Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Sep 9, 2025

Bumps the npm_and_yarn group with 4 updates in the /ui directory: vite, @babel/runtime, brace-expansion and cross-spawn.

Updates vite from 5.2.8 to 5.4.20

Release notes

Sourced from vite's releases.

v5.4.20

Please refer to CHANGELOG.md for details.

v5.4.19

Please refer to CHANGELOG.md for details.

v5.4.18

Please refer to CHANGELOG.md for details.

v5.4.17

Please refer to CHANGELOG.md for details.

v5.4.16

Please refer to CHANGELOG.md for details.

v5.4.15

Please refer to CHANGELOG.md for details.

v5.4.14

Please refer to CHANGELOG.md for details.

v5.4.13

Please refer to CHANGELOG.md for details.

v5.4.12

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.20 (2025-09-08)

5.4.19 (2025-04-30)

5.4.18 (2025-04-10)

5.4.17 (2025-04-03)

5.4.16 (2025-03-31)

5.4.15 (2025-03-24)

5.4.14 (2025-01-21)

5.4.13 (2025-01-20)

5.4.12 (2025-01-20)

... (truncated)

Commits

Updates @babel/runtime from 7.26.9 to 7.28.4

Release notes

Sourced from @​babel/runtime's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

... (truncated)

Changelog

Sourced from @​babel/runtime's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

🐛 Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

🐛 Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

📝 Documentation

... (truncated)

Commits

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

  • update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

  • fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

Commits
  • 77cd97f chore(release): 7.0.6
  • 6717de4 chore: upgrade standard-version
  • f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
  • 9a7e3b2 chore: fix build status badge
  • 0852683 chore(release): 7.0.5
  • 640d391 fix: fix escaping bug introduced by backtracking
  • bff0c87 chore: remove codecov
  • a7c6abc chore: replace travis with github workflows
  • 9b9246e chore(release): 7.0.4
  • 5ff3a07 fix: disable regexp backtracking (#160)
  • Additional commits viewable in compare view

Updates esbuild from 0.20.2 to 0.21.5

Release notes

Sourced from esbuild's releases.

v0.21.5

  • Fix Symbol.metadata on classes without a class decorator (#3781)

    This release fixes a bug with esbuild's support for the decorator metadata proposal. Previously esbuild only added the Symbol.metadata property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the Symbol.metadata property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.

  • Allow unknown import attributes to be used with the copy loader (#3792)

    Import attributes (the with keyword on import statements) are allowed to alter how that path is loaded. For example, esbuild cannot assume that it knows how to load ./bagel.js as type bagel:

    // This is an error with "--bundle" without also using "--external:./bagel.js"
import tasty from "./bagel.js" with { type: "bagel" }

    Because of that, bundling this code with esbuild is an error unless the file ./bagel.js is external to the bundle (such as with --bundle --external:./bagel.js).

    However, there is an additional case where it's ok for esbuild to allow this: if the file is loaded using the copy loader. That's because the copy loader behaves similarly to --external in that the file is left external to the bundle. The difference is that the copy loader copies the file into the output folder and rewrites the import path while --external doesn't. That means the following will now work with the copy loader (such as with --bundle --loader:.bagel=copy):

    // This is no longer an error with "--bundle" and "--loader:.bagel=copy"
import tasty from "./tasty.bagel" with { type: "bagel" }

  • Support import attributes with glob-style imports (#3797)

    This release adds support for import attributes (the with option) to glob-style imports (dynamic imports with certain string literal patterns as paths). These imports previously didn't support import attributes due to an oversight. So code like this will now work correctly:

    async function loadLocale(locale: string): Locale {
  const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
  return unpackLocale(locale, data)
}

    Previously this didn't work even though esbuild normally supports forcing the JSON loader using an import attribute. Attempting to do this used to result in the following error:

    ✘ [ERROR] No loader is configured for ".data" files: locales/en-US.data

    example.ts:2:28:
  2 │   const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
    ╵                             ~~~~~~~~~~~~~~~~~~~~~~~~~~

    In addition, this change means plugins can now access the contents of with for glob-style imports.

  • Support ${configDir} in tsconfig.json files (#3782)

    This adds support for a new feature from the upcoming TypeScript 5.5 release. The character sequence ${configDir} is now respected at the start of baseUrl and paths values, which are used by esbuild during bundling to correctly map import paths to file system paths. This feature lets base tsconfig.json files specified via extends refer to the directory of the top-level tsconfig.json file. Here is an example:

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.21.5

  • Fix Symbol.metadata on classes without a class decorator (#3781)

    This release fixes a bug with esbuild's support for the decorator metadata proposal. Previously esbuild only added the Symbol.metadata property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the Symbol.metadata property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.

  • Allow unknown import attributes to be used with the copy loader (#3792)

    Import attributes (the with keyword on import statements) are allowed to alter how that path is loaded. For example, esbuild cannot assume that it knows how to load ./bagel.js as type bagel:

    // This is an error with "--bundle" without also using "--external:./bagel.js"
import tasty from "./bagel.js" with { type: "bagel" }

    Because of that, bundling this code with esbuild is an error unless the file ./bagel.js is external to the bundle (such as with --bundle --external:./bagel.js).

    However, there is an additional case where it's ok for esbuild to allow this: if the file is loaded using the copy loader. That's because the copy loader behaves similarly to --external in that the file is left external to the bundle. The difference is that the copy loader copies the file into the output folder and rewrites the import path while --external doesn't. That means the following will now work with the copy loader (such as with --bundle --loader:.bagel=copy):

    // This is no longer an error with "--bundle" and "--loader:.bagel=copy"
import tasty from "./tasty.bagel" with { type: "bagel" }

  • Support import attributes with glob-style imports (#3797)

    This release adds support for import attributes (the with option) to glob-style imports (dynamic imports with certain string literal patterns as paths). These imports previously didn't support import attributes due to an oversight. So code like this will now work correctly:

    async function loadLocale(locale: string): Locale {
  const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
  return unpackLocale(locale, data)
}

    Previously this didn't work even though esbuild normally supports forcing the JSON loader using an import attribute. Attempting to do this used to result in the following error:

    ✘ [ERROR] No loader is configured for ".data" files: locales/en-US.data

    example.ts:2:28:
  2 │   const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
    ╵                             ~~~~~~~~~~~~~~~~~~~~~~~~~~

    In addition, this change means plugins can now access the contents of with for glob-style imports.

  • Support ${configDir} in tsconfig.json files (#3782)

    This adds support for a new feature from the upcoming TypeScript 5.5 release. The character sequence ${configDir} is now respected at the start of baseUrl and paths values, which are used by esbuild during bundling to correctly map import paths to file system paths. This feature lets base tsconfig.json files specified via extends refer to the directory of the top-level tsconfig.json file. Here is an example:

... (truncated)

Commits
  • fc37c2f publish 0.21.5 to npm
  • cb11924 fix Symbol.metadata errors in decorator tests
  • b93a2a9 fix #3781: add metadata to all decorated classes
  • 953dae9 fix #3797: import attributes and glob-style import
  • 98cb2ed fix #3782: support ${configDir} in tsconfig.json
  • 8e6603b run make update-compat-table
  • db1b8ca fix #3792: import attributes and the copy loader
  • de572d0 fix non-deterministic import attribute plugin test
  • ae8d1b4 fix #3794: --supported:object-accessors=false
  • 67cbf87 publish 0.21.4 to npm
  • Additional commits viewable in compare view

Updates rollup from 4.14.1 to 4.50.1

Release notes

Sourced from rollup's releases.

v4.50.1

4.50.1

2025-09-07

Bug Fixes

  • Resolve a situation where a destructuring default value was removed (#6090)

Pull Requests

v4.50.0

4.50.0

2025-08-31

Features

  • Support openharmony-arm64 platform (#6081)

Bug Fixes

  • Fix loading of extensionless imports in config files (#6084)

Pull Requests

v4.49.0

4.49.0

2025-08-27

Features

  • Allow config plugins to resolve imports first before deciding whether to treat them as external (#6038)

Pull Requests

  • #6038: feat: Run external check in cli/run/loadConfigFile.ts as last in order to allow handling of e.g. workspace package imports in TS monorepos correctly (@​stazz, @​TrickyPi)
  • #6082: Improve build pipeline performance (@​lukastaegert)

v4.48.1

... (truncated)

Changelog

Sourced from rollup's changelog.

4.50.1

2025-09-07

Bug Fixes

  • Resolve a situation where a destructuring default value was removed (#6090)

Pull Requests

4.50.0

2025-08-31

Features

  • Support openharmony-arm64 platform (#6081)

Bug Fixes

  • Fix loading of extensionless imports in config files (#6084)

Pull Requests

4.49.0

2025-08-27

Features

  • Allow config plugins to resolve imports first before deciding whether to treat them as external (#6038)

Pull Requests

  • #6038: feat: Run external check in cli/run/loadConfigFile.ts as last in order to allow handling of e.g. workspace package imports in TS monorepos correctly (@​stazz, @​TrickyPi)
  • #6082: Improve build pipeline performance (@​lukastaegert)

4.48.1

2025-08-25

... (truncated)

Commits
  • 79d5563 4.50.1
  • 7fb50f9 Call includeNode for self or children nodes in includeDestructuredIfNecessary...
  • 235dc74 perf: replace startsWith with strict equality (#6094)
  • a2744ea feat(www): shorter repl shareables (#6088)
  • 298609e chore(deps): lock file maintenance minor/patch updates (#6092)
  • 3d9de27 fix(deps): update rust crate swc_compiler_base to v33 (#6091)
  • 592e7d7 4.50.0
  • 06df2d6 Split up changelog file
  • 38a5c6d Add support for openharmony-arm64 platform (#6081)
  • bd02778 Return null to defer to the default resolution behavior (#6084)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 6 up…
25c9c3c 
…dates

Bumps the npm_and_yarn group with 4 updates in the /ui directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [cross-spawn](https://github.com/moxystudio/node-cross-spawn).


Updates `vite` from 5.2.8 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.20/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.20/packages/vite)

Updates `@babel/runtime` from 7.26.9 to 7.28.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `cross-spawn` from 7.0.3 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6)

Updates `esbuild` from 0.20.2 to 0.21.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](evanw/esbuild@v0.20.2...v0.21.5)

Updates `rollup` from 4.14.1 to 4.50.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.14.1...v4.50.1)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/runtime"
  dependency-version: 7.28.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-version: 7.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.21.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.50.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants