build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in expressjs/body-parser#619

chore(deps): unpin devDependencies by @Phillip9587 in expressjs/body-parser#616

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/body-parser#621

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/body-parser#623

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/body-parser#624

chore: add funding to package.json by @Phillip9587 in expressjs/body-parser#617

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/body-parser#625

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/body-parser#630

refactor: move common request validation to read function by @Phillip9587 in expressjs/body-parser#600

deps: bump iconv-lite by @bjohansebas in expressjs/body-parser#631

doc: pull beta changelog forward into 2.0.0 by @jonchurch in expressjs/body-parser#629

refactor: optimize raw and text parsers with shared passthrough function by @Phillip9587 in expressjs/body-parser#634

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#640

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in expressjs/body-parser#639

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#636

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#637

build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in expressjs/body-parser#638

deps: raw-body@^3.0.1 by @Phillip9587 in expressjs/body-parser#641

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.2 / 2026-01-07

deps: qs@^6.14.1

refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

Security fix for GHSA-wqch-xfxh-vrr4

deps:

type-is@^2.0.1

iconv-lite@^0.7.0

Handle split surrogate pairs when encoding UTF-8

Avoid false positives in encodingExists by using prototype-less objects

raw-body@^3.0.1

debug@^4.4.3

Commits

3d24866 2.2.2 (#691)
8474a98 refactor(json): simplify strict mode error string construction (#693)
03f17c2 deps: qs@^6.14.1 (#689)
ea1f25e docs: use standard jsdoc tags everywhere (#677)
d7deef8 docs: update URL-encoded parser description to include ISO-8859-1 encoding su...
b6f52aa docs: release notes for the v1.20.4 release (#674)
2965ca4 docs: update links (#673)
d96b63d 2.2.1 (#659)
b204886 sec: security patch for CVE-2025-13466
e20e351 feat: remove history.md from being packaged on publish (#660)
Additional commits viewable in compare view

Updates qs from 6.14.0 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates tar from 7.4.3 to 7.5.9

Changelog

Sourced from tar's changelog.

Changelog

7.5

Added zstd compression support.

Consistent TOCTOU behavior in sync t.list

Only read from ustar block if not specified in Pax

Fix sync tar.list when file size reduces while reading

Sanitize absolute linkpaths properly

Prevent writing hardlink entries to the archive ahead of their file target

7.4

Deprecate onentry in favor of onReadEntry for clarity.

7.3

Add onWriteEntry option

7.2

DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

Update minipass to v7.1.0

Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

Drop support for node <18

Rewrite in TypeScript, provide ESM and CommonJS hybrid interface

Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.

Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.

Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

1f0c2c9 7.5.9
fbb0851 build minified version as default export
6b8eba0 7.5.8
2cb1120 fix(unpack): improve UnpackSync symlink error "into" path accuracy
d18e4e1 fix: do not write linkpaths through symlinks
4a37eb9 7.5.7
f4a7aa9 fix: properly sanitize hard links containing ..
394ece6 7.5.6
7d4cc17 fix race puting a Link ahead of its target File
26ab904 7.5.5
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs...

Description has been truncated

Bumps the npm_and_yarn group with 5 updates in the /XMRT-Ecosystem-main/app directory: | Package | From | To | | --- | --- | --- | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.3` | `7.0.8` | | [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit) | `0.3.3` | `0.3.5` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | Bumps the npm_and_yarn group with 6 updates in the /XMRT-Ecosystem-main/frontend/xmrt-dao-frontend directory: | Package | From | To | | --- | --- | --- | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.19` | `5.4.21` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.11.3` | `1.27.1` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.9` | Bumps the npm_and_yarn group with 5 updates in the /XMRT-Ecosystem-main/frontend/xmrt-dao-frontend/app directory: | Package | From | To | | --- | --- | --- | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.3` | `7.3.1` | | [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit) | `0.3.3` | `0.3.5` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.8` | Updates `vite` from 7.0.3 to 7.0.8 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.0.8/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.0.8/packages/vite) Updates `@eslint/plugin-kit` from 0.3.3 to 0.3.5 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.3.5/packages/plugin-kit) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `vite` from 5.4.19 to 5.4.21 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.0.8/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.0.8/packages/vite) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `@modelcontextprotocol/sdk` from 1.11.3 to 1.27.1 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.11.3...v1.27.1) Updates `body-parser` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.2) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) Updates `tar` from 7.4.3 to 7.5.9 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.9) Updates `vite` from 7.0.3 to 7.3.1 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.0.8/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.0.8/packages/vite) Updates `@eslint/plugin-kit` from 0.3.3 to 0.3.5 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.3.5/packages/plugin-kit) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 9.0.5 to 9.0.8 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) --- updated-dependencies: - dependency-name: vite dependency-version: 7.0.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@eslint/plugin-kit" dependency-version: 0.3.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.27.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.3.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@eslint/plugin-kit" dependency-version: 0.3.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.8 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-02-27T23:31:52Z

Superseded by #10.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 26, 2026

dependabot bot mentioned this pull request Feb 26, 2026

Bump the npm_and_yarn group across 3 directories with 9 updates #8

Closed

dependabot bot closed this Feb 27, 2026

dependabot bot deleted the dependabot/npm_and_yarn/XMRT-Ecosystem-main/app/npm_and_yarn-897f3a7792 branch February 27, 2026 23:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 3 directories with 9 updates#9

Bump the npm_and_yarn group across 3 directories with 9 updates#9
dependabot[bot] wants to merge 1 commit intomonero-integrationfrom
dependabot/npm_and_yarn/XMRT-Ecosystem-main/app/npm_and_yarn-897f3a7792

dependabot bot commented on behalf of github Feb 26, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 26, 2026

v7.0.8

v7.0.7

v7.0.6

v7.0.5

v7.0.4

7.0.8 (2025-10-20)

Bug Fixes

7.0.7 (2025-09-08)

Bug Fixes

Tests

7.0.6 (2025-07-24)

Bug Fixes

Miscellaneous Chores

Code Refactoring

7.0.5 (2025-07-17)

Bug Fixes

Miscellaneous Chores

Code Refactoring

7.0.4 (2025-07-10)

Bug Fixes

plugin-kit: v0.3.5

0.3.5 (2025-08-05)

Dependencies

plugin-kit: v0.3.4

0.3.4 (2025-07-21)

Bug Fixes

0.3.5 (2025-08-05)

Dependencies

0.3.4 (2025-07-21)

Bug Fixes

[4.1.1] - 2025-11-12

Security

v7.0.8

v7.0.7

v7.0.6

v7.0.5

v7.0.4

7.0.8 (2025-10-20)

Bug Fixes

7.0.7 (2025-09-08)

Bug Fixes

Tests

7.0.6 (2025-07-24)

Bug Fixes

Miscellaneous Chores

Code Refactoring

7.0.5 (2025-07-17)

Bug Fixes

Miscellaneous Chores

Code Refactoring

7.0.4 (2025-07-10)

Bug Fixes

[4.1.1] - 2025-11-12

Security

v1.27.1

What's Changed

New Contributors

v1.27.0

What's Changed

New Contributors

v1.26.0

What's Changed

New Contributors

v1.25.3

What's Changed

v2.2.2

What's Changed

New Contributors

v2.2.1

Important: Security

What's Changed

2.2.2 / 2026-01-07

2.2.1 / 2025-11-24

6.15.0

6.14.2

6.14.1

Changelog

7.5