Skip to content

Bump the npm_and_yarn group across 1 directory with 19 updates#22

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-4ecbff16d7
Closed

Bump the npm_and_yarn group across 1 directory with 19 updates#22
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-4ecbff16d7

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 17, 2026

Bumps the npm_and_yarn group with 18 updates in the / directory:

Package From To
ai 3.4.33 5.0.52
diff 5.2.0 8.0.3
pnpm 9.15.0 10.27.0
vite 5.4.11 5.4.21
vitest 2.1.8 2.1.9
@eslint/plugin-kit 0.2.3 0.2.8
@octokit/endpoint 10.1.1 10.1.4
@octokit/plugin-paginate-rest 11.3.6 11.6.0
@octokit/request-error 6.1.5 6.1.8
@octokit/request 9.1.3 9.2.4
brace-expansion 1.1.11 1.1.12
glob 10.4.5 10.5.0
js-yaml 4.1.0 4.1.1
node-forge 1.3.1 1.3.3
pbkdf2 3.1.2 3.1.5
sha.js 2.4.11 2.4.12
tar-fs 2.1.1 2.1.4
undici 5.28.4 5.29.0

Updates ai from 3.4.33 to 5.0.52

Commits
  • 63d5f66 Version Packages (#8895)
  • 930399b Backport: fix(ai): download files when intermediate file cannot be downloaded...
  • 7ca78f1 Backport: feat(provider/gateway): Add new Qwen models to Gateway model string...
  • 1cfc209 Backport: feat(provider/openai): OpenAILanguageModelOptions type (#8858)
  • 347b7ec ci: rename v5.0 branch to release-v*
  • 85909a9 Backport: chore(ai): update test message (#8875)
  • c56822d Backport: fix(ai): update uiMessageChunkSchema to satisfy the `UIMessageChu...
  • 1461adf Backport: chore(examples): remove redundant OpenAI reasoning examples (#8871)
  • 6bd07df Version Packages (#8853)
  • a45d61a ci(release): remove incorrect changeset bump for @ai-sdk/baseten
  • Additional commits viewable in compare view

Updates diff from 5.2.0 to 8.0.3

Changelog

Sourced from diff's changelog.

8.0.3

  • #631 - fix support for using an Intl.Segmenter with diffWords. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).
  • #635 - small tweaks to tokenization behaviour of diffWords when used without an Intl.Segmenter. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (× and ÷) are now treated as punctuation instead of as letters / word characters.
  • #641 - the format of file headers in createPatch etc. patches can now be customised somewhat. It now takes a headerOptions option that can be used to disable the file headers entirely, or omit the Index: line and/or the underline. In particular, this was motivated by a request to make jsdiff patches compatible with react-diff-view, which they now are if produced with headerOptions: FILE_HEADERS_ONLY.
  • #647 and #649 - fix denial-of-service vulnerabilities in parsePatch whereby adversarial input could cause a memory-leaking infinite loop, typically crashing the calling process. Also fixed ReDOS vulnerabilities whereby adversarially-crafted patch headers could take cubic time to parse. Now, parsePatch should reliably take linear time. (Handling of headers that include the line break characters \r, \u2028, or \u2029 in non-trailing positions is also now more reasonable as side effect of the fix.)

8.0.2

  • #616 Restored compatibility of diffSentences with old Safari versions. This was broken in 8.0.0 by the introduction of a regex with a lookbehind assertion; these weren't supported in Safari prior to version 16.4.
  • #612 Improved tree shakeability by marking the built CJS and ESM packages with sideEffects: false.

8.0.1

  • #610 Fixes types for diffJson which were broken by 8.0.0. The new bundled types in 8.0.0 only allowed diffJson to be passed string arguments, but it should've been possible to pass either strings or objects (and now is). Thanks to Josh Kelley for the fix.

8.0.0

  • #580 Multiple tweaks to diffSentences:
    • tokenization no longer takes quadratic time on pathological inputs (reported as a ReDOS vulnerability by Snyk); is now linear instead
    • the final sentence in the string is now handled the same by the tokenizer regardless of whether it has a trailing punctuation mark or not. (Previously, "foo. bar." tokenized to ["foo.", " ", "bar."] but "foo. bar" tokenized to ["foo.", " bar"] - i.e. whether the space between sentences was treated as a separate token depended upon whether the final sentence had trailing punctuation or not. This was arbitrary and surprising; it is no longer the case.)
    • in a string that starts with a sentence end, like "! hello.", the "!" is now treated as a separate sentence
    • the README now correctly documents the tokenization behaviour (it was wrong before)
  • #581 - fixed some regex operations used for tokenization in diffWords taking O(n^2) time in pathological cases
  • #595 - fixed a crash in patch creation functions when handling a single hunk consisting of a very large number (e.g. >130k) of lines. (This was caused by spreading indefinitely-large arrays to .push() using .apply or the spread operator and hitting the JS-implementation-specific limit on the maximum number of arguments to a function, as shown at https://stackoverflow.com/a/56809779/1709587; thus the exact threshold to hit the error will depend on the environment in which you were running JsDiff.)
  • #596 - removed the merge function. Previously JsDiff included an undocumented function called merge that was meant to, in some sense, merge patches. It had at least a couple of serious bugs that could lead to it returning unambiguously wrong results, and it was difficult to simply "fix" because it was unclear precisely what it was meant to do. For now, the fix is to remove it entirely.
  • #591 - JsDiff's source code has been rewritten in TypeScript. This change entails the following changes for end users:

    • the diff package on npm now includes its own TypeScript type definitions. Users who previously used the @types/diff npm package from DefinitelyTyped should remove that dependency when upgrading JsDiff to v8.

      Note that the transition from the DefinitelyTyped types to JsDiff's own type definitions includes multiple fixes and also removes many exported types previously used for options arguments to diffing and patch-generation functions. (There are now different exported options types for abortable calls - ones with a timeout or maxEditLength that may give a result of undefined - and non-abortable calls.) See the TypeScript section of the README for some usage tips.

    • The Diff object is now a class. Custom extensions of Diff, as described in the "Defining custom diffing behaviors" section of the README, can therefore now be done by writing a class CustomDiff extends Diff and overriding methods, instead of the old way based on prototype inheritance. (I think code that did things the old way should still work, though!)

    • diff/lib/index.es6.js and diff/lib/index.mjs no longer exist, and the ESM version of the library is no longer bundled into a single file.

    • The ignoreWhitespace option for diffWords is no longer included in the type declarations. The effect of passing ignoreWhitespace: true has always been to make diffWords just call diffWordsWithSpace instead, which was confusing, because that behaviour doesn't seem properly described as "ignoring" whitespace at all. The property remains available to non-TypeScript applications for the sake of backwards compatibility, but TypeScript applications will now see a type error if they try to pass ignoreWhitespace: true to diffWords and should change their code to call diffWordsWithSpace instead.

    • JsDiff no longer purports to support ES3 environments. (I'm pretty sure it never truly did, despite claiming to in its README, since even the 1.0.0 release used Array.map which was added in ES5.)

  • #601 - diffJson's stringifyReplacer option behaves more like JSON.stringify's replacer argument now. In particular:
    • Each key/value pair now gets passed through the replacer once instead of twice
    • The key passed to the replacer when the top-level object is passed in as value is now "" (previously, was undefined), and the key passed with an array element is the array index as a string, like "0" or "1" (previously was whatever the key for the entire array was). Both the new behaviours match that of JSON.stringify.
  • #602 - diffing functions now consistently return undefined when called in async mode (i.e. with a callback). Previously, there was an odd quirk where they would return true if the strings being diffed were equal and undefined otherwise.

7.0.0

Just a single (breaking) bugfix, undoing a behaviour change introduced accidentally in 6.0.0:

  • #554 diffWords treats numbers and underscores as word characters again. This behaviour was broken in v6.0.0.

6.0.0

... (truncated)

Commits
  • 13576bf 8.0.3 release (#652)
  • 1179ccb Ignore .zed (#651)
  • 949d6e2 Add test for the vuln I just fixed (#650)
  • 15a1585 Fix the second denial-of-service vulnerability in parsePatch (#649)
  • de95cca Fix potentially cubic-time regex in parsePatch (#647)
  • b9aeede Allow more customisation of file headers in patches (#641)
  • 43c716c Merge pull request #636 from kpdecker/dependabot/npm_and_yarn/node-forge-1.3.2
  • b8162c7 Bump node-forge from 1.3.1 to 1.3.2
  • ad6dc17 Fix some bugs in the diffWords regex (and errors & ambiguities in the comment...
  • 3e1774a Fix a comment typo (#633)
  • Additional commits viewable in compare view

Updates pnpm from 9.15.0 to 10.27.0

Release notes

Sourced from pnpm's releases.

pnpm 10.27

Minor Changes

  • Adding trustPolicyIgnoreAfter allows you to ignore trust policy checks for packages published more than a specified time ago#10352.

  • Added project registry for global virtual store prune support.

    Projects using the store are now registered via symlinks in {storeDir}/v10/projects/. This enables pnpm store prune to track which packages are still in use by active projects and safely remove unused packages from the global virtual store.

  • Semi-breaking. Changed the location of unscoped packages in the virtual global store. They will now be stored under a directory named @ to maintain a uniform 4-level directory depth.

  • Added mark-and-sweep garbage collection for global virtual store.

    pnpm store prune now removes unused packages from the global virtual store's links/ directory. The algorithm:

    1. Scans all registered projects for symlinks pointing to the store
    2. Walks transitive dependencies to mark reachable packages
    3. Removes any package directories not marked as reachable

    This includes support for workspace monorepos - all node_modules directories within a project (including those in workspace packages) are scanned.

Patch Changes

  • Throw an error if the value of the tokenHelper or <url>:tokenHelper setting contains an environment variable.
  • Git dependencies with build scripts should respect the dangerouslyAllowAllBuilds settings #10376.
  • Skip the package manager check when running with --global and a project packageManager is configured, and warn that the check is skipped.
  • pnpm store prune should not fail if the dlx cache directory has files, not only directories #10384
  • Fixed a bug (#9759) where pnpm add would incorrectly modify a catalog entry in pnpm-workspace.yaml to its exact version.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.27.0

Minor Changes

  • Adding trustPolicyIgnoreAfter allows you to ignore trust policy checks for packages published more than a specified time ago#10352.

  • Added project registry for global virtual store prune support.

    Projects using the store are now registered via symlinks in {storeDir}/v10/projects/. This enables pnpm store prune to track which packages are still in use by active projects and safely remove unused packages from the global virtual store.

  • Semi-breaking. Changed the location of unscoped packages in the virtual global store. They will now be stored under a directory named @ to maintain a uniform 4-level directory depth.

  • Added mark-and-sweep garbage collection for global virtual store.

    pnpm store prune now removes unused packages from the global virtual store's links/ directory. The algorithm:

    1. Scans all registered projects for symlinks pointing to the store
    2. Walks transitive dependencies to mark reachable packages
    3. Removes any package directories not marked as reachable

    This includes support for workspace monorepos - all node_modules directories within a project (including those in workspace packages) are scanned.

Patch Changes

  • Throw an error if the value of the tokenHelper or <url>:tokenHelper setting contains an environment variable.
  • Git dependencies with build scripts should respect the dangerouslyAllowAllBuilds settings #10376.
  • Skip the package manager check when running with --global and a project packageManager is configured, and warn that the check is skipped.
  • pnpm store prune should not fail if the dlx cache directory has files, not only directories #10384
  • Fixed a bug (#9759) where pnpm add would incorrectly modify a catalog entry in pnpm-workspace.yaml to its exact version.

10.26.2

Patch Changes

  • Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #10307.

  • Fix installation of Git dependencies using annotated tags #10335.

    Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.

  • Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #10244.

  • Try to avoid making network calls with preferOffline #10334.

10.26.1

Patch Changes

  • Don't fail on pnpm add, when blockExoticSubdeps is set to true #10324.
  • Always resolve git references to full commits and ensure HEAD points to the commit after checkout #10310.

10.26.0

Minor Changes

... (truncated)

Commits
  • 6bdba72 chore(release): 10.27.0
  • 512f188 fix: git dependencies respect dangerouslyAllowAllBuilds (#10387)
  • c23bdf7 feat(cli): skip package manager check when using --global option (#10368)
  • 3f2c5f4 feat: add trustPolicyIgnoreAfter (#10359)
  • 8ec7939 chore(release): 10.26.2
  • 4986c46 chore(release): 10.26.1
  • 244e33b chore(release): 10.26.0
  • 4077539 fix(git-fetcher): block git dependencies from running prepare scripts unless ...
  • b0cd2de chore(release): 10.25.0
  • fa82ec3 docs: update sponsors
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for pnpm since your current version.


Updates vite from 5.4.11 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

v5.4.19

Please refer to CHANGELOG.md for details.

v5.4.18

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

5.4.20 (2025-09-08)

5.4.19 (2025-04-30)

5.4.18 (2025-04-10)

5.4.17 (2025-04-03)

5.4.16 (2025-03-31)

5.4.15 (2025-03-24)

5.4.14 (2025-01-21)

... (truncated)

Commits

Updates vitest from 2.1.8 to 2.1.9

Release notes

Sourced from vitest's releases.

v2.1.9

This release includes security patches for:

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates @eslint/plugin-kit from 0.2.3 to 0.2.8

Release notes

Sourced from @​eslint/plugin-kit's releases.

plugin-kit: v0.2.8

0.2.8 (2025-04-01)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.12.0 to ^0.13.0

plugin-kit: v0.2.7

0.2.7 (2025-02-21)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.11.0 to ^0.12.0

plugin-kit: v0.2.6

0.2.6 (2025-01-31)

Bug Fixes

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.10.0 to ^0.11.0

plugin-kit: v0.2.5

0.2.5 (2025-01-09)

Bug Fixes

  • make plugin-kit types usable in CommonJS (#143) (f77ba17)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.9.1 to ^0.10.0

... (truncated)

Changelog

Sourced from @​eslint/plugin-kit's changelog.

0.2.8 (2025-04-01)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.12.0 to ^0.13.0

0.2.7 (2025-02-21)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.11.0 to ^0.12.0

0.2.6 (2025-01-31)

Bug Fixes

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.10.0 to ^0.11.0

0.2.5 (2025-01-09)

Bug Fixes

  • make plugin-kit types usable in CommonJS (#143) (f77ba17)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.9.1 to ^0.10.0

0.2.4 (2024-12-04)

Bug Fixes

... (truncated)

Commits

Updates @octokit/endpoint from 10.1.1 to 10.1.4

Release notes

Sourced from @​octokit/endpoint's releases.

v10.1.4

10.1.4 (2025-04-10)

Bug Fixes

  • deps: update dependency @​octokit/types to v14 (#523) (ca8c366)

v10.1.3

10.1.3 (2025-02-13)

Bug Fixes

v10.1.2

10.1.2 (2024-12-31)

Bug Fixes

  • deps: bump @octokit/types to improve Deno compat (#507) (15d700b)
Commits
  • ca8c366 fix(deps): update dependency @​octokit/types to v14 (#523)
  • 7b9a884 maint: cleanup package.json and use Node LTS instead of v16 (#519)
  • bcc0f97 build(deps): bump vite from 6.1.0 to 6.2.5 (#522)
  • 255c59d ci(action): update actions/create-github-app-token action to v2 (#521)
  • adeee3e chore(deps): update dependency prettier to v3.5.3 (#518)
  • ea60e07 chore(deps): update dependency semantic-release-plugin-update-version-in-file...
  • 8f43346 chore(deps): update dependency prettier to v3.5.2 (#517)
  • 2209b07 chore(deps): update dependency prettier to v3.5.1 (#513)
  • d6cf1ad fix: linting issues breaking ci (#514)
  • 6c9c5be Merge commit from fork
  • Additional commits viewable in compare view

Updates @octokit/plugin-paginate-rest from 11.3.6 to 11.6.0

Release notes

Sourced from @​octokit/plugin-paginate-rest's releases.

v11.6.0

11.6.0 (2025-03-18)

Features

  • new /orgs/{org}/issue-types, /orgs/{org}/issue-types/{issue_type_id} enpoints (#666) (1f44b54)

v11.5.0

11.5.0 (2025-03-18)

Features

  • new GET /orgs/{org}/actions/hosted-runners, GET /orgs/{org}/actions/runner-groups/{runner_group_id}/hosted-runners, GET /orgs/{org}/rulesets/{ruleset_id}/history, GET /orgs/{org}/settings/network-configurations, GET /repos/{owner}/{repo}/rulesets/{ruleset_id}/history endpoints (#649) (ef30a05)

v11.4.4-cjs.2

11.4.4-cjs.2 (2025-02-26)

[!IMPORTANT] This is a special release to backport newer changes to CJS and address a ReDos vulnerability

Bug Fixes

  • deps: update @octokit/plugin-rest-endpoint-methods (2c70eaf)

v11.4.4-cjs.1

11.4.4-cjs.1 (2025-02-26)

[!IMPORTANT] This is a special release to backport newer changes to CJS and address a ReDos vulnerability

Bug Fixes

Reverts

  • Revert "docs(README): update examples to use ESM (#611)" (1389b71)
  • Revert "feat: package is now ESM (#596)" (64ba6f4)
  • Revert "fix(pkg): add default fallback and types export (#612)" (27a8552)

v11.4.3

... (truncated)

Commits
  • 1f44b54 feat: new /orgs/{org}/issue-types, `/orgs/{org}/issue-types/{issue_type_id}...
  • ef30a05 feat: new GET /orgs/{org}/actions/hosted-runners, `GET /orgs/{org}/actions/...
  • fbadb74 chore(deps): update dependency prettier to v3.5.3 (#665)
  • 1c297ca chore(deps): update dependency semantic-release-plugin-update-version-in-file...
  • 60d26d9 chore(deps): update dependency prettier to v3.5.2 (#664)
  • 9a51aad fix(types): correct pagination return type for data which is an array (#662)
  • 8b8c500 fix(types): add back the pagination keys (#653)
  • 41876f4 chore(deps): update dependency prettier to v3.5.1 (#658)
  • 7d1fade fix: mitigate ReDos issues & linting issues (#659)
  • bb6c4f9 Merge commit from fork
  • Additional commits viewable in compare view

Updates @octokit/request-error from 6.1.5 to 6.1.8

Release notes

Sourced from @​octokit/request-error's releases.

v6.1.8

6.1.8 (2025-04-10)

Bug Fixes

  • deps: update dependency @​octokit/types to v14 (#505) (ab4ea7b)

v6.1.7

6.1.7 (2025-02-13)

Bug Fixes

  • ReDos regex vulnerability, reported by @​DayShift (d558320874a4bc8d356babf1079e6f0056a59b9e)

v6.1.6

6.1.6 (2024-12-29)

Bug Fixes

  • deps: bump @octokit/types to fix Deno compat (#483) (e01d470)
Commits
  • ab4ea7b fix(deps): update dependency @​octokit/types to v14 (#505)
  • 7eba3d2 chore(deps): update dependency tinybench to v4 (#501)
  • 549624b build(deps): bump vite from 6.2.2 to 6.2.5 (#504)
  • 11c1adc build(deps): lock file maintenance (#502)
  • de5f24d chore(deps): update dependency prettier to v3.5.3 (#499)
  • ef66347 build(deps): lock file maintenance (#500)
  • 787201d build(deps): lock file maintenance (#498)
  • 5ab6a76 chore(deps): update dependency prettier to v3.5.2 (#497)
  • f8f8c4a build(deps): lock file maintenance (#496)
  • eee2491 chore(deps): update dependency prettier to v3.5.1 (#493)
  • Additional commits viewable in compare view

Updates @octokit/request from 9.1.3 to 9.2.4

Release notes

Sourced from @​octokit/request's releases.

v9.2.4

9.2.4 (2025-06-20)

Bug Fixes

  • pkg: unreplaced version number in dist-bundle/ (#765) (afa9d09)

v9.2.3

9.2.3 (2025-04-10)

Bug Fixes

  • deps: update dependency @​octokit/types to v14 (#753) (7d576b0)

v9.2.2

9.2.2 (2025-02-14)

Bug Fixes

  • deps: update dependency @​octokit/request-error to v6.1.7 [security] (#740) (4b2f485)

v9.2.1

9.2.1 (2025-02-13)

Bug Fixes

  • mitigate ReDos vulnerabilities & lint (#738) (6bb29ba)

v9.2.0

9.2.0 (2025-01-16)

Features

  • correctly parse response bodies as JSON where the Content-Type is application/scim+json (#731) (00bf316)

v9.1.4

9.1.4 (2024-12-29)

Bug Fixes

  • deps: bump @octokit/types to fix deno compat (#730) (324ffef)
Commits
  • afa9d09 fix(pkg): unreplaced version number in dist-bundle/ (#765)
  • 3773e64 ci: replace OCTOKITBOT_PROJECT_ACTION_TOKEN and OCTOKITBOT_PAT with a tok...
  • 7d576b0 fix(deps): update dependency @​octokit/types to v14 (#753)
  • c9bfc37 build(deps): bump vite from 6.1.0 to 6.2.5 (#750)
  • f7b9616 ci(prettier): use Node LTS instead of Node 16 (#748)
  • 1955847 chore(deps): update dependency prettier to v3.5.3 (#745)
  • b71107b chore(deps): update dependency semantic-release-plugin-update-version-in-file...
  • c855943 chore(deps): update dependency prettier to v3.5.2 (#743)
  • 4b2f485 fix(deps): update dependency @​octokit/request-error to v6.1.7 [security] (#740)
  • 0320a42 chore(deps): update dependency prettier to v3.5.1 (#737)
  • Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

@dependabot
Bump the npm_and_yarn group across 1 directory with 19 updates
fe1475d 
Bumps the npm_and_yarn group with 18 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [ai](https://github.com/vercel/ai) | `3.4.33` | `5.0.52` |
| [diff](https://github.com/kpdecker/jsdiff) | `5.2.0` | `8.0.3` |
| [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm) | `9.15.0` | `10.27.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.11` | `5.4.21` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `2.1.8` | `2.1.9` |
| [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit) | `0.2.3` | `0.2.8` |
| [@octokit/endpoint](https://github.com/octokit/endpoint.js) | `10.1.1` | `10.1.4` |
| [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js) | `11.3.6` | `11.6.0` |
| [@octokit/request-error](https://github.com/octokit/request-error.js) | `6.1.5` | `6.1.8` |
| [@octokit/request](https://github.com/octokit/request.js) | `9.1.3` | `9.2.4` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |
| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.3.3` |
| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.5` |
| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` |
| [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.29.0` |



Updates `ai` from 3.4.33 to 5.0.52
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/compare/ai@3.4.33...ai@5.0.52)

Updates `diff` from 5.2.0 to 8.0.3
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v5.2.0...v8.0.3)

Updates `pnpm` from 9.15.0 to 10.27.0
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Changelog](https://github.com/pnpm/pnpm/blob/v10.27.0/pnpm/CHANGELOG.md)
- [Commits](https://github.com/pnpm/pnpm/commits/v10.27.0/pnpm)

Updates `vite` from 5.4.11 to 5.4.21
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite)

Updates `vitest` from 2.1.8 to 2.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v2.1.9/packages/vitest)

Updates `@eslint/plugin-kit` from 0.2.3 to 0.2.8
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.2.8/packages/plugin-kit)

Updates `@octokit/endpoint` from 10.1.1 to 10.1.4
- [Release notes](https://github.com/octokit/endpoint.js/releases)
- [Commits](octokit/endpoint.js@v10.1.1...v10.1.4)

Updates `@octokit/plugin-paginate-rest` from 11.3.6 to 11.6.0
- [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases)
- [Commits](octokit/plugin-paginate-rest.js@v11.3.6...v11.6.0)

Updates `@octokit/request-error` from 6.1.5 to 6.1.8
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](octokit/request-error.js@v6.1.5...v6.1.8)

Updates `@octokit/request` from 9.1.3 to 9.2.4
- [Release notes](https://github.com/octokit/request.js/releases)
- [Commits](octokit/request.js@v9.1.3...v9.2.4)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `glob` from 10.4.5 to 10.5.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v10.4.5...v10.5.0)

Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `node-forge` from 1.3.1 to 1.3.3
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.3.3)

Updates `pbkdf2` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md)
- [Commits](browserify/pbkdf2@v3.1.2...v3.1.5)

Updates `react-router` from 6.28.0 to 6.30.3
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router@6.30.3/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@6.30.3/packages/react-router)

Updates `sha.js` from 2.4.11 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.11...v2.4.12)

Updates `tar-fs` from 2.1.1 to 2.1.4
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4)

Updates `undici` from 5.28.4 to 5.29.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.4...v5.29.0)

---
updated-dependencies:
- dependency-name: ai
  dependency-version: 5.0.52
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 8.0.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: pnpm
  dependency-version: 10.27.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.21
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 2.1.9
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@eslint/plugin-kit"
  dependency-version: 0.2.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/endpoint"
  dependency-version: 10.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/plugin-paginate-rest"
  dependency-version: 11.6.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/request-error"
  dependency-version: 6.1.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/request"
  dependency-version: 9.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.3.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: pbkdf2
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: react-router
  dependency-version: 6.30.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 17, 2026
@codesandbox
Copy link

codesandbox bot commented Jan 17, 2026

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jan 17, 2026
edited
Loading

Deploying zone-bolt with  Cloudflare Pages  Cloudflare Pages

Latest commit: fe1475d
Status:🚫  Build failed.

View logs

@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026

This pull request has been marked as stale due to inactivity. If no further activity occurs, it will be closed in 7 days.

@github-actions github-actions bot added the stale label Jan 27, 2026
@github-actions github-actions bot closed this Jan 31, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 31, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-4ecbff16d7 branch January 31, 2026 02:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants