Bump the npm_and_yarn group across 2 directories with 9 updates by dependabot[bot] · Pull Request #3 · crabnebula-dev/gitbutler

dependabot · 2026-02-19T16:07:40Z

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
@modelcontextprotocol/sdk	`1.8.0`	`1.26.0`
playwright	`1.54.1`	`1.55.1`
storybook	`9.0.18`	`9.1.17`
@sveltejs/kit	`2.21.2`	`2.49.5`
vite	`6.3.5`	`6.4.1`

Bumps the npm_and_yarn group with 2 updates in the /packages/ui directory: playwright and storybook.

Updates @modelcontextprotocol/sdk from 1.8.0 to 1.26.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcarleton in modelcontextprotocol/typescript-sdk#1412

fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @samuv in modelcontextprotocol/typescript-sdk#1382

Fix #1430: Client Credentials providers scopes support (backported) by @NSeydoux in modelcontextprotocol/typescript-sdk#1442

chore: bump version to 1.26.0 by @pcarleton in modelcontextprotocol/typescript-sdk#1479

New Contributors

@samuv made their first contribution in modelcontextprotocol/typescript-sdk#1382

@NSeydoux made their first contribution in modelcontextprotocol/typescript-sdk#1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

ci: trigger workflow on v1.x branch by @felixweinberger in modelcontextprotocol/typescript-sdk#1319

fix: README badges links destinations by @antonpk1 in modelcontextprotocol/typescript-sdk#907

fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

@antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

spec types - backwards compatibility changes by @KKonstantinov in modelcontextprotocol/typescript-sdk#1306

chore: bump version for patch fix by @felixweinberger in modelcontextprotocol/typescript-sdk#1307

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

list changed handlers on client constructor by @mattzcarey in modelcontextprotocol/typescript-sdk#1206

Role - moved from inline to reusable type by @KKonstantinov in modelcontextprotocol/typescript-sdk#1221

fix: use versioned npm tag for non-main branch releases by @pcarleton in modelcontextprotocol/typescript-sdk#1236

No automatic completion support unless needed - Revisited yet again by @cliffhall in modelcontextprotocol/typescript-sdk#1237

fix: Support updating output schema by @vincent0426 in modelcontextprotocol/typescript-sdk#1048

... (truncated)

Commits

fe9c07b chore: bump version to 1.26.0 (#1479)
4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
a05be17 Merge commit from fork
50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
6aba065 chore: bump v1.25.3 for backport fixes (#1412)
6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
a0c9b13 fix: README badges links destinations (#907)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @modelcontextprotocol/sdk since your current version.

Updates playwright from 1.54.1 to 1.55.1

Release notes

Sourced from playwright's releases.

v1.55.1

Highlights

microsoft/playwright#37479 - [Bug]: Upgrade Chromium to 140.0.7339.186. microsoft/playwright#37147 - [Regression]: Internal error: step id not found. microsoft/playwright#37146 - [Regression]: HTML reporter displays a broken chip link when there are no projects. microsoft/playwright#37137 - Revert "fix(a11y): track inert elements as hidden". microsoft/playwright#37532 - chore: do not use -k option

Browser Versions

Chromium 140.0.7339.186

Mozilla Firefox 141.0

WebKit 26.0

This version was also tested against the following stable channels:

Google Chrome 139

Microsoft Edge 139

v1.55.0

New APIs

New Property testStepInfo.titlePath Returns the full title path starting from the test file, including test and step titles.

Codegen

Automatic toBeVisible() assertions: Codegen can now generate automatic toBeVisible() assertions for common UI interactions. This feature can be enabled in the Codegen settings UI.

Breaking Changes

⚠️ Dropped support for Chromium extension manifest v2.

Miscellaneous

Added support for Debian 13 "Trixie".

Browser Versions

Chromium 140.0.7339.16

Mozilla Firefox 141.0

WebKit 26.0

This version was also tested against the following stable channels:

Google Chrome 139

Microsoft Edge 139

v1.54.2

Highlights

microsoft/playwright#36714 - [Regression]: Codegen is not able to launch in Administrator Terminal on Windows (ProtocolError: Protocol error) microsoft/playwright#36828 - [Regression]: Playwright Codegen keeps spamming with selected option microsoft/playwright#36810 - [Regression]: Starting Codegen with target language doesn't work anymore

Browser Versions

... (truncated)

Commits

ae51df7 chore: mark v1.55.1 (#37530)
86dde29 feat(chromium): roll to r1193 (#37529)
86328bc chore: do not use -k option (#37532)
63799ba cherry-pick(#37214): docs: fix method names in release notes
21e29a4 cherry-pick(#37153): fix(html): don't display a chip with empty content with ...
ba62e6a cherry-pick(#37149): fix(test): attaching in boxed fixture
25bb073 cherry-pick(#37137): Revert "fix(a11y): track inert elements as hidden (#36947)"
f992162 chore: mark v1.55.0 (#37121)
4a92ea0 cherry-pick(#37113): docs: add release-notes for v1.55
aa05507 cherry-pick(#37114): test: move browser._launchServer in child process
Additional commits viewable in compare view

Updates storybook from 9.0.18 to 9.1.17

Release notes

Sourced from storybook's releases.

v9.1.17

9.1.17

Core: Fix .env-file parsing, thanks @jreinhold!

v9.1.16

9.1.16

CLI: Fix Nextjs project creation in empty directories - #32828, thanks @yannbf!

Core: Add `experimental_devServer` preset - #32862, thanks @yannbf!

Telemetry: Fix preview-first-load event - #32859, thanks @shilman!

Changelog

Sourced from storybook's changelog.

10.2.10

Core: Require token for websocket connections - #33820, thanks @ghengeveld!

10.2.9

Addon-Vitest: Improve config file detection in monorepos - #33814, thanks @valentinpalkovic!

Builder-Vite: Update dependencies react-vite framework - #33810, thanks @valentinpalkovic!

Builder-Vite: Use relative path for mocker entry in production builds - #33792, thanks @DukeDeSouth!

Next.js: Fix Link component override in appDirectory configuration - #31251, thanks @yatishgoel!

10.2.8

Telemetry: Add Expo metaframework - #33783, thanks @copilot-swe-agent!

Telemetry: Add init exit event - #33773, thanks @valentinpalkovic!

Telemetry: Add share events - #33766, thanks @ndelangen!

Test: Update event creation logic in user-event package - #33787, thanks @valentinpalkovic!

10.2.7

CSF: Fix cross-file story imports in csf-factories codemod - #33723, thanks @yatishgoel!

Core: Fix rendering of View Transitions in Firefox - #33651, thanks @ghengeveld!

Globals: Repair dynamicTitle: false for user-defined tools - #33284, thanks @ia319!

Logger: Honor --loglevel for npmlog output - #33776, thanks @LouisLau-art!

10.2.6

Addon-Vitest: Skip postinstall setup when configured - #33712, thanks @valentinpalkovic!

Addon-Vitest: Support vite/vitest config with deferred export - #33755, thanks @valentinpalkovic!

CLI: Support addon-vitest setup when --skip-install is passed - #33718, thanks @valentinpalkovic!

Manager: Update logic to use base path instead of full pathname - #33686, thanks @JSMike!

10.2.5

Angular: fix --loglevel options in docs and descriptions - #33726, thanks @theRuslan!

Builder-Vite: Add plugin to enforce Storybook's output directory in Vite build configuration - #33740, thanks @valentinpalkovic!

Core: Invalidate cache on Storybook version upgrade - #33717, thanks @copilot-swe-agent!

10.2.4

CSF-Factories: Fix codemod for preview files without exports - #33673, thanks @kasperpeulen!

CSF: Fix false positive detection of Zod v4 .meta() as CSF Factory - #33666, thanks @kasperpeulen!

CSFFactories: Add non-interactive mode and --glob flag - #33648, thanks @kasperpeulen!

CSFFactories: Preserve leading comments when adding imports - #33645, thanks @kasperpeulen!

Codemod: Fix csf-2-to-3 failing due to quoted filenames - #33646, thanks @kasperpeulen!

Codemod: Fix glob pattern handling on Windows - #33714, thanks @kasperpeulen!

Manager: Remove deprecated active prop warning in ZoomButton - #33697, thanks @yatishgoel!

Next.js: Alias AppRouterContext to shared runtime to fix Link navigation - #33419, thanks @pallaprolus!

