Skip to content

chore(deps): bump the npm_and_yarn group across 4 directories with 6 updates #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the npm_and_yarn group across 4 directories with 6 updates #6

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jan 14, 2026

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package From To
vite 7.1.5 7.1.11
valibot 1.1.0 1.2.0
happy-dom 18.0.1 20.0.2
glob 10.4.5 10.5.0
js-yaml 4.1.0 4.1.1
undici 7.16.0 7.18.2

Bumps the npm_and_yarn group with 1 update in the /plugins/airtable directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /plugins/code-versions directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /plugins/global-search directory: happy-dom.

Updates vite from 7.1.5 to 7.1.11

Release notes

Sourced from vite's releases.

v7.1.11

Please refer to CHANGELOG.md for details.

v7.1.10

Please refer to CHANGELOG.md for details.

v7.1.9

Please refer to CHANGELOG.md for details.

v7.1.8

Please refer to CHANGELOG.md for details.

v7.1.7

Please refer to CHANGELOG.md for details.

v7.1.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.1.11 (2025-10-20)

Bug Fixes

  • dev: trim trailing slash before server.fs.deny check (#20968) (f479cc5)

Miscellaneous Chores

Code Refactoring

  • use subpath imports for types module reference (#20921) (d0094af)

Build System

7.1.10 (2025-10-14)

Bug Fixes

  • css: avoid duplicate style for server rendered stylesheet link and client inline style during dev (#20767) (3a92bc7)
  • css: respect emitAssets when cssCodeSplit=false (#20883) (d3e7eee)
  • deps: update all non-major dependencies (879de86)
  • deps: update all non-major dependencies (#20894) (3213f90)
  • dev: allow aliases starting with // (#20760) (b95fa2a)
  • dev: remove timestamp query consistently (#20887) (6537d15)
  • esbuild: inject esbuild helpers correctly for esbuild 0.25.9+ (#20906) (446eb38)
  • normalize path before calling fileToBuiltUrl (#20898) (73b6d24)
  • preserve original sourcemap file field when combining sourcemaps (#20926) (c714776)

Documentation

Miscellaneous Chores

7.1.9 (2025-10-03)

Reverts

7.1.8 (2025-10-02)

Bug Fixes

... (truncated)

Commits
  • 8b69c9e release: v7.1.11
  • f479cc5 fix(dev): trim trailing slash before server.fs.deny check (#20968)
  • 6fb41a2 chore(deps): update all non-major dependencies (#20966)
  • a817307 build: remove hash from built filenames (#20946)
  • ef411ce build: remove cjs reference in files field (#20945)
  • d0094af refactor: use subpath imports for types module reference (#20921)
  • ed4a0dc release: v7.1.10
  • c714776 fix: preserve original sourcemap file field when combining sourcemaps (#20926)
  • 446eb38 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20906)
  • 879de86 fix(deps): update all non-major dependencies
  • Additional commits viewable in compare view

Updates valibot from 1.1.0 to 1.2.0

Release notes

Sourced from valibot's releases.

v1.2.0

Many thanks to @​EskiMojo14, @​makenowjust, @​ysknsid25 and @​jacekwilczynski for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

  • Add toBigint, toBoolean, toDate, toNumber and toString transformation actions (pull request #1212)
  • Add examples action to add example values to a schema (pull request #1199)
  • Add getExamples method to extract example values from a schema (pull request #1199)
  • Add isbn validation action to validate ISBN-10 and ISBN-13 strings (pull request #1097)
  • Add exports for RawCheckAddIssue, RawCheckContext, RawCheckIssueInfo, RawTransformAddIssue, RawTransformContext and RawTransformIssueInfo types for better developer experience with rawCheck and rawTransform actions (pull request #1359)
  • Change build step to tsdown
  • Fix ReDoS vulnerability in EMOJI_REGEX used by emoji action

v1.2.0 (to-json-schema)

Many thanks to @​cruzdanilo and @​Xiot for contributing to this release.

