deps(deps): bump the patch-updates group with 5 updates by dependabot[bot] · Pull Request #18 · Xza85hrf/Modern-portfolio-template

dependabot · 2026-01-27T21:39:16Z

Bumps the patch-updates group with 5 updates:

Package	From	To
@tailwindcss/typography	`0.5.15`	`0.5.19`
autoprefixer	`10.4.20`	`10.4.23`
esbuild	`0.27.1`	`0.27.2`
input-otp	`1.4.1`	`1.4.2`
vitest	`4.0.8`	`4.0.18`

Updates @tailwindcss/typography from 0.5.15 to 0.5.19

Release notes

Sourced from @tailwindcss/typography's releases.

v0.5.19

Fixed

Fixed broken color styles (#405)

v0.5.18

Fixed

Fixed undefined variable error (#403)

v0.5.17

Added

Add modifiers for description list elements (#357)

Add prose-picture modifier (#367)

Fixed

Include unit in hr border-width value (#379)

Ensure <kbd> styles work with Tailwind CSS v4 (#387)

Changed

Remove lodash dependencies (#402)

v0.5.16

Fixed

Support installing with beta versions of Tailwind CSS v4 (#365)

Changelog

Sourced from @tailwindcss/typography's changelog.

[0.5.19] - 2025-09-24

Fixed

Fixed broken color styles (#405)

[0.5.18] - 2025-09-19

Fixed

Fixed undefined variable error (#403)

[0.5.17] - 2025-09-19

Added

Add modifiers for description list elements (#357)

Add prose-picture modifier (#367)

Fixed

Include unit in hr border-width value (#379)

Ensure <kbd> styles work with Tailwind CSS v4 (#387)

Changed

Remove lodash dependencies (#402)

[0.5.16] - 2025-01-07

Fixed

Support installing with beta versions of Tailwind CSS v4 (#365)

Commits

e002ab8 0.5.19
bbb1c21 Fix bad RGB syntax (#405)
b316f95 0.5.18
ed95206 Fix variable declaration in opacity function (#403)
7efcb4a 0.5.17
e0ec248 chore(ci): update actions for release insiders
511afcb Add modifiers for description list elements (#357)
042a531 Add prose-picture modifiers (#367)
f822222 Fix kbd shadow colors not being calculated on oklch colors (#387)
ecb7e87 Add Tailwind v4 custom color theme example to README (#396)
Additional commits viewable in compare view

Updates autoprefixer from 10.4.20 to 10.4.23

Release notes

Sourced from autoprefixer's releases.

10.4.23

Reduced dependencies (by @hyperz111).

10.4.22

Fixed stretch prefixes on new Can I Use database.

Updated fraction.js.

10.4.21

Fixed old -moz- prefix for :placeholder-shown (by @Marukome0743).

Changelog

Sourced from autoprefixer's changelog.

10.4.23

Reduced dependencies (by @hyperz111).

10.4.22

Fixed stretch prefixes on new Can I Use database.

Updated fraction.js.

10.4.21

Fixed old -moz- prefix for :placeholder-shown (by @Marukome0743).

Commits

212ba3c Release 10.4.23 version
7f62fb6 Update dependencies
c455bb1 chore: inline and simplify normalize-range (#1539)
73dc62c Release 10.4.22 version
9973c59 Lock CI action versions
4b4feca Fix Node.js 10 on CI
15c21d3 Fix old Node.js CI
27523c1 Update fraction.js
88a0d3e Update dependencies and fix stretch and update example
541295c Release 10.4.21 version
Additional commits viewable in compare view

Updates esbuild from 0.27.1 to 0.27.2

Release notes

Sourced from esbuild's releases.

v0.27.2
Allow import path specifiers starting with #/ (#4361)

Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

This change was contributed by @hybrist.
Automatically add the -webkit-mask prefix (#4357, #4358)

This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:
/* Original code */
main {
  mask: url(x.png) center/5rem no-repeat
}
/* Old output (with --target=chrome110) */
main {
mask: url(x.png) center/5rem no-repeat;
}
/* New output (with --target=chrome110) */
main {
-webkit-mask: url(x.png) center/5rem no-repeat;
mask: url(x.png) center/5rem no-repeat;
}
This change was contributed by @BPJEnnova.
Additional minification of switch statements (#4176, #4359)

This release contains additional minification patterns for reducing switch statements. Here is an example:
// Original code
switch (x) {
  case 0:
    foo()
    break
  case 1:
  default:
    bar()
}
// Old output (with --minify)
switch(x){case 0:foo();break;case 1:default:bar()}
// New output (with --minify)

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.2
Allow import path specifiers starting with #/ (#4361)

Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

This change was contributed by @hybrist.
Automatically add the -webkit-mask prefix (#4357, #4358)

This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:
/* Original code */
main {
  mask: url(x.png) center/5rem no-repeat
}
/* Old output (with --target=chrome110) */
main {
mask: url(x.png) center/5rem no-repeat;
}
/* New output (with --target=chrome110) */
main {
-webkit-mask: url(x.png) center/5rem no-repeat;
mask: url(x.png) center/5rem no-repeat;
}
This change was contributed by @BPJEnnova.
Additional minification of switch statements (#4176, #4359)

This release contains additional minification patterns for reducing switch statements. Here is an example:
// Original code
switch (x) {
  case 0:
    foo()
    break
  case 1:
  default:
    bar()
}
// Old output (with --minify)
switch(x){case 0:foo();break;case 1:default:bar()}

... (truncated)

Commits

cd83297 publish 0.27.2 to npm
2759721 additional tests for switch with break
fd2b4b3 update release notes
c8d93a7 fix #4357: -webkit- prefix for mask shorthand (#4358)
92ff12c compat table: update @types/node
a35eceb compat table: fix a type error with the new types
f598984 fix make compat-table to install dependencies
f7f6df0 release notes for #4361
6f8ec15 fix: allow subpath imports that start with #/ (#4361)
f7ae61f minify some switch statements to if-else statement
Additional commits viewable in compare view

Updates input-otp from 1.4.1 to 1.4.2

Changelog

Sourced from input-otp's changelog.

[1.4.2]

chore(input): remove unintentional log within internal pasteListener

Commits

See full diff in compare view

Updates vitest from 4.0.8 to 4.0.18

Release notes

Sourced from vitest's releases.

v4.0.18

   🚀 Experimental Features

experimental: Add onModuleRunner hook to worker.init - by @sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

Use meta.url in createRequire - by @sheremet-va in vitest-dev/vitest#9441 (e0572)

browser: Hide injected data-testid attributes - by @sheremet-va in vitest-dev/vitest#9503 (f8989)

ui: Process artifact attachments when generating HTML reporter - by @macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

v4.0.17

   🚀 Experimental Features

Support openTelemetry for browser mode - by @hi-ogawa in vitest-dev/vitest#9180 (1ec3a)

Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation - by @Copilot, hi-ogawa and @hi-ogawa in vitest-dev/vitest#9295 (876cb)

   🐞 Bug Fixes

Improve asymmetric matcher diff readability by unwrapping container matchers - by @Copilot, sheremet-va, hi-ogawa and @hi-ogawa in vitest-dev/vitest#9330 (b2ec7)

Improve runner error when importing outside of test context - by @sheremet-va in vitest-dev/vitest#9335 (2dd3d)

Replace crypto.randomUUID to allow insecure environments (fix #9… - by @plusgut in vitest-dev/vitest#9339 and vitest-dev/vitest#9 (e6a3f)

Handle null options in addEventHandler #9371 - by @ThibautMarechal in vitest-dev/vitest#9372 and vitest-dev/vitest#9371 (40841)

Typo in browser.provider error - by @deammer in vitest-dev/vitest#9394 (4b67f)

browser:

Fix process.env and import.meta.env defines in inline project - by @hi-ogawa in vitest-dev/vitest#9239 (b70c9)

Fix upload File instance - by @hi-ogawa in vitest-dev/vitest#9294 (b6778)

Fix invalid project token for artifacts assets - by @hi-ogawa in vitest-dev/vitest#9321 (caa7d)

Log ErrorEvent.message when unhandled ErrorEvent.error is null - by @hi-ogawa in vitest-dev/vitest#9322 (5d84e)

Support fileParallelism on an instance - by @sheremet-va in vitest-dev/vitest#9328 (15006)

coverage:

Remove unnecessary istanbul-lib-source-maps usage - by @AriPerkkio in vitest-dev/vitest#9344 (b0940)

Apply patch from istanbuljs/istanbuljs#837 - by @AriPerkkio and sapphi-red in vitest-dev/vitest#9413 and vitest-dev/vitest#837 (e05ce)

fsModuleCache:

Don't store importers in cache - by @sheremet-va in vitest-dev/vitest#9422 (75136)

Add importers alongside importedModules - by @sheremet-va in vitest-dev/vitest#9423 (59f92)

mocker:

Fix mock transform with class - by @hi-ogawa in vitest-dev/vitest#9421 (d390e)

pool:

Validate environment options when reusing the worker - by @sheremet-va in vitest-dev/vitest#9349 (a8a88)

Handle worker start failures gracefully - by @AriPerkkio in vitest-dev/vitest#9337 (200da)

reporter:

Report test module if it failed to run - by @sheremet-va in vitest-dev/vitest#9272 (c7888)

runner:

Respect nested test.only within describe.only - by @Ujjwaljain16 in vitest-dev/vitest#9021 and vitest-dev/vitest#9213 (55d5d)

typecheck:

Improve error message when tsc outputs help text - by @Ujjwaljain16 in vitest-dev/vitest#9214 (7b10a)

ui:

... (truncated)

Commits

4d3e3c6 chore: release v4.0.18
ea837de feat(experimental): add onModuleRunner hook to worker.init (#9286)
e057281 fix: use meta.url in createRequire (#9441)
dd54e94 chore: release v4.0.17
59f92d4 fix(fsModuleCache): add importers alongside importedModules (#9423)
751364e fix(fsModuleCache): don't store importers in cache (#9422)
4b67fc2 fix: typo in browser.provider error (#9394)
40841ff fix: handle null options in addEventHandler #9371 (#9372)
200dadb fix(pool): handle worker start failures gracefully (#9337)
1500654 fix(browser): support fileParallelism on an instance (#9328)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Security fix: js-yaml 4.1.0 → 4.1.1 (prototype pollution fix)

…dates (#14) Dependency updates with security fixes for glob, lodash (prototype pollution), qs, and tar

…ning (#13) Portfolio redesign with CI/CD, Vercel fixes, and security hardening Major changes: - Complete UI/UX redesign with modern components - GitHub Actions CI/CD pipeline (lint, build, security, lighthouse) - Vercel deployment fixes (CORS, rate limiting, SPA routing) - CodeQL security fixes (path traversal, rate limiting) - Dependency updates and vulnerability fixes

Bumps the patch-updates group with 5 updates: | Package | From | To | | --- | --- | --- | | [@tailwindcss/typography](https://github.com/tailwindlabs/tailwindcss-typography) | `0.5.15` | `0.5.19` | | [autoprefixer](https://github.com/postcss/autoprefixer) | `10.4.20` | `10.4.23` | | [esbuild](https://github.com/evanw/esbuild) | `0.27.1` | `0.27.2` | | [input-otp](https://github.com/guilhermerodz/input-otp/tree/HEAD/packages/input-otp) | `1.4.1` | `1.4.2` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.8` | `4.0.18` | Updates `@tailwindcss/typography` from 0.5.15 to 0.5.19 - [Release notes](https://github.com/tailwindlabs/tailwindcss-typography/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss-typography/blob/main/CHANGELOG.md) - [Commits](tailwindlabs/tailwindcss-typography@v0.5.15...v0.5.19) Updates `autoprefixer` from 10.4.20 to 10.4.23 - [Release notes](https://github.com/postcss/autoprefixer/releases) - [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md) - [Commits](postcss/autoprefixer@10.4.20...10.4.23) Updates `esbuild` from 0.27.1 to 0.27.2 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.27.1...v0.27.2) Updates `input-otp` from 1.4.1 to 1.4.2 - [Changelog](https://github.com/guilhermerodz/input-otp/blob/master/CHANGELOG.md) - [Commits](https://github.com/guilhermerodz/input-otp/commits/HEAD/packages/input-otp) Updates `vitest` from 4.0.8 to 4.0.18 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.18/packages/vitest) --- updated-dependencies: - dependency-name: "@tailwindcss/typography" dependency-version: 0.5.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: autoprefixer dependency-version: 10.4.23 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: esbuild dependency-version: 0.27.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: input-otp dependency-version: 1.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: vitest dependency-version: 4.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-01-27T21:39:16Z

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

…ates (#18) Bumps the backend-deps group with 3 updates in the / directory: [drizzle-orm](https://github.com/drizzle-team/drizzle-orm), [drizzle-zod](https://github.com/drizzle-team/drizzle-orm) and [express-session](https://github.com/expressjs/session). Updates `drizzle-orm` from 0.36.4 to 0.45.1 - [Release notes](https://github.com/drizzle-team/drizzle-orm/releases) - [Commits](drizzle-team/drizzle-orm@0.36.4...0.45.1) Updates `drizzle-zod` from 0.5.1 to 0.8.3 - [Release notes](https://github.com/drizzle-team/drizzle-orm/releases) - [Commits](https://github.com/drizzle-team/drizzle-orm/commits) Updates `express-session` from 1.18.2 to 1.19.0 - [Release notes](https://github.com/expressjs/session/releases) - [Changelog](https://github.com/expressjs/session/blob/master/HISTORY.md) - [Commits](expressjs/session@v1.18.2...v1.19.0) --- updated-dependencies: - dependency-name: drizzle-orm dependency-version: 0.45.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-deps - dependency-name: drizzle-zod dependency-version: 0.8.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-deps - dependency-name: express-session dependency-version: 1.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot · 2026-01-28T16:29:01Z

Looks like these dependencies are no longer updatable, so this is no longer needed.

dependabot · 2026-01-28T16:29:05Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot bot and others added 4 commits January 27, 2026 22:10

build(deps-dev): bump js-yaml (#12)

b7e9a46

Security fix: js-yaml 4.1.0 → 4.1.1 (prototype pollution fix)

build(deps): bump the npm_and_yarn group across 1 directory with 4 up…

4910a0e

…dates (#14) Dependency updates with security fixes for glob, lodash (prototype pollution), qs, and tar

dependabot bot added the dependencies Pull requests that update a dependency file label Jan 27, 2026

Xza85hrf force-pushed the main branch from fa3b76e to 72d43dd Compare January 27, 2026 21:49

Xza85hrf closed this Jan 28, 2026

Xza85hrf deleted the dependabot/npm_and_yarn/main/patch-updates-2357ebfb1e branch January 28, 2026 16:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(deps): bump the patch-updates group with 5 updates#18

deps(deps): bump the patch-updates group with 5 updates#18
dependabot[bot] wants to merge 4 commits intomainfrom
dependabot/npm_and_yarn/main/patch-updates-2357ebfb1e

dependabot bot commented on behalf of github Jan 27, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Jan 27, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 28, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Jan 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.5.19

Fixed

v0.5.18

Fixed

v0.5.17

Added

Fixed

Changed

v0.5.16

Fixed

[0.5.19] - 2025-09-24

Fixed

[0.5.18] - 2025-09-19

Fixed

[0.5.17] - 2025-09-19

Added

Fixed

Changed

[0.5.16] - 2025-01-07

Fixed

10.4.23

10.4.22

10.4.21

10.4.23

10.4.22

10.4.21

v0.27.2

0.27.2

[1.4.2]

v4.0.18

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.0.17

🚀 Experimental Features

🐞 Bug Fixes

Uh oh!

dependabot bot commented on behalf of github Jan 27, 2026

Labels

Uh oh!

dependabot bot commented on behalf of github Jan 28, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Jan 27, 2026 •

edited

Loading