10.2.3

... (truncated)

Commits

d0d5a3d Bump version from 9.1.16 to 9.1.17 MANUALLY
a06c257 filter env vars from .env files
a54a04c Bump version from "9.1.15" to "9.1.16" [skip ci]
ebd7ff5 Merge pull request #32859 from storybookjs/shilman/first-load-new-user
da2da6e Merge pull request #32862 from storybookjs/yann/patch-dev-server-preset
d0d17d9 Bump version from "9.1.14" to "9.1.15" [skip ci]
b3129cd fix exports
a78540a Merge pull request #32770 from storybookjs/shilman/preview-first-load
5afb39f Bump version from "9.1.13" to "9.1.14" [skip ci]
0617aaa improve typings of storybook/internal/babel
Additional commits viewable in compare view

Updates @sveltejs/kit from 2.21.2 to 2.49.5

Release notes

Sourced from @sveltejs/kit's releases.

@sveltejs/kit@2.49.5

Patch Changes

fix: avoid overriding Vite default base when running Vitest 4 (#14866)

fix: ensure url decoded pathnames are not mistaken as rerouted requests (d9ae9b0)

fix: add length checks to remote forms (8ed8155)

@sveltejs/kit@2.49.4

Patch Changes

fix: support instrumentation for vite preview (#15105)

fix: support for URLSearchParams.has(name, value) overload (#15076)

fix: put forking behind experimental.forkPreloads (#15135)

@sveltejs/kit@2.49.3

Patch Changes

fix: avoid false-positive Vite config overridden warning when using Vitest 4 (#15121)

fix: add typescript as an optional peer dependency (#15074)

fix: use hasOwn check when deep-setting object properties (#15127)

@sveltejs/kit@2.49.2

Patch Changes

fix: Stop re-loading already-loaded CSS during server-side route resolution (#15014)

fix: posixify the instrumentation file import on Windows (#14993)

fix: Correctly handle shared memory when decoding binary form data (#15028)

@sveltejs/kit@2.49.1

Patch Changes

fix: suppress state_referenced_locally warnings in .svelte-kit/generated/root.svelte (#15013)

... (truncated)

Changelog

Sourced from @sveltejs/kit's changelog.

2.49.5

Patch Changes

fix: avoid overriding Vite default base when running Vitest 4 (#14866)

fix: ensure url decoded pathnames are not mistaken as rerouted requests (d9ae9b0)

fix: add length checks to remote forms (8ed8155)

2.49.4

Patch Changes

fix: support instrumentation for vite preview (#15105)

fix: support for URLSearchParams.has(name, value) overload (#15076)

fix: put forking behind experimental.forkPreloads (#15135)

2.49.3

Patch Changes

fix: avoid false-positive Vite config overridden warning when using Vitest 4 (#15121)

fix: add typescript as an optional peer dependency (#15074)

fix: use hasOwn check when deep-setting object properties (#15127)

2.49.2

Patch Changes

fix: Stop re-loading already-loaded CSS during server-side route resolution (#15014)

fix: posixify the instrumentation file import on Windows (#14993)

fix: Correctly handle shared memory when decoding binary form data (#15028)

2.49.1

Patch Changes

... (truncated)

Commits

80ffb53 Version Packages (#15162)
8ed8155 Merge commit from fork
d9ae9b0 Merge commit from fork
ec4596a chore: Upgrade devalue (#15172)
81cd545 fix: avoid overriding Vite default base when running Vitest 4 (#14866)
6cf9491 chore: remove unused is_http_method helper and method set to (#15152)
3305022 Revert "breaking: remove buttonProps from experimental remote form function...
4f9870d breaking: remove buttonProps from experimental remote form functions (#14622)
c8e4017 Version Packages (#15129)
50bf727 chore: fix prettier ignoring source code in with build in the name (#15133)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @sveltejs/kit since your current version.

Updates vite from 6.3.5 to 6.4.1

Release notes

Sourced from vite's releases.

create-vite@6.4.1

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.0-beta.15 (2026-02-19)

Features

update rolldown to 1.0.0-rc.5 (#21660) (b3ddbc5)

Bug Fixes

dev: only treat EADDRINUSE as port conflict in wildcard pre-check (#21642) (e54e25f)

dev: prevent concurrent server restarts (#21636) (8ce23a3)

dev: return "502 Bad Gateway" on proxy failures instead of 500 (#21652) (e240df2)

Performance Improvements

ssr: skip circular import check for already-evaluated modules (#21632) (235140b)

use tsconfig cache for oxc transform in dev (#21643) (57ff177)

Miscellaneous Chores

deps: remove fdir and @rollup/plugin-commonjs (#21639) (5abffd5)

deps: update dependency @rollup/plugin-alias to v6 (#21097) (44b5bdf)

8.0.0-beta.14 (2026-02-12)

Features

update rolldown to 1.0.0-rc.4 (#21617) (1ee5c7f)

wasm: add SSR support for .wasm?init (#21102) (216a3b5)

Bug Fixes

clear tsconfig cache only when tsconfig.json is cached (#21622) (50c9675)

deps: update all non-major dependencies (#21594) (becdc5d)

lib: CSS injection point error with nested name IIFE output (#21606) (5003de6)

module-runner: incorrect column with sourcemapInterceptor: "prepareStackTrace" (#21562) (416c095)

module-runner: prevent crash on negative column in stacktrace (#21585) (a075590)

rolldownOptions/rollupOptions merging at environment level (#21612) (db2ecc7)

Miscellaneous Chores

fix broken link for future deprecations (#21603) (25f4501)

update customResolver deprecation message to mention enforce: 'pre' (#21576) (2ce34d5)

Code Refactoring

enable some native plugins even with enable native plugin false (#21608) (5a4f692)

use rolldown/utils (#21577) (e56103f)

use internal devtools config (#21609) (9aea20f)

use parseEnv (#21586) (f859d2c)

wasm: remove native wasm helper plugin usage (#21566) (71a86be)

Tests

... (truncated)

Commits

0a0c50a refactor: simplify pluginFilter implementation (#19828)
59d0b35 perf(css): avoid constructing renderedModules (#19775)
175a839 fix: reject requests with # in request-target (#19830)
e2e11b1 fix(module-runner): allow already resolved id as entry (#19768)
7200dee fix: correct the behavior when multiple transform filter options are specifie...
b125172 fix(css): remove empty chunk imports correctly when chunk file name contained...
8fe3538 test: tweak generateCodeFrame test (#19812)
36935b5 fix(types): remove the keepProcessEnv from the DefaultEnvironmentOptions ...
a0e1a04 docs(vite): fix description of transformIndexHtml hook (#19799)
71227be fix: unbundle fdir to fix commonjsOptions.dynamicRequireTargets (#19791)
Additional commits viewable in compare view

Updates body-parser from 2.2.0 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

docs: update README links by @efekrskl in expressjs/body-parser#673

docs: release notes for the v1.20.4 release by @Phillip9587 in expressjs/body-parser#674

docs: update URL-encoded parser description to include ISO-8859-1 encoding support by @Phillip9587 in expressjs/body-parser#679

docs: use standard jsdoc tags everywhere by @Phillip9587 in expressjs/body-parser#677

deps: qs@^6.14.1 by @UlisesGascon in expressjs/body-parser#689

refactor(json): simplify strict mode error string construction by @jonchurch in expressjs/body-parser#693

Release: 2.2.2 by @UlisesGascon in expressjs/body-parser#691

New Contributors

@efekrskl made their first contribution in expressjs/body-parser#673

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

ci: add dependabot by @Phillip9587 in expressjs/body-parser#593

ci: use full SHAs for github action versions by @Phillip9587 in expressjs/body-parser#594

deps: type-is@^2.0.1 by @Phillip9587 in expressjs/body-parser#599

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/body-parser#609

build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in expressjs/body-parser#610

build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in expressjs/body-parser#611

build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in expressjs/body-parser#613

build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in expressjs/body-parser#612

ci: add codeql github workflows scanning by @Phillip9587 in expressjs/body-parser#614

ci: update CodeQL config to ignore the test directory by @Phillip9587 in expressjs/body-parser#615

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/body-parser#620

build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in expressjs/body-parser#619

chore(deps): unpin devDependencies by @Phillip9587 in expressjs/body-parser#616

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/body-parser#621

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/body-parser#623

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/body-parser#624

chore: add funding to package.json by @Phillip9587 in expressjs/body-parser#617

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/body-parser#625

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/body-parser#630

refactor: move common request validation to read function by @Phillip9587 in expressjs/body-parser#600

deps: bump iconv-lite by @bjohansebas in expressjs/body-parser#631

doc: pull beta changelog forward into 2.0.0 by @jonchurch in expressjs/body-parser#629

refactor: optimize raw and text parsers with shared passthrough function by @Phillip9587 in expressjs/body-parser#634

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#640

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in expressjs/body-parser#639

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#636

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#637

build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in expressjs/body-parser#638

deps: raw-body@^3.0.1 by @Phillip9587 in expressjs/body-parser#641

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.2 / 2026-01-07

deps: qs@^6.14.1

refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

Security fix for GHSA-wqch-xfxh-vrr4

deps:

type-is@^2.0.1

iconv-lite@^0.7.0

Handle split surrogate pairs when encoding UTF-8

Avoid false positives in encodingExists by using prototype-less objects

raw-body@^3.0.1

debug@^4.4.3

Commits

3d24866 2.2.2 (#691)
8474a98 refactor(json): simplify strict mode error string construction (#693)
03f17c2 deps: qs@^6.14.1 (#689)
ea1f25e docs: use standard jsdoc tags everywhere (#677)
d7deef8 docs: update URL-encoded parser description to include ISO-8859-1 encoding su...
b6f52aa docs: release notes for the v1.20.4 release (#674)
2965ca4 docs: update links (#673)
d96b63d 2.2.1 (#659)
b204886 sec: security patch for CVE-2025-13466
e20e351 feat: remove history.md from being packaged on publish (#660)
Additional commits viewable in compare view

Updates devalue from 5.1.1 to 5.6.3

Release notes

Sourced from devalue's releases.

v5.6.3

Patch Changes

0f04d4d: fix: Properly handle __proto__

819f1ac: fix: better encoding for sparse arrays

v5.6.2

Patch Changes

1175584: fix: validate input for ArrayBuffer parsing

e46afa6: fix: validate input for typed arrays

1175584: fix: more helpful errors for inputs causing stack overflows

v5.6.1

Patch Changes

2161d44: fix: add hasOwn check before calling reviver

v5.6.0

Minor Changes

a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses

a3d09d4: feat: add value and root properties in DevalueError instances

v5.5.0

Minor Changes

828fa1c: Enable support for custom reducer/reviver for "function" values

v5.4.2

Patch Changes

5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

v5.4.1

Patch Changes

ca3c7b6: chore: Remove impossible void type from replacer's uneval

v5.4.0

Minor Changes

9306d09: feat: pass uneval to replacer, for handling nested custom types

Patch Changes

b617c7c: perf: shrink uneval output with null-proto objects

v5.3.2

Patch Changes

... (truncated)

Changelog

Sourced from devalue's changelog.

5.6.3

Patch Changes

0f04d4d: fix: Properly handle __proto__

819f1ac: fix: better encoding for sparse arrays

5.6.2

Patch Changes

1175584: fix: validate input for ArrayBuffer parsing

e46afa6: fix: validate input for typed arrays

1175584: fix: more helpful errors for inputs causing stack overflows

5.6.1

Patch Changes

2161d44: fix: add hasOwn check before calling reviver

5.6.0

Minor Changes

a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses

a3d09d4: feat: add value and root properties in DevalueError instances

5.5.0

Minor Changes

828fa1c: Enable support for custom reducer/reviver for "function" values

5.4.2

Patch Changes

5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

5.4.1

Patch Changes

ca3c7b6: chore: Remove impossible void type from replacer's uneval

5.4.0

Minor Changes

... (truncated)

Commits

a4a37d2 Version Packages (#132)
819f1ac Merge commit from fork
0f04d4d Merge commit from fork
fcf4e88 fix tests
1d8a5ea Version Packages (#131)
1175584 Merge commit from fork
e46afa6 Merge commit from fork
5e07a67 Version Packages (#129)
aa09604 Bump js-yaml from 3.14.1 to 3.14.2 (#125)
2161d44 fix: add hasOwn check before calling reviver (#128)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for devalue since your current version.

Updates fast-xml-parser from 4.5.3 to 5.3.6

Release notes

Sourced from fast-xml-parser's releases.

Entity security and performance

Improve security and performance of entity processing

new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter

fast return when no edtity is present

improvement replacement logic to reduce number of calls

Full Changelog: https://github.com/NaturalIntelligen...
Description has been truncated

Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.8.0` | `1.26.0` | | [playwright](https://github.com/microsoft/playwright) | `1.54.1` | `1.55.1` | | [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `9.0.18` | `9.1.17` | | [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.21.2` | `2.49.5` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `6.4.1` | Bumps the npm_and_yarn group with 2 updates in the /packages/ui directory: [playwright](https://github.com/microsoft/playwright) and [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). Updates `@modelcontextprotocol/sdk` from 1.8.0 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.8.0...v1.26.0) Updates `playwright` from 1.54.1 to 1.55.1 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.54.1...v1.55.1) Updates `storybook` from 9.0.18 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v9.1.17/code/core) Updates `@sveltejs/kit` from 2.21.2 to 2.49.5 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.49.5/packages/kit) Updates `vite` from 6.3.5 to 6.4.1 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@6.4.1/packages/vite) Updates `body-parser` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.2) Updates `devalue` from 5.1.1 to 5.6.3 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.1.1...v5.6.3) Updates `fast-xml-parser` from 4.5.3 to 5.3.6 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/commits/v5.3.6) Updates `qs` from 6.13.0 to 6.14.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.13.0...v6.14.0) Updates `playwright` from 1.54.1 to 1.55.1 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.54.1...v1.55.1) Updates `storybook` from 9.0.18 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v9.1.17/code/core) --- updated-dependencies: - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: playwright dependency-version: 1.55.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@sveltejs/kit" dependency-version: 2.49.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: devalue dependency-version: 5.6.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: 5.3.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: playwright dependency-version: 1.55.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-02-20T11:23:04Z

Superseded by #4.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 19, 2026

dependabot bot mentioned this pull request Feb 19, 2026

Bump vite from 6.3.5 to 6.3.6 in the npm_and_yarn group across 1 directory #2

Closed

dependabot bot closed this Feb 20, 2026

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-ad79b48ce6 branch February 20, 2026 11:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 2 directories with 9 updates#3

Bump the npm_and_yarn group across 2 directories with 9 updates#3
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-ad79b48ce6

dependabot bot commented on behalf of github Feb 19, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 19, 2026

v1.26.0

What's Changed

New Contributors

v1.25.3

What's Changed

v1.25.2

What's Changed

New Contributors

1.25.1

What's Changed

1.25.0

What's Changed

v1.55.1

Highlights

Browser Versions

v1.55.0

New APIs

Codegen

Breaking Changes

Miscellaneous

Browser Versions

v1.54.2

Highlights

Browser Versions

v9.1.17

9.1.17

v9.1.16

9.1.16

10.2.10

10.2.9

10.2.8

10.2.7

10.2.6

10.2.5

10.2.4

10.2.3

@​sveltejs/kit@​2.49.5

Patch Changes

@​sveltejs/kit@​2.49.4

Patch Changes

@​sveltejs/kit@​2.49.3

Patch Changes

@​sveltejs/kit@​2.49.2

Patch Changes

@​sveltejs/kit@​2.49.1

Patch Changes

2.49.5

Patch Changes

2.49.4

Patch Changes

2.49.3

Patch Changes

2.49.2

Patch Changes

2.49.1

Patch Changes

create-vite@6.4.1

v6.4.1

v6.4.0

v6.3.7

v6.3.6

8.0.0-beta.15 (2026-02-19)

Features

Bug Fixes

Performance Improvements

Miscellaneous Chores

8.0.0-beta.14 (2026-02-12)

Features

Bug Fixes

Miscellaneous Chores

Code Refactoring

Tests

v2.2.2

What's Changed

New Contributors

v2.2.1

Important: Security

What's Changed

`@sveltejs/kit@2`.49.5

`@sveltejs/kit@2`.49.4

`@sveltejs/kit@2`.49.3

`@sveltejs/kit@2`.49.2

`@sveltejs/kit@2`.49.1