  • Add support for title, description and examples in metadata action (pull request #1189)
  • Add new override configurations to override default behaviour of JSON Schema conversion (pull request #1197)
  • Add storage for global definitions with addGlobalDefs and getGlobalDefs (pull request #1197)
  • Add new toJsonSchemaDefs function to convert Valibot schema definitions to JSON Schema definitions (pull request #1197)
Commits
  • 053ae97 Bump version to 1.2.0 and update changelog
  • de76d7c Merge pull request #1361 from open-circle/v1.2-blog-post
  • c14f092 Add security fix for ReDoS vulnerability in emoji action and update release n...
  • cfb799d Merge commit from fork
  • 36fafd0 Add release notes blog post for Valibot v1.2 to website
  • 83c07ca Merge pull request #1097 from ysknsid25/feat/add-isbn-validation
  • 6957e0d Add beta annotation to JSDoc comment of isbn action
  • 6c7f9c0 Add docs for new isbn action to website
  • ca902e6 Refactor ISBN regex constants and update validation logic
  • e7a4f17 Refactor and improve new isbn action and update changelog
  • Additional commits viewable in compare view

Updates happy-dom from 18.0.1 to 20.0.2

Release notes

Sourced from happy-dom's releases.

v20.0.2

👷‍♂️ Patch fixes

  • Adds frozen intrinsics flag to workers in @happy-dom/server-renderer - By @​capricorn86 in task #1934

v20.0.1

👷‍♂️ Patch fixes

  • Adds warning for environment with unfrozen intrinsics (builtins) when JavaScript evaluation is enabled- By @​capricorn86 in task #1932
    • A security advisory has been reported showing that the recommended preventive measure of running Node.js with --disallow-code-generation-from-strings wasn't enough to protect against attackers escaping the VM context and accessing process-level functions. Big thanks to @​cristianstaicu for reporting this!
    • The documentation for how to run Happy DOM with JavaScript evaluation enabled in a safer way has been updated. Read more about it in the Wiki

v20.0.0

I avoid making breaking changes as much as possible in Happy DOM. When I have to make a breaking change, I try to keep it as minimal as possible. This could be a breaking change that impacts many projects, and I am truly sorry if you are negatively affected by this.

💣 Breaking Changes

  • Due to security risks, JavaScript evaluation is now disabled by default - By @​capricorn86 in task #1930
    • A security advisory (GHSA-37j7-fg3j-429f) has been reported that shows a security vulnerability where it's possible to escape the VM context and get access to process level functionality. Big thanks to @​Mas0nShi for reporting this!
    • Due to this security risk, JavaScript evaluation is now disabled by default to prevent that consumers accidentally executes untrusted code without taking precautions
    • JavaScript evaluation can be enabled by setting enableJavaScriptEvaluation to "true". Read more about how to enable this in a safer way in the Wiki

v19.0.2

👷‍♂️ Patch fixes

  • Fixes issue related to CSS pseudo selector :scope that didn't work correctly for direct descendants to root - By @​capricorn86 in task #1620

v19.0.1

👷‍♂️ Patch fixes

  • Fixes issue with sending in URLs as string in @happy-dom/server-renderer config using CLI - By @​capricorn86 in task #1908

v19.0.0

💣 Breaking Changes

  • Removes support for CommonJS - By @​capricorn86 in task #1730
    • Support for CommonJS is no longer needed as Node.js v18 is deprecated and v20 and above supports loading ES modules from CommonJS using require()
  • Updates Jest to v30 in the @happy-dom/jest-environment package - By @​capricorn86 in task #1730
  • Makes Jest packages peer dependencies to make it easier to align versions with the project using @happy-dom/jest-environment - By @​capricorn86 in task #1730

🎨 Features

... (truncated)

Commits
  • f4bd4eb fix: #0 Adds frozen intrinsics flag to server-renderer workers (#1934)
  • f45d92e fix: #0 Adds warning for environemnt with unfrozen builtins (#1932)
  • 819d15b BREAKING CHANGE: #0 Changes JavaScript evaluation to be disabled by default...
  • c80a08f fix: #1620 Fixes issue related to CSS pseudo selector :scope (#1911)
  • 220df23 fix: #1908 Fixes issue with sending in URLs as string in server-renderer co...
  • 9849f8b chore: #1906 Fixes failing unit test caused by package version (#1907)
  • 48d174e chore: #1904 Updates conventional commit package (#1905)
  • 275efe5 BREAKING CHANGE: #1620 Release v18.0.0
  • See full diff in compare view

Updates glob from 10.4.5 to 10.5.0

Commits

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates undici from 7.16.0 to 7.18.2

Release notes

Sourced from undici's releases.

v7.18.2

⚠️ Security Release

This fixes GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

What's Changed

Full Changelog: nodejs/undici@v7.18.1...v7.18.2

v7.18.1

What's Changed

Full Changelog: nodejs/undici@v7.18.0...v7.18.1

v7.18.0

What's Changed

Full Changelog: nodejs/undici@v7.17.0...v7.18.0

v7.17.0

What's Changed

... (truncated)

Commits
  • 7e5cb2d Bumped v7.18.2 (#4730)
  • b04e3cb fix(decompress): limit Content-Encoding chain to 5 to prevent resource exhaus...
  • 2bcb77b Bumped v7.18.1 (#4728)
  • 58a12b7 build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#4719)
  • 5fa2930 build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 (#4718)
  • fbbe283 docs: add security warning for strictContentLength option (#4726)
  • ce12d9e fix: do not crash if Node.js is compiled without SSL (#4727)
  • ebe3e33 Bumped v7.18.0 (#4725)
  • 4e9b88b fix: limit Content-Encoding chain to 5 to prevent resource exhaustion
  • d560767 Bumped v7.17.0 (#4724)
  • Additional commits viewable in compare view

Updates happy-dom from 18.0.1 to 20.1.0

Release notes

Sourced from happy-dom's releases.

v20.0.2

👷‍♂️ Patch fixes

  • Adds frozen intrinsics flag to workers in @happy-dom/server-renderer - By @​capricorn86 in task #1934

v20.0.1

👷‍♂️ Patch fixes

  • Adds warning for environment with unfrozen intrinsics (builtins) when JavaScript evaluation is enabled- By @​capricorn86 in task #1932
    • A security advisory has been reported showing that the recommended preventive measure of running Node.js with --disallow-code-generation-from-strings wasn't enough to protect against attackers escaping the VM context and accessing process-level functions. Big thanks to @​cristianstaicu for reporting this!
    • The documentation for how to run Happy DOM with JavaScript evaluation enabled in a safer way has been updated. Read more about it in the Wiki

v20.0.0

I avoid making breaking changes as much as possible in Happy DOM. When I have to make a breaking change, I try to keep it as minimal as possible. This could be a breaking change that impacts many projects, and I am truly sorry if you are negatively affected by this.

💣 Breaking Changes

  • Due to security risks, JavaScript evaluation is now disabled by default - By @​capricorn86 in task #1930
    • A security advisory (GHSA-37j7-fg3j-429f) has been reported that shows a security vulnerability where it's possible to escape the VM context and get access to process level functionality. Big thanks to @​Mas0nShi for reporting this!
    • Due to this security risk, JavaScript evaluation is now disabled by default to prevent that consumers accidentally executes untrusted code without taking precautions
    • JavaScript evaluation can be enabled by setting enableJavaScriptEvaluation to "true". Read more about how to enable this in a safer way in the Wiki

v19.0.2

👷‍♂️ Patch fixes

  • Fixes issue related to CSS pseudo selector :scope that didn't work correctly for direct descendants to root - By @​capricorn86 in task #1620

v19.0.1

👷‍♂️ Patch fixes

  • Fixes issue with sending in URLs as string in @happy-dom/server-renderer config using CLI - By @​capricorn86 in task #1908

v19.0.0

💣 Breaking Changes

  • Removes support for CommonJS - By @​capricorn86 in task #1730
    • Support for CommonJS is no longer needed as Node.js v18 is deprecated and v20 and above supports loading ES modules from CommonJS using require()
  • Updates Jest to v30 in the @happy-dom/jest-environment package - By @​capricorn86 in task #1730
  • Makes Jest packages peer dependencies to make it easier to align versions with the project using @happy-dom/jest-environment - By @​capricorn86 in task #1730

🎨 Features

... (truncated)

Commits
  • f4bd4eb fix: #0 Adds frozen intrinsics flag to server-renderer workers (#1934)
  • f45d92e fix: #0 Adds warning for environemnt with unfrozen builtins (#1932)
  • 819d15b BREAKING CHANGE: #0 Changes JavaScript evaluation to be disabled by default...
  • c80a08f fix: #1620 Fixes issue related to CSS pseudo selector :scope (#1911)
  • 220df23 fix: #1908 Fixes issue with sending in URLs as string in server-renderer co...
  • 9849f8b chore: #1906 Fixes failing unit test caused by package version (#1907)
  • 48d174e chore: #1904 Updates conventional commit package (#1905)
  • 275efe5 BREAKING CHANGE: #1620 Release v18.0.0
  • See full diff in compare view

Updates happy-dom from 18.0.1 to 20.1.0

Release notes

Sourced from happy-dom's releases.

v20.0.2

👷‍♂️ Patch fixes

  • Adds frozen intrinsics flag to workers in @happy-dom/server-renderer - By @​capricorn86 in task #1934

v20.0.1

👷‍♂️ Patch fixes

  • Adds warning for environment with unfrozen intrinsics (builtins) when JavaScript evaluation is enabled- By @​capricorn86 in task #1932
    • A security advisory has been reported showing that the recommended preventive measure of running Node.js with --disallow-code-generation-from-strings wasn't enough to protect against attackers escaping the VM context and accessing process-level functions. Big thanks to @​cristianstaicu for reporting this!
    • The documentation for how to run Happy DOM with JavaScript evaluation enabled in a safer way has been updated. Read more about it in the Wiki

v20.0.0

I avoid making breaking changes as much as possible in Happy DOM. When I have to make a breaking change, I try to keep it as minimal as possible. This could be a breaking change that impacts many projects, and I am truly sorry if you are negatively affected by this.

💣 Breaking Changes

  • Due to security risks, JavaScript evaluation is now disabled by default - By @​capricorn86 in task #1930
    • A security advisory (GHSA-37j7-fg3j-429f) has been reported that shows a security vulnerability where it's possible to escape the VM context and get access to process level functionality. Big thanks to @​Mas0nShi for reporting this!
    • Due to this security risk, JavaScript evaluation is now disabled by default to prevent that consumers accidentally executes untrusted code without taking precautions
    • JavaScript evaluation can be enabled by setting enableJavaScriptEvaluation to "true". Read more about how to enable this in a safer way in the Wiki

v19.0.2

👷‍♂️ Patch fixes

  • Fixes issue related to CSS pseudo selector :scope that didn't work correctly for direct descendants to root - By @​capricorn86 in task #1620

v19.0.1

👷‍♂️ Patch fixes

  • Fixes issue with sending in URLs as string in @happy-dom/server-renderer config using CLI - By @​capricorn86 in task #1908

v19.0.0

💣 Breaking Changes

  • Removes support for CommonJS - By @​capricorn86 in task #1730
    • Support for CommonJS is no longer needed as Node.js v18 is deprecated and v20 and above supports loading ES modules from CommonJS using require()
  • Updates Jest to v30 in the @happy-dom/jest-environment package - By @​capricorn86 in task #1730
  • Makes Jest packages peer dependencies to make it easier to align versions with the project using @happy-dom/jest-environment - By @​capricorn86 in task #1730

🎨 Features

... (truncated)

Commits
  • f4bd4eb fix: #0 Adds frozen intrinsics flag to server-renderer workers (#1934)
  • f45d92e fix: #0 Adds warning for environemnt with unfrozen builtins (#1932)
  • 819d15b BREAKING CHANGE: #0 Changes JavaScript evaluation to be disabled by default...
  • c80a08f fix: #1620 Fixes issue related to CSS pseudo selector :scope (#1911)
  • 220df23 fix: #1908 Fixes issue with sending in URLs as string in server-renderer co...
  • 9849f8b chore: #1906 Fixes failing unit test caused by package version (#1907)
  • 48d174e chore: #1904 Updates conventional commit package (#1905)
  • 275efe5 BREAKING CHANGE: #1620 Release v18.0.0
  • See full diff in compare view

Updates happy-dom from 18.0.1 to 20.1.0

Release notes

Sourced from happy-dom's releases.

v20.0.2

👷‍♂️ Patch fixes

  • Adds frozen intrinsics flag to workers in @happy-dom/server-renderer - By @​capricorn86 in task #1934

v20.0.1

👷‍♂️ Patch fixes

  • Adds warning for environment with unfrozen intrinsics (builtins) when JavaScript evaluation is enabled- By @​capricorn86 in task #1932
    • A security advisory has been reported showing that the recommended preventive measure of running Node.js with --disallow-code-generation-from-strings wasn't enough to protect against attackers escaping the VM context and accessing process-level functions. Big thanks to @​cristianstaicu for reporting this!
    • The documentation for how to run Happy DOM with JavaScript evaluation enabled in a safer way has been updated. Read more about it in the Wiki

v20.0.0

I avoid making breaking changes as much as possible in Happy DOM. When I have to make a breaking change, I try to keep it as minimal as possible. This could be a breaking change that impacts many projects, and I am truly sorry if you are negatively affected by this.

💣 Breaking Changes

  • Due to security risks, JavaScript evaluation is now disabled by default - By @​capricorn86 in task #1930
    • A security advisory (GHSA-37j7-fg3j-429f) has been reported that shows a security vulnerability where it's possible to escape the VM context and get access to process level functionality. Big thanks to @​Mas0nShi for reporting this!
    • Due to this security risk, JavaScript evaluation is now disabled by default to prevent that consumers accidentally executes untrusted code without taking precautions
    • JavaScript evaluation can be enabled by setting enableJavaScriptEvaluation to "true". Read more about how to enable this in a safer way in the Wiki

v19.0.2

👷‍♂️ Patch fixes

  • Fixes issue related to CSS pseudo selector :scope that didn't work correctly for direct descendant...

    Description has been truncated

@dependabot
chore(deps): bump the npm_and_yarn group across 4 directories with 6 …
1b00d67 
…updates

Bumps the npm_and_yarn group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.5` | `7.1.11` |
| [valibot](https://github.com/open-circle/valibot) | `1.1.0` | `1.2.0` |
| [happy-dom](https://github.com/capricorn86/happy-dom) | `18.0.1` | `20.0.2` |
| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |
| [undici](https://github.com/nodejs/undici) | `7.16.0` | `7.18.2` |

Bumps the npm_and_yarn group with 1 update in the /plugins/airtable directory: [happy-dom](https://github.com/capricorn86/happy-dom).
Bumps the npm_and_yarn group with 1 update in the /plugins/code-versions directory: [happy-dom](https://github.com/capricorn86/happy-dom).
Bumps the npm_and_yarn group with 1 update in the /plugins/global-search directory: [happy-dom](https://github.com/capricorn86/happy-dom).


Updates `vite` from 7.1.5 to 7.1.11
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.11/packages/vite)

Updates `valibot` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/open-circle/valibot/releases)
- [Commits](open-circle/valibot@v1.1.0...v1.2.0)

Updates `happy-dom` from 18.0.1 to 20.0.2
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v18.0.1...v20.0.2)

Updates `glob` from 10.4.5 to 10.5.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v10.4.5...v10.5.0)

Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `undici` from 7.16.0 to 7.18.2
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.16.0...v7.18.2)

Updates `happy-dom` from 18.0.1 to 20.1.0
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v18.0.1...v20.0.2)

Updates `happy-dom` from 18.0.1 to 20.1.0
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v18.0.1...v20.0.2)

Updates `happy-dom` from 18.0.1 to 20.1.0
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v18.0.1...v20.0.2)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.11
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: valibot
  dependency-version: 1.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: happy-dom
  dependency-version: 20.0.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 7.18.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: happy-dom
  dependency-version: 20.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: happy-dom
  dependency-version: 20.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: happy-dom
  dependency-version: 20.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant