chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates by dependabot[bot] · Pull Request #95 · argonne-lcf/open-webui

dependabot · 2026-02-13T20:34:30Z

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package	From	To
jspdf	`3.0.3`	`4.1.0`
undici	`7.16.0`	`7.21.0`
@sveltejs/kit	`2.22.4`	`2.51.0`
js-yaml	`4.1.0`	`4.1.1`
lodash	`4.17.21`	`4.17.23`
markdown-it	`14.1.0`	`14.1.1`
qs	`6.14.0`	`6.14.2`
tar	`7.4.4`	`7.5.7`
vega-functions	`6.1.0`	`6.1.1`
vega-selections	`6.1.0`	`6.1.2`

Updates jspdf from 3.0.3 to 4.1.0

Release notes

Sourced from jspdf's releases.

v4.1.0

This release fixes several security issues.

What's Changed

Upgrade optional dompurify dependency to 3.3.1 in parallax/jsPDF#3948

Fix PDF Injection in AcroForm module allows Arbitrary JavaScript Execution vulnerability

Fix Stored XMP Metadata Injection (Spoofing & Integrity Violation) vulnerability

Fix Shared State Race Condition in addJS Method vulnerability

Fix Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder vulnerability

Full Changelog: parallax/jsPDF@v4.0.0...v4.1.0

v4.0.0

This release fixes a critical path traversal/local file inclusion security vulnerability in the jsPDF Node.js build. File system access is now restricted by default and can be enabled by either using node's --permission flag or the new jsPDF.allowFsRead property.

There are no other breaking changes.

v3.0.4

This release includes a bunch of bugfixes. Thanks to all contributors!

What's Changed

[Snyk] Upgrade @babel/runtime from 7.28.3 to 7.28.4 by @MrRio in parallax/jsPDF#3895

fix: cell function now properly accepts align parameter by @vishal-rathod-07 in parallax/jsPDF#3896

Remove duplicated function "ga" from WebPDecoder.js by @jvdp in parallax/jsPDF#3902

Fix font state management issue #3890 by @srikanth-s2003 in parallax/jsPDF#3891

Fix pages property to always return current array reference ( #3898 ) by @Opineppes in parallax/jsPDF#3899

Fix jsPDF + Vite compatibility issue #3851 by @tishajain25 in parallax/jsPDF#3903

Do not add pages dynamically unless autoPaging is enabled by @anmiles in parallax/jsPDF#3915

Fix: Context2d font regex too restrictive ( #3904 ) by @Opineppes in parallax/jsPDF#3906

Fix Incorrect Typing for Margins in the TableConfig Interface Definition by @Maito1794 in parallax/jsPDF#3816

New Contributors

@survivant made their first contribution in parallax/jsPDF#3897

@vishal-rathod-07 made their first contribution in parallax/jsPDF#3896

@jvdp made their first contribution in parallax/jsPDF#3902

@srikanth-s2003 made their first contribution in parallax/jsPDF#3891

@Opineppes made their first contribution in parallax/jsPDF#3899

@tishajain25 made their first contribution in parallax/jsPDF#3903

@anmiles made their first contribution in parallax/jsPDF#3915

@josephyi made their first contribution in parallax/jsPDF#3907

@Maito1794 made their first contribution in parallax/jsPDF#3816

Full Changelog: parallax/jsPDF@v3.0.3...v3.1.0

Commits

0227381 4.1.0
ae4b93f Merge commit from fork
2863e5c Merge commit from fork
efe54bf Merge commit from fork
da291a5 Merge commit from fork
685e41e Bump @koa/cors and local-web-server (#3951)
8cc22a5 Bump tmp, inquirer and karma (#3945)
008b276 Bump sha.js from 2.4.11 to 2.4.12 (#3946)
ff66d52 Bump vite from 5.4.20 to 5.4.21 in /examples/vite (#3949)
bcf79f2 Bump cipher-base from 1.0.4 to 1.0.7 (#3942)
Additional commits viewable in compare view

Updates undici from 7.16.0 to 7.21.0

Release notes

Sourced from undici's releases.

v7.21.0

What's Changed

build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by @dependabot[bot] in nodejs/undici#4796

test: restore global dispatcher after fetch tests by @mcollina in nodejs/undici#4790

Add missing close method to WebSocketStream interface by @piotr-cz in nodejs/undici#4802

fix: error stream instead of canceling by @KhafraDev in nodejs/undici#4804

Fix clientTtl cleanup race in Agent by @mcollina in nodejs/undici#4807

feat(#4230): Implement pingInterval for dispatching PING frames by @metcoder95 in nodejs/undici#4296

fix: handle undefined __filename in bundled environments by @mcollina in nodejs/undici#4812

fix: set finalizer only for fetch responses by @tsctx in nodejs/undici#4803

New Contributors

@piotr-cz made their first contribution in nodejs/undici#4802

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

v7.20.0

What's Changed

fix: preserve fetch stack traces by @mcollina in nodejs/undici#4778

Fix error handling in MockPool example by @dave-kennedy in nodejs/undici#4781

feat: expose statusText in request() ResponseData by @domenic in nodejs/undici#4784

test: reduce retry-after invalid date flake by @mcollina in nodejs/undici#4788

extractBody fixes by @KhafraDev in nodejs/undici#4791

fix: MockAgent delayed response with AbortSignal (#4693) by @mcollina in nodejs/undici#4772

fix: onParserTimeout potentially accessing undefined by @vbfox in nodejs/undici#4758

New Contributors

@dave-kennedy made their first contribution in nodejs/undici#4781

@vbfox made their first contribution in nodejs/undici#4758

Full Changelog: nodejs/undici@v7.19.2...v7.20.0

v7.19.2

What's Changed

Minor code cleanups to decompress interceptor by @domenic in nodejs/undici#4754

fix(h2): fix flaky stream end handling on macOS by @mcollina in nodejs/undici#4762

return response when receiving 401 instead of network error by @KhafraDev in nodejs/undici#4769

fix: properly close idle connections in test server cleanup by @mcollina in nodejs/undici#4764

fix: decode HTTP headers as latin1 instead of utf8 by @mcollina in nodejs/undici#4768

fix: submodule update by @Uzlopak in nodejs/undici#4648

build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 by @dependabot[bot] in nodejs/undici#4720

New Contributors

@domenic made their first contribution in nodejs/undici#4754

Full Changelog: nodejs/undici@v7.19.1...v7.19.2

v7.19.1

What's Changed

fix: use commit hash when generating release (#4757) by @fenichelar in nodejs/undici#4759

... (truncated)

Commits

393c0da Bumped v7.21.0 (#4813)
47f9b96 fix: set finalizer only for fetch responses (#4803)
92e38fc fix: handle undefined __filename in bundled environments (#4812)
283f2aa feat(#4230): Implement pingInterval for dispatching PING frames (#4296)
9cc025b Fix clientTtl cleanup race (#4807)
fc8bb75 fix: error stream instead of canceling (#4804)
ff6bc5a Add close method to WebSocketStream interface (#4802)
dae4d91 test: restore global dispatcher after fetch tests (#4790)
072c17a build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 (#4796)
6cc668d Bumped v7.20.0 (#4792)
Additional commits viewable in compare view

Updates @sveltejs/kit from 2.22.4 to 2.51.0

Release notes

Sourced from @sveltejs/kit's releases.

@sveltejs/kit@2.51.0

Minor Changes

feat: add scroll property to NavigationTarget in navigation callbacks (#15248)

Navigation callbacks (beforeNavigate, onNavigate, and afterNavigate) now include scroll position information via the scroll property on from and to targets:

from.scroll: The scroll position at the moment navigation was triggered

to.scroll: In beforeNavigate and onNavigate, this is populated for popstate navigations (back/forward) with the scroll position that will be restored, and null for other navigation types. In afterNavigate, this is always the final scroll position after navigation completed.

This enables use cases like animating transitions based on the target scroll position when using browser back/forward navigation.

feat: hydratable's injected script now works with CSP (#15048)

Patch Changes

fix: put preloads before styles (#15232)

fix: suppress false-positive inner content warning when children prop is forwarded to a child component (#15269)

fix: fetch not working when URL is same host but different than paths.base (#15291)

fix: navigate to hash link when base element is present (#15236)

fix: avoid triggering handleError when redirecting in a remote function (#15222)

fix: include test directory in generated tsconfig.json alongside existing tests entry (#15254)

fix: generate tsconfig.json using the value of kit.files.src (#15253)

@sveltejs/kit@2.50.2

Patch Changes

fix: ensure inlined CSS follows paths.assets and paths.relative settings (#15153)

fix: emit script CSP nonces when unsafe-inline is present if strict-dynamic is also present (#15221)

fix: re-export browser/dev from esm-env (#15206)

fix: use validated args in batch resolver in both csr and ssr (#15215)

... (truncated)

Changelog

Sourced from @sveltejs/kit's changelog.

2.51.0

Minor Changes

feat: add scroll property to NavigationTarget in navigation callbacks (#15248)

Navigation callbacks (beforeNavigate, onNavigate, and afterNavigate) now include scroll position information via the scroll property on from and to targets:

from.scroll: The scroll position at the moment navigation was triggered

to.scroll: In beforeNavigate and onNavigate, this is populated for popstate navigations (back/forward) with the scroll position that will be restored, and null for other navigation types. In afterNavigate, this is always the final scroll position after navigation completed.

This enables use cases like animating transitions based on the target scroll position when using browser back/forward navigation.

feat: hydratable's injected script now works with CSP (#15048)

Patch Changes

fix: put preloads before styles (#15232)

fix: suppress false-positive inner content warning when children prop is forwarded to a child component (#15269)

fix: fetch not working when URL is same host but different than paths.base (#15291)

fix: navigate to hash link when base element is present (#15236)

fix: avoid triggering handleError when redirecting in a remote function (#15222)

fix: include test directory in generated tsconfig.json alongside existing tests entry (#15254)

fix: generate tsconfig.json using the value of kit.files.src (#15253)

2.50.2

Patch Changes

fix: ensure inlined CSS follows paths.assets and paths.relative settings (#15153)

fix: emit script CSP nonces when unsafe-inline is present if strict-dynamic is also present (#15221)

fix: re-export browser/dev from esm-env (#15206)

... (truncated)

Commits

060b1dc Version Packages (#15241)
dc8cf2d fix: include test directory in generated tsconfig.json (#15254)
ace2116 fix: use kit.files.src when generating tsconfig.json (#15253)
db1cc81 chore: upgrade to playwright 1.58.2 (#15301)
ed69b77 fix: remove unnecessary path validation which breaks fetch with custom path b...
2f3a007 chore: test matrix dimension for vite (#15208)
159aece fix: handle remote query redirects (#15222)
7492085 chore: appease IDE's typescript 5.9 (#15276)
5d05ca6 fix: suppress inner content warning when children prop is forwarded (#15269)
d027236 fix: correct minor typos in docs and test descriptions (#15264)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @sveltejs/kit since your current version.

Updates devalue from 5.3.2 to 5.6.2

Release notes

Sourced from devalue's releases.

v5.6.2

Patch Changes

1175584: fix: validate input for ArrayBuffer parsing

e46afa6: fix: validate input for typed arrays

1175584: fix: more helpful errors for inputs causing stack overflows

v5.6.1

Patch Changes

2161d44: fix: add hasOwn check before calling reviver

v5.6.0

Minor Changes

a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses

a3d09d4: feat: add value and root properties in DevalueError instances

v5.5.0

Minor Changes

828fa1c: Enable support for custom reducer/reviver for "function" values

v5.4.2

Patch Changes

5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

v5.4.1

Patch Changes

ca3c7b6: chore: Remove impossible void type from replacer's uneval

v5.4.0

Minor Changes

9306d09: feat: pass uneval to replacer, for handling nested custom types

Patch Changes

b617c7c: perf: shrink uneval output with null-proto objects

Changelog

Sourced from devalue's changelog.

5.6.2

Patch Changes

1175584: fix: validate input for ArrayBuffer parsing

e46afa6: fix: validate input for typed arrays

1175584: fix: more helpful errors for inputs causing stack overflows

5.6.1

Patch Changes

2161d44: fix: add hasOwn check before calling reviver

5.6.0

Minor Changes

a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses

a3d09d4: feat: add value and root properties in DevalueError instances

5.5.0

Minor Changes

828fa1c: Enable support for custom reducer/reviver for "function" values

5.4.2

Patch Changes

5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

5.4.1

Patch Changes

ca3c7b6: chore: Remove impossible void type from replacer's uneval

5.4.0

Minor Changes

9306d09: feat: pass uneval to replacer, for handling nested custom types

Patch Changes

b617c7c: perf: shrink uneval output with null-proto objects

Commits

fcf4e88 fix tests
1d8a5ea Version Packages (#131)
1175584 Merge commit from fork
e46afa6 Merge commit from fork
5e07a67 Version Packages (#129)
aa09604 Bump js-yaml from 3.14.1 to 3.14.2 (#125)
2161d44 fix: add hasOwn check before calling reviver (#128)
83de81d Version Packages (#127)
a3d09d4 Add value and root properties in DevalueError instances (#126)
f4b37f3 Version Packages (#124)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for devalue since your current version.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates markdown-it from 14.1.0 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @ltduc147 for report.

Commits

b4a9b65 14.1.1 released
4b4bbca Fixed perf regression in linkify-it wrapper
d2782d8 Add supplementary example-driven documentation (#1092)
See full diff in compare view

Updates qs from 6.14.0 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

bdcf0c7 v6.14.2
294db90 [readme] document that addQueryPrefix does not add ? to empty output
5c308e5 [readme] clarify parseArrays and arrayLimit documentation
6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
1b9a8b4 [actions] fix rebase workflow permissions
2a35775 [meta] fix changelog typo (arrayLength → arrayLimit)
Additional commits viewable in compare view

Updates tar from 7.4.4 to 7.5.7

Changelog

Sourced from tar's changelog.

Changelog

7.5

Added zstd compression support.

Consistent TOCTOU behavior in sync t.list

Only read from ustar block if not specified in Pax

Fix sync tar.list when file size reduces while reading

Sanitize absolute linkpaths properly

Prevent writing hardlink entries to the archive ahead of their file target

7.4

Deprecate onentry in favor of onReadEntry for clarity.

7.3

Add onWriteEntry option

7.2

DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

Update minipass to v7.1.0

Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

Drop support for node <18

Rewrite in TypeScript, provide ESM and CommonJS hybrid interface

Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.

Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.

Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

4a37eb9 7.5.7
f4a7aa9 fix: properly sanitize hard links containing ..
394ece6 7.5.6
7d4cc17 fix race puting a Link ahead of its target File
26ab904 7.5.5
e9a1ddb fix: do not prevent valid linkpaths within archive
911c886 7.5.4
3b1abfa normalize out unicode ligatures
a43478c remove some unused files
970c58f update deps
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates vega-functions from 6.1.0 to 6.1.1

Release notes

Sourced from vega-functions's releases.

v6.1.1

Full Changelog: vega/vega@v6.1.0...v6.1.1

Commits

d67c1b7 chore: bump to 6.1.1
e574530 chore: bump vega-cli
See full diff in compare view

Maintainer changes

This version was pushed to npm by hydrosquall, a new releaser for vega-functions since your current version.

Updates vega-selections from 6.1.0 to 6.1.2

Release notes

Sourced from vega-selections's releases.

v6.1.2

Full Changelog: vega/vega@v6.1.1...v6.1.2

v6.1.1

Full Changelog: vega/vega@v6.1.0...v6.1.1

Commits

18a55af chore: fix json of package.json
38957ff chore: bump vega
bb800e9 chore: simplify gitignore
b737e03 fix: run npm pkg fix
d67c1b7 chore: bump to 6.1.1
e574530 chore: bump vega-cli
See full diff in compare view

Maintainer changes

This version was pushed to npm by hydrosquall, a new releaser for vega-selections since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

* Update utils.py (#77) Co-authored-by: Claude <noreply@anthropic.com> * refactor: address code review feedback for embedding performance improvements (#92) Co-authored-by: Claude <noreply@anthropic.com> * fix: prevent sentence transformers from blocking async event loop (#95) Co-authored-by: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>

…pdates Bumps the npm_and_yarn group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [jspdf](https://github.com/parallax/jsPDF) | `3.0.3` | `4.1.0` | | [undici](https://github.com/nodejs/undici) | `7.16.0` | `7.21.0` | | [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.22.4` | `2.51.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` | | [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.14.2` | | [tar](https://github.com/isaacs/node-tar) | `7.4.4` | `7.5.7` | | [vega-functions](https://github.com/vega/vega) | `6.1.0` | `6.1.1` | | [vega-selections](https://github.com/vega/vega) | `6.1.0` | `6.1.2` | Updates `jspdf` from 3.0.3 to 4.1.0 - [Release notes](https://github.com/parallax/jsPDF/releases) - [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md) - [Commits](parallax/jsPDF@v3.0.3...v4.1.0) Updates `undici` from 7.16.0 to 7.21.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.16.0...v7.21.0) Updates `@sveltejs/kit` from 2.22.4 to 2.51.0 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.51.0/packages/kit) Updates `devalue` from 5.3.2 to 5.6.2 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.3.2...v5.6.2) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `markdown-it` from 14.1.0 to 14.1.1 - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md) - [Commits](markdown-it/markdown-it@14.1.0...14.1.1) Updates `qs` from 6.14.0 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.2) Updates `tar` from 7.4.4 to 7.5.7 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.4...v7.5.7) Updates `vega-functions` from 6.1.0 to 6.1.1 - [Release notes](https://github.com/vega/vega/releases) - [Commits](vega/vega@v6.1.0...v6.1.1) Updates `vega-selections` from 6.1.0 to 6.1.2 - [Release notes](https://github.com/vega/vega/releases) - [Commits](vega/vega@v6.1.0...v6.1.2) --- updated-dependencies: - dependency-name: jspdf dependency-version: 4.1.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@sveltejs/kit" dependency-version: 2.51.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: devalue dependency-version: 5.6.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: markdown-it dependency-version: 14.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vega-functions dependency-version: 6.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vega-selections dependency-version: 6.1.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 13, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-d2e81f4746 branch from 232fad3 to aaed4b7 Compare February 17, 2026 19:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates#95

chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates#95
dependabot[bot] wants to merge 1 commit intoaurora-gptfrom
dependabot/npm_and_yarn/npm_and_yarn-d2e81f4746

dependabot bot commented on behalf of github Feb 13, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.1.0

What's Changed

v4.0.0

v3.0.4

What's Changed

New Contributors

v7.21.0

What's Changed

New Contributors

v7.20.0

What's Changed

New Contributors

v7.19.2

What's Changed

New Contributors

v7.19.1

What's Changed

@​sveltejs/kit@​2.51.0

Minor Changes

Patch Changes

@​sveltejs/kit@​2.50.2

Patch Changes

2.51.0

Minor Changes

Patch Changes

2.50.2

Patch Changes

v5.6.2

Patch Changes

v5.6.1

Patch Changes

v5.6.0

Minor Changes

v5.5.0

Minor Changes

v5.4.2

Patch Changes

v5.4.1

Patch Changes

v5.4.0

Minor Changes

Patch Changes

5.6.2

Patch Changes

5.6.1

Patch Changes

5.6.0

Minor Changes

5.5.0

Minor Changes

5.4.2

Patch Changes

5.4.1

Patch Changes

5.4.0

Minor Changes

Patch Changes

[4.1.1] - 2025-11-12

Security

[14.1.1] - 2026-01-11

Security

6.14.2

6.14.1

Changelog

7.5

7.4

7.3

7.2

7.1

7.0

v6.1.1

v6.1.2

v6.1.1

Uh oh!

Reviewers

Assignees

dependabot bot commented on behalf of github Feb 13, 2026 •

edited

Loading

`@sveltejs/kit@2`.51.0

`@sveltejs/kit@2`.50.2