Bump the npm_and_yarn group across 1 directory with 8 updates

[dependabot]

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
vite	5.4.11	5.4.15
vitest	2.1.8	2.1.9
@octokit/endpoint	10.1.1	10.1.3
@octokit/plugin-paginate-rest	11.3.6	11.6.0
@octokit/request-error	6.1.5	6.1.7
@octokit/request	9.1.3	9.2.2
tar-fs	2.1.1	2.1.2
undici	5.28.4	5.29.0

Updates vite from 5.4.11 to 5.4.15

Release notes

Sourced from vite's releases.

v5.4.15

Please refer to CHANGELOG.md for details.

v5.4.14

Please refer to CHANGELOG.md for details.

v5.4.13

Please refer to CHANGELOG.md for details.

v5.4.12

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.15 (2025-03-24)

• fix: backport #19702, fs raw query with query separators (#19703) (807d7f0), closes #19702 #19703

5.4.14 (2025-01-21)

• fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246
• fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

5.4.13 (2025-01-20)

• fix: try parse server.origin URL (#19241) (5946215), closes #19241

5.4.12 (2025-01-20)

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (9da4abc)
• fix!: default server.cors: false to disallow fetching from untrusted origins (dfea38f)
• fix: verify token for HMR WebSocket connection (b71a5c8)
• chore: add deps update changelog (ecd2375)

Commits

• 9b0f4c8 release: v5.4.15
• 807d7f0 fix: backport #19702, fs raw query with query separators (#19703)
• e7eb3c5 release: v5.4.14
• 7d1699c fix: allow CORS from loopback addresses by default (#19249)
• 9df6e6b fix: preview.allowedHosts with specific values was not respected (#19246)
• a1824c5 release: v5.4.13
• 5946215 fix: try parse server.origin URL (#19241)
• f428aa9 release: v5.4.12
• 9da4abc fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
• b71a5c8 fix: verify token for HMR WebSocket connection
• Additional commits viewable in compare view

Updates vitest from 2.1.8 to 2.1.9

Release notes

Sourced from vitest's releases.

v2.1.9

This release includes security patches for:

• Browser mode serves arbitrary files | CVE-2025-24963
• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

   🐞 Bug Fixes

• backport vitest-dev/vitest#7317 to v2 - by @​hi-ogawa in vitest-dev/vitest#7318
• (backport #7340 to v2) restrict served files from /__screenshot-error - by @​hi-ogawa in vitest-dev/vitest#7343

    View changes on GitHub

Commits

• c9e59a0 chore: release v2.1.9
• e0fe1d8 fix: backport #7317 to v2 (#7318)
• See full diff in compare view

Updates @octokit/endpoint from 10.1.1 to 10.1.3

Release notes

Sourced from @​octokit/endpoint's releases.

v10.1.3

10.1.3 (2025-02-13)

Bug Fixes

• Fix a ReDos vulnerability, reported by @​DayShift (6c9c5be)

v10.1.2

10.1.2 (2024-12-31)

Bug Fixes

• deps: bump @octokit/types to improve Deno compat (#507) (15d700b)

Commits

• d6cf1ad fix: linting issues breaking ci (#514)
• 6c9c5be Merge commit from fork
• e472e22 chore(deps): update dependency esbuild to ^0.25.0 (#512)
• b2ebcda build(deps-dev): bump vitest and @​vitest/coverage-v8 (#511)
• 76e3738 build(deps): bump vite from 5.4.6 to 6.0.11 (#509)
• c9ce54d chore(deps): update vitest monorepo to v3 (major) (#508)
• 15d700b fix(deps): bump @octokit/types to improve Deno compat (#507)
• a0a938e chore(deps): update dependency prettier to v3.4.2 (#506)
• 2e92021 chore(deps): update dependency prettier to v3.4.1 (#505)
• 55ee6d6 chore(deps): update dependency prettier to v3.4.0 (#504)
• Additional commits viewable in compare view

Updates @octokit/plugin-paginate-rest from 11.3.6 to 11.6.0

Release notes

Sourced from @​octokit/plugin-paginate-rest's releases.

v11.6.0

11.6.0 (2025-03-18)

Features

• new /orgs/{org}/issue-types, /orgs/{org}/issue-types/{issue_type_id} enpoints (#666) (1f44b54)

v11.5.0

11.5.0 (2025-03-18)

Features

• new GET /orgs/{org}/actions/hosted-runners, GET /orgs/{org}/actions/runner-groups/{runner_group_id}/hosted-runners, GET /orgs/{org}/rulesets/{ruleset_id}/history, GET /orgs/{org}/settings/network-configurations, GET /repos/{owner}/{repo}/rulesets/{ruleset_id}/history endpoints (#649) (ef30a05)

v11.4.4-cjs.2

11.4.4-cjs.2 (2025-02-26)

[!IMPORTANT] This is a special release to backport newer changes to CJS and address a ReDos vulnerability

Bug Fixes

• deps: update @octokit/plugin-rest-endpoint-methods (2c70eaf)

v11.4.4-cjs.1

11.4.4-cjs.1 (2025-02-26)

[!IMPORTANT] This is a special release to backport newer changes to CJS and address a ReDos vulnerability

Bug Fixes

• release: set prerelease flag for correct channel (ce534d9) See octokit/plugin-paginate-rest.js@v11.3.1...v11.4.4-cjs.1 for the full comparision

Reverts

• Revert "docs(README): update examples to use ESM (#611)" (1389b71)
• Revert "feat: package is now ESM (#596)" (64ba6f4)
• Revert "fix(pkg): add default fallback and types export (#612)" (27a8552)

v11.4.3

... (truncated)

Commits

• 1f44b54 feat: new /orgs/{org}/issue-types, `/orgs/{org}/issue-types/{issue_type_id}...
• ef30a05 feat: new GET /orgs/{org}/actions/hosted-runners, `GET /orgs/{org}/actions/...
• fbadb74 chore(deps): update dependency prettier to v3.5.3 (#665)
• 1c297ca chore(deps): update dependency semantic-release-plugin-update-version-in-file...
• 60d26d9 chore(deps): update dependency prettier to v3.5.2 (#664)
• 9a51aad fix(types): correct pagination return type for data which is an array (#662)
• 8b8c500 fix(types): add back the pagination keys (#653)
• 41876f4 chore(deps): update dependency prettier to v3.5.1 (#658)
• 7d1fade fix: mitigate ReDos issues & linting issues (#659)
• bb6c4f9 Merge commit from fork
• Additional commits viewable in compare view

Updates @octokit/request-error from 6.1.5 to 6.1.7

Release notes

Sourced from @​octokit/request-error's releases.

v6.1.7

6.1.7 (2025-02-13)

Bug Fixes

• ReDos regex vulnerability, reported by @​DayShift (d558320874a4bc8d356babf1079e6f0056a59b9e)

v6.1.6

6.1.6 (2024-12-29)

Bug Fixes

• deps: bump @octokit/types to fix Deno compat (#483) (e01d470)

Commits

• c346f5c fix: linting issues (#494)
• d558320 Merge commit from fork
• 5046116 chore(deps): update dependency esbuild to ^0.25.0 (#491)
• 50513ba build(deps): lock file maintenance (#490)
• bd5e83f build(deps): lock file maintenance (#488)
• d204ea3 build(deps): lock file maintenance (#486)
• ab1585a chore(deps): update vitest monorepo to v3 (major) (#487)
• 03a7e12 build(deps): lock file maintenance (#485)
• cb4feec build(deps): lock file maintenance (#484)
• e01d470 fix(deps): bump @octokit/types to fix Deno compat (#483)
• Additional commits viewable in compare view

Updates @octokit/request from 9.1.3 to 9.2.2

Release notes

Sourced from @​octokit/request's releases.

v9.2.2

9.2.2 (2025-02-14)

Bug Fixes

• deps: update dependency @​octokit/request-error to v6.1.7 [security] (#740) (4b2f485)

v9.2.1

9.2.1 (2025-02-13)

Bug Fixes

• mitigate ReDos vulnerabilities & lint (#738) (6bb29ba)

v9.2.0

9.2.0 (2025-01-16)

Features

• correctly parse response bodies as JSON where the Content-Type is application/scim+json (#731) (00bf316)

v9.1.4

9.1.4 (2024-12-29)

Bug Fixes

• deps: bump @octokit/types to fix deno compat (#730) (324ffef)

Commits

• 4b2f485 fix(deps): update dependency @​octokit/request-error to v6.1.7 [security] (#740)
• 0320a42 chore(deps): update dependency prettier to v3.5.1 (#737)
• 6bb29ba fix: mitigate ReDos vulnerabilities & lint (#738)
• 34ff07e Merge commit from fork
• a0e96b3 chore(deps): update dependency esbuild to ^0.25.0 (#736)
• d27daa7 build(deps-dev): bump vitest and @​vitest/coverage-v8 (#735)
• bc07c8a build(deps): bump vite from 5.4.6 to 6.0.11 (#734)
• 4266a84 build(deps-dev): bump undici from 6.19.2 to 6.21.1 (#733)
• c2d27a2 chore(deps): update vitest monorepo to v3 (major) (#732)
• 00bf316 feat: correctly parse response bodies as JSON where the Content-Type is `appl...
• Additional commits viewable in compare view

Updates tar-fs from 2.1.1 to 2.1.2

Commits

• d97731b 2.1.2
• fd1634e symlink tweak from main
• See full diff in compare view

Updates undici from 5.28.4 to 5.29.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

• Fix tests in v5.x for Node 20 by @​mcollina in nodejs/undici#4104
• Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

Commits

• 9528f68 Bumped v5.29.0
• f1d75a4 increase timeout for redirect test
• 2d31ed6 remove fuzzing tests
• 6b36d49 fix redirect test in Node v16
• 648dd8f more fix for the wpt runner on Windows
• a0516ba don't use internal header state for cookies (#3295)
• 87ce4af fix test/client for node 20
• c2c8fd5 fix: accept v20 SSL specific error for alpn selection in http/2
• 82200bd [v6.x] fix wpts on windows (#4093)
• 47546fa test: fix windows wpt (#4050)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[cloudflare-workers-and-pages]

Deploying zone-bolt with    Cloudflare Pages

Latest commit:	b07f2bf
Status:	🚫  Build failed.

View logs

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[github-actions]

This pull request has been marked as stale due to inactivity. If no further activity occurs, it will be closed in 7 days.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml