chore(deps): bump the npm_and_yarn group across 3 directories with 21 updates by dependabot[bot] · Pull Request #3344 · mondaycom/vibe

dependabot · 2026-04-08T15:50:02Z

Bumps the npm_and_yarn group with 20 updates in the / directory:

Package	From	To
vitest	`1.6.0`	`1.6.1`
ejs	`3.1.9`	`3.1.10`
rollup	`2.79.1`	`2.80.0`
storybook	`8.6.15`	`8.6.17`
vite	`5.4.19`	`6.4.2`
@modelcontextprotocol/sdk	`1.11.4`	`1.26.0`
@babel/helpers	`7.24.1`	`7.29.2`
ajv	`6.12.6`	`6.14.0`
axios	`1.6.8`	`1.14.0`
braces	`3.0.2`	`3.0.3`
flatted	`3.3.1`	`3.4.2`
handlebars	`4.7.8`	`4.7.9`
immutable	`4.3.5`	`4.3.8`
lodash	`4.17.21`	`4.18.1`
micromatch	`4.0.5`	`4.0.8`
path-to-regexp	`8.2.0`	`8.4.2`
qs	`6.12.0`	`6.15.0`
store2	`2.14.3`	`2.14.4`
ws	`7.5.9`	`7.5.10`
yaml	`1.10.2`	`1.10.3`

Bumps the npm_and_yarn group with 1 update in the /packages/core directory: vite.
Bumps the npm_and_yarn group with 1 update in the /packages/docs directory: vite.

Updates vitest from 1.6.0 to 1.6.1

Release notes

Sourced from vitest's releases.

v1.6.1

This release includes security patches for:

Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

🐞 Bug Fixes

backport vitest-dev/vitest#7317 to v1 - by @hi-ogawa in vitest-dev/vitest#7319

View changes on GitHub

Commits

017e1ee chore: release v1.6.1
7ce9fbb fix: backport #7317 to v1 (#7319)
See full diff in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates rollup from 2.79.1 to 2.80.0

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5671: Fix DOM Clobbering CVE (@lukastaegert)

Changelog

Sourced from rollup's changelog.

2.80.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6277)

Pull Requests

#6277: Validate bundle stays within output dir (@lukastaegert)

2.79.2

2024-09-26

Bug Fixes

Resolve CVE-2024-43788 (#5677)

Pull Requests

#5677: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (@fabianszabo)

Commits

d17ae15 2.80.0
d6dee5e Validate bundle stays within output dir (#6277)
c9bd03d 2.79.2
48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
See full diff in compare view

Updates storybook from 8.6.15 to 8.6.17

Release notes

Sourced from storybook's releases.

v8.6.17

8.6.17

Harden websocket connection

v8.6.16

8.6.16

No-op release. No changes.

Changelog

Sourced from storybook's changelog.

8.6.17

Harden websocket connection

8.6.16

No-op release. No changes.

8.6.14

CLI: Add skip onboarding, recommended/minimal config - #30930, thanks @shilman!

Core: Fix using dates in expect statements - #28413, thanks @yann-combarnous!

React Native Web: Fix expo router by setting JSX to automatic - #31484, thanks @dannyhw!

Test: Make sure that lit arrays are not cloned - #31435, thanks @kasperpeulen!

8.6.13

Controls: Fix boxShadow on empty controls - #27193, thanks @H0onnn!

React Native Web: Update react-native-web - #31324, thanks @ndelangen!

8.6.12

CLI: Only install Visual Test Addon if test feature is selected - #30966, thanks @ghengeveld!

Core: Fix telemetry error on Storybook UI - #30953, thanks @yannbf!

Ember: Fix ember-template-compiler import for ember 6+ - #30682, thanks @leoeuclids!

Next: Update vite-plugin-storybook-nextjs to 2.0.0--canary.33.17a2310.0 - #30997, thanks @kasperpeulen!

Svelte: Exclude node_modules from docgen - #30981, thanks @JReinhold!

8.6.11

Angular: Fix zone.js support for Angular libraries - #30941, thanks @valentinpalkovic!

8.6.10

Addon-docs: Fix non-string handling in Stories block - #30913, thanks @JamesIves!

Nextjs: Fix styled-jsx optimize vite warnings - #30932, thanks @kasperpeulen!

React: Fix actImplementation is not a function - #30929, thanks @kasperpeulen!

8.6.9

Next: Fix react aliases in next vite plugin - #30914, thanks @kasperpeulen!

8.6.8

Angular: Export all files in Angular package.json - #30849, thanks @kasperpeulen!

CLI: Don't add packageManager entry to package.json automatically - #30855, thanks @kasperpeulen!

React: Allow portable stories to be used in SSR - #30847, thanks @kasperpeulen!

Svelte: Adjust Svelte typings to include Svelte 5 function components - #30852, thanks @dummdidumm!

Telemetry: Make sure that telemetry doesn't fail on init - #30857, thanks @kasperpeulen!

Vite: Update HMR filter to target specific story file types - #30845, thanks @kasperpeulen!

... (truncated)

Commits

c6e550a Bump version from "8.6.16" to "8.6.17" [skip ci]
9cf9d89 Core: Require token for websocket connections
7e51515 Bump version from "8.6.15" to "8.6.16" [skip ci]
See full diff in compare view

Updates vite from 5.4.19 to 6.4.2

Release notes

Sourced from vite's releases.

v6.4.2

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.2 (2026-04-06)

fix: apply server.fs check to env transport (#22159) (#22163) (fe28e47), closes #22159 #22163

fix: avoid path traversal with optimize deps sourcemap handler (#22161) (ca4da5d), closes #22161

6.4.1 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969) (1114b5d), closes #20968 #20969

6.4.0 (2025-10-15)

feat: allow passing down resolved config to vite's createServer (#20932) (ca6455e), closes #20932

6.3.7 (2025-10-14)

fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940) (c59a222), closes #20940

6.3.6 (2025-09-08)

fix: apply fs.strict check to HTML files (#20736) (0ab19ea), closes #20736

fix: upgrade sirv to 3.0.2 (#20735) (e11d240), closes #20735

test: detect ts support via process.features (#20544) (7d99229), closes #20544

6.3.5 (2025-05-05)

fix(ssr): handle uninitialized export access as undefined (#19959) (fd38d07), closes #19959

6.3.4 (2025-04-30)

fix: check static serve file inside sirv (#19965) (c22c43d), closes #19965

fix(optimizer): return plain object when using require to import externals in optimized dependenci (efc5eab), closes #19940

refactor: remove duplicate plugin context type (#19935) (d6d01c2), closes #19935

6.3.3 (2025-04-24)

fix: ignore malformed uris in tranform middleware (#19853) (e4d5201), closes #19853

... (truncated)

Commits

6b3fad0 release: v6.4.2
ca4da5d fix: avoid path traversal with optimize deps sourcemap handler (#22161)
fe28e47 fix: apply server.fs check to env transport (#22159) (#22163)
5487f4f release: v6.4.1
1114b5d fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969)
f12697c release: v6.4.0
ca6455e feat: allow passing down resolved config to vite's createServer (#20932)
0e173d8 release: v6.3.7
c59a222 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)
3f337c5 release: v6.3.6
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite since your current version.

Updates @modelcontextprotocol/sdk from 1.11.4 to 1.26.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcarleton in modelcontextprotocol/typescript-sdk#1412

fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @samuv in modelcontextprotocol/typescript-sdk#1382

Fix #1430: Client Credentials providers scopes support (backported) by @NSeydoux in modelcontextprotocol/typescript-sdk#1442

chore: bump version to 1.26.0 by @pcarleton in modelcontextprotocol/typescript-sdk#1479

New Contributors

@samuv made their first contribution in modelcontextprotocol/typescript-sdk#1382

@NSeydoux made their first contribution in modelcontextprotocol/typescript-sdk#1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

ci: trigger workflow on v1.x branch by @felixweinberger in modelcontextprotocol/typescript-sdk#1319

fix: README badges links destinations by @antonpk1 in modelcontextprotocol/typescript-sdk#907

fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

@antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

spec types - backwards compatibility changes by @KKonstantinov in modelcontextprotocol/typescript-sdk#1306

chore: bump version for patch fix by @felixweinberger in modelcontextprotocol/typescript-sdk#1307

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

list changed handlers on client constructor by @mattzcarey in modelcontextprotocol/typescript-sdk#1206

Role - moved from inline to reusable type by @KKonstantinov in modelcontextprotocol/typescript-sdk#1221

fix: use versioned npm tag for non-main branch releases by @pcarleton in modelcontextprotocol/typescript-sdk#1236

No automatic completion support unless needed - Revisited yet again by @cliffhall in modelcontextprotocol/typescript-sdk#1237

fix: Support updating output schema by @vincent0426 in modelcontextprotocol/typescript-sdk#1048

... (truncated)

Commits

fe9c07b chore: bump version to 1.26.0 (#1479)
4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
a05be17 Merge commit from fork
50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
6aba065 chore: bump v1.25.3 for backport fixes (#1412)
6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
a0c9b13 fix: README badges links destinations (#907)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @modelcontextprotocol/sdk since your current version.

Updates @babel/helpers from 7.24.1 to 7.29.2

Release notes

Sourced from @babel/helpers's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

babel-parser

#17840 [7.x backport] async x => {} must be in leading pos (@JLHwung)

🐛 Bug Fix

babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3

#17805 [7.x backport] fix: Properly handle await in finally (@liuxingbaoyu)

babel-preset-env

#17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@JLHwung)

🏠 Internal

#17813 chore: update eslint peer deps (@JLHwung)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.29.1 (2026-02-04)

🐛 Bug Fix

babel-standalone

#17771 [7.x backport] fix: ensure targets.esmodules is validated (@JLHwung)

babel-generator

#17776 [7.x backport] Fix undefined when 64 indents (@liuxingbaoyu)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

babel-types

#17750 [7.x backport] Add attributes import declaration builder (@JLHwung)

babel-standalone

#17663 [7.x backport] feat(standalone): export async transform (@JLHwung)

#17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

babel-parser

#17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)

#17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)

babel-traverse

#17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)

babel-plugin-transform-block-scoping, babel-traverse

#17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

... (truncated)

Commits

37d5595 v7.29.2
1c0a08d [7.x backport] fix: Properly handle await in finally (#17805)
d7f4008 v7.28.6
99dcba5 chore: enable some ts-eslint rules (#17592)
c1b55f6 Use eslint.config.mts (#17573)
35055e3 v7.28.4
18d88b8 Improve @babel/core typings (#17471)
ef155f5 v7.28.3
741cbd2 chore: fix various typos across codebase (#17476)
cac0ff4 v7.28.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @babel/helpers since your current version.

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates axios from 1.6.8 to 1.14.0

Release notes

Sourced from axios's releases.

v1.14.0

This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.

⚠️ Important Changes

Breaking Changes: None identified in this release.

Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably proxy-from-env v2 alignment and main entry compatibility fix).

🚀 New Features

Runtime Features: No new end-user features were introduced in this release.

Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)

🐛 Bug Fixes

Headers: Trim trailing CRLF in normalised header values. (#7456)

HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)

Fetch Adapter: Cancel ReadableStream created during request-stream capability probing to prevent async resource leaks. (#7515)

Proxy Handling: Fixed env proxy behavior with proxy-from-env v2 usage. (#7499)

CommonJS Compatibility: Fixed package main entry regression affecting CJS consumers. (#7532)

🔧 Maintenance & Chores

Security/Dependencies: Updated formidable and refreshed package set to newer versions. (#7533, #10556)

Tooling: Continued migration to Vitest and modernised CI/test harnesses. (#7484, #7489, #7498)

Build/Lint Stack: Rollup, ESLint, TypeScript, and related dev-dependency updates. (#7508, #7509, #7522)

Documentation: Clarified JSON parsing and adapter-related docs/comments. (#7398, #7460, #7478)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

@aviu16 (#7456)

@NETIZEN-11 (#7460)

@fedotov (#7457)

@nthbotast (#7478)

@veeceey (#7398)

@penkzhou (#7515)

Full Changelog: v1.13.6...v1.14.0

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

Breaking Changes: None identified in this release.

Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @moh3n9595 for the initial implementation. (#5764)

Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

Environment Compatibility:

Fixed module exports for React Native and Browserify environments. (#7386)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

46bee3d chore(release): prepare release 1.14.0 (#10563)
518aff5 chore: add AI Moderator workflow for spam detection (#10551)
b7dfda3 chore(sponsor): update sponsor block (#10557)
9aa34d5 fix: updated release flow to match the current flows (#10562)
e9e5ebe Update packages to latest version (#10556)
4d8931c fix: formidable dependency vulnerable to arbitrary (#7533)
3a6f5c1 chore(deps-dev): bump @babel/preset-env (#7531)
bcfd299 fix: bug axios breaks commonjs compatibility main entry (#7532)
d6dcbfd fix: dependabot uses the correct labels (#7530)
5dd7ba7 chore: upgrade to latest ts (#7522)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates body-parser from 2.2.0 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

docs: update README links by @efekrskl in expressjs/body-parser#673

docs: release notes for the v1.20.4 release by @Phillip9587 in expressjs/body-parser#674

docs: update URL-encoded parser description to include ISO-8859-1 encoding support by @Phillip9587 in expressjs/body-parser#679

docs: use standard jsdoc tags everywhere by @Phillip9587 in expressjs/body-parser#677

deps: qs@^6.14.1 by @UlisesGascon in expressjs/body-parser#689

refactor(json): simplify strict mode error string construction by @jonchurch in expressjs/body-parser#693

Release: 2.2.2 by @UlisesGascon in expressjs/body-parser#691

New Contributors

@efekrskl made their first contribution in expressjs/body-parser#673

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

ci: add dependabot by @Phillip9587 in expressjs/body-parser#593

ci: use full SHAs for github action versions by @Phillip9587 in expressjs/body-parser#594

deps: type-is@^2.0.1 by @Phillip9587 in expressjs/body-parser#599

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/body-parser#609

build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in expressjs/body-parser#610

build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in expressjs/body-parser#611

build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in expressjs/body-parser#613

build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in expressjs/body-parser#612

ci: add codeql github workflows scanning by @Phillip9587 in

… updates Bumps the npm_and_yarn group with 20 updates in the / directory: | Package | From | To | | --- | --- | --- | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `1.6.0` | `1.6.1` | | [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` | | [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` | | [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `8.6.15` | `8.6.17` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.19` | `6.4.2` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.11.4` | `1.26.0` | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.24.1` | `7.29.2` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [axios](https://github.com/axios/axios) | `1.6.8` | `1.14.0` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` | | [immutable](https://github.com/immutable-js/immutable-js) | `4.3.5` | `4.3.8` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` | | [qs](https://github.com/ljharb/qs) | `6.12.0` | `6.15.0` | | [store2](https://github.com/nbubna/store) | `2.14.3` | `2.14.4` | | [ws](https://github.com/websockets/ws) | `7.5.9` | `7.5.10` | | [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` | Bumps the npm_and_yarn group with 1 update in the /packages/core directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /packages/docs directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vitest` from 1.6.0 to 1.6.1 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v1.6.1/packages/vitest) Updates `ejs` from 3.1.9 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Changelog](https://github.com/mde/ejs/blob/main/RELEASE_NOTES_v5.md) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `rollup` from 2.79.1 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.1...v2.80.0) Updates `storybook` from 8.6.15 to 8.6.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/v8.6.17/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.17/code/core) Updates `vite` from 5.4.19 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) Updates `@modelcontextprotocol/sdk` from 1.11.4 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.11.4...v1.26.0) Updates `@babel/helpers` from 7.24.1 to 7.29.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-helpers) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `axios` from 1.6.8 to 1.14.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.8...v1.14.0) Updates `body-parser` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.2) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `flatted` from 3.3.1 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.1...v3.4.2) Updates `handlebars` from 4.7.8 to 4.7.9 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.7.8...v4.7.9) Updates `immutable` from 4.3.5 to 4.3.8 - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](immutable-js/immutable-js@v4.3.5...v4.3.8) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `path-to-regexp` from 8.2.0 to 8.4.2 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.2.0...v8.4.2) Updates `qs` from 6.12.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.12.0...v6.15.0) Updates `store2` from 2.14.3 to 2.14.4 - [Commits](nbubna/store@2.14.3...2.14.4) Updates `ws` from 7.5.9 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.9...7.5.10) Updates `yaml` from 1.10.2 to 1.10.3 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v1.10.2...v1.10.3) Updates `vite` from 5.4.21 to 8.0.7 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) Updates `vite` from 5.4.21 to 8.0.7 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) --- updated-dependencies: - dependency-name: vitest dependency-version: 1.6.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ejs dependency-version: 3.1.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/helpers" dependency-version: 7.29.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: handlebars dependency-version: 4.7.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: immutable dependency-version: 4.3.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 8.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: store2 dependency-version: 2.14.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 1.10.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 8.0.7 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 8.0.7 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 8, 2026

dependabot bot requested a review from a team as a code owner April 8, 2026 15:50

dependabot bot mentioned this pull request Apr 8, 2026

chore(deps): bump the npm_and_yarn group across 1 directory with 18 updates #3339

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 3 directories with 21 updates#3344

chore(deps): bump the npm_and_yarn group across 3 directories with 21 updates#3344
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-5c32039626

dependabot bot commented on behalf of github Apr 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 8, 2026

v1.6.1

🐞 Bug Fixes

View changes on GitHub

v3.1.10

v.2.79.2

2.79.2

Bug Fixes

Pull Requests

2.80.0

Features

Pull Requests

2.79.2

Bug Fixes

Pull Requests

v8.6.17

8.6.17

v8.6.16

8.6.16

8.6.17

8.6.16

8.6.14

8.6.13

8.6.12

8.6.11

8.6.10

8.6.9

8.6.8

v6.4.2

v6.4.1

v6.4.0

v6.3.7

v6.3.6

v5.4.21

v5.4.20

6.4.2 (2026-04-06)

6.4.1 (2025-10-20)

6.4.0 (2025-10-15)

6.3.7 (2025-10-14)

6.3.6 (2025-09-08)

6.3.5 (2025-05-05)

6.3.4 (2025-04-30)

6.3.3 (2025-04-24)

v1.26.0

What's Changed

New Contributors

v1.25.3

What's Changed

v1.25.2

What's Changed

New Contributors

1.25.1

What's Changed

1.25.0

What's Changed

v7.29.2 (2026-03-16)

👓 Spec Compliance

🐛 Bug Fix

🏠 Internal

Committers: 2

v7.29.1 (2026-02-04)

🐛 Bug Fix

Committers: 2

v7.29.0 (2026-01-31)

🚀 New Feature

🐛 Bug Fix

v1.14.0

⚠️ Important Changes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.13.6

⚠️ Important Changes

🚀 New Features

🐛 Bug Fixes

Changelog

1.13.3 (2026-01-20)

Bug Fixes