Skip to content

Bump the npm_and_yarn group across 1 directory with 13 updates#2

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-655540e785
Open

Bump the npm_and_yarn group across 1 directory with 13 updates#2
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-655540e785

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 27, 2026

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package From To
@cloudflare/vite-plugin 0.1.18 1.6.0
vite 6.2.3 6.4.1
wrangler 4.5.1 4.69.0
hono 4.7.5 4.11.10
valibot 1.0.0 1.2.0
@babel/runtime 7.26.9 7.28.6
js-yaml 3.14.1 3.14.2
js-yaml 4.1.0 4.1.1
form-data 4.0.2 4.0.5
glob 10.4.5 10.5.0
lodash 4.17.21 4.17.23
rollup 4.34.9 4.59.0
tmp 0.0.33 removed

Updates @cloudflare/vite-plugin from 0.1.18 to 1.6.0

Changelog

Sourced from @​cloudflare/vite-plugin's changelog.

1.6.0

Minor Changes

  • #9510 590d69b Thanks @​jamesopstad! - Enhanced build support for Workers with assets.

    Assets that are imported in the entry Worker are now automatically moved to the client build output. This enables importing assets in your Worker and accessing them via the assets binding. See Static Asset Handling to find out about all the ways you can import assets in Vite.

    Additionally, a broader range of build scenarios are now supported. These are:

    • Assets only build with client entry/entries
    • Assets only build with no client entry/entries that includes public directory assets
    • Worker(s) + assets build with client entry/entries
    • Worker(s) + assets build with no client entry/entries that includes imported and/or public directory assets
    • Worker(s) build with no assets

Patch Changes

1.5.1

Patch Changes

1.5.0

Minor Changes

  • #9341 2cef3ab Thanks @​jamesopstad! - Support loading all asset types via assets binding. Previously only HTML assets could be loaded via the assets binding. The binding now integrates with Vite's internal middleware to load all asset types.

Patch Changes

  • Updated dependencies [db2cdc6]:
    • wrangler@4.19.1

1.4.0

Minor Changes

... (truncated)

Commits

Updates vite from 6.2.3 to 6.4.1

Release notes

Sourced from vite's releases.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

v6.3.5

Please refer to CHANGELOG.md for details.

v6.3.4

Please refer to CHANGELOG.md for details.

v6.3.3

Please refer to CHANGELOG.md for details.

v6.3.2

Please refer to CHANGELOG.md for details.

v6.3.1

Please refer to CHANGELOG.md for details.

v6.2.7

Please refer to CHANGELOG.md for details.

Commits
  • a7349ef release: v6.3.1
  • a152b7c fix: backward compat for internal plugin transform calls (#19878)
  • 35c7f35 fix: avoid using Promise.allSettled in preload function (#19805)
  • 5fdcfe7 release: v6.3.0
  • d4ee5e8 fix(hmr): avoid infinite loop happening with hot.invalidate in circular dep...
  • 5003434 fix(preview): use host url to open browser (#19836)
  • bf9728e release: v6.3.0-beta.2
  • 380c10e fix(hmr): run HMR handler sequentially (#19793)
  • 8bed1de fix: addWatchFile doesn't work if base is specified (fixes #19792) (#19794)
  • 0a0c50a refactor: simplify pluginFilter implementation (#19828)
  • Additional commits viewable in compare view

Updates wrangler from 4.5.1 to 4.69.0

Release notes

Sourced from wrangler's releases.

wrangler@4.69.0

Minor Changes

  • #12625 c0e9e08 Thanks @​WillTaylorDev! - Add cache configuration option for enabling worker cache (experimental)

    You can now enable cache before worker execution using the new cache configuration:

    {
	"cache": {
		"enabled": true,
	},
}

    This setting is environment-inheritable and opt-in. When enabled, cache behavior is applied before your worker runs.

    Note: This feature is experimental. The runtime API is not yet generally available.

Patch Changes

  • #12661 99037e3 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260302.0 1.20260303.0

  • #12680 295297a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260303.0 1.20260305.0

  • #12671 f765244 Thanks @​MattieTK! - fix: Only redact account names in CI environments, not all non-interactive contexts

    The multi-account selection error in getAccountId now only redacts account names when running in a CI environment (detected via ci-info). Non-interactive terminals such as coding agents and piped commands can now see account names, which they need to identify which account to configure. CI logs remain protected.

  • Updated dependencies [99037e3, 295297a]:

    • miniflare@4.20260305.0

wrangler@4.68.1

Patch Changes

... (truncated)

Commits
  • 414799d Version Packages (#12670)
  • 295297a chore(deps): bump the workerd-and-workers-types group with 2 updates (#12680)
  • 99037e3 chore(deps): bump the workerd-and-workers-types group with 2 updates (#12661)
  • f765244 fix: restrict account name redaction to CI environments only (#12671)
  • c0e9e08 [wrangler] Add worker cache configuration support (#12625)
  • 07531a2 Version Packages (#12663)
  • 294297e Update Waku autoconfig logic (#12657)
  • 603fe18 fix: add maxRetries to recursive directory removal for Windows EBUSY (#12629)
  • 19df099 [wrangler] Split deploy.test.ts into 15 focused test files (#12642)
  • 3d6e421 [C3/wrangler] Fix Angular localhost SSR blocking in development mode (#12648)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for wrangler since your current version.


Updates hono from 4.7.5 to 4.11.10

Release notes

Sourced from hono's releases.

v4.11.10

What's Changed

  • fix: fixed to be more properly timing safe (Merge commit from fork 91def7ca)

Full Changelog: honojs/hono@v4.11.9...v4.11.10

v4.11.9

What's Changed

Full Changelog: honojs/hono@v4.11.8...v4.11.9

v4.11.8

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.11.7...v4.11.8

v4.11.7

Security Release

This release includes security fixes for multiple vulnerabilities in Hono and related middleware. We recommend upgrading if you are using any of the affected components.

Components

IP Restriction Middleware

Fixed an IPv4 address validation bypass that could allow IP-based access control to be bypassed under certain configurations.

Cache Middleware

Fixed an issue where responses marked with Cache-Control: private or no-store could be cached, potentially leading to information disclosure on some runtimes.

Serve Static Middleware (Cloudflare Workers adapter)

Fixed an issue that could allow unintended access to internal asset keys when serving static files with user-controlled paths.

hono/jsx ErrorBoundary

Fixed a reflected Cross-Site Scripting (XSS) issue in the ErrorBoundary component that could occur when untrusted strings were rendered without proper escaping.

Recommendation

Users are encouraged to upgrade to this release, especially if they:

... (truncated)

Commits
  • a40d210 4.11.10
  • 91def7c Merge commit from fork
  • 8b17935 test(types): add regression tests for #4388 (routes before .use() with explic...
  • 4a03f4f doc(jwt): mark options.secret as required in JSDoc (#4718)
  • 7300551 chore(ci): bump typescript-go to the latest (#4716)
  • 4b29780 chore: update Zod import examples to use namespace imports (#4715)
  • 69ad885 4.11.9
  • 3d536ff fix: determine if rendered or not by node.vC[0] instead of referring to `no...
  • 0c1d4c7 fix(url): ignore fragment identifiers in getPath() (#4627)
  • 5ca5c3e 4.11.8
  • Additional commits viewable in compare view

Updates valibot from 1.0.0 to 1.2.0

Release notes

Sourced from valibot's releases.

v1.2.0

Many thanks to @​EskiMojo14, @​makenowjust, @​ysknsid25 and @​jacekwilczynski for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

  • Add toBigint, toBoolean, toDate, toNumber and toString transformation actions (pull request #1212)
  • Add examples action to add example values to a schema (pull request #1199)
  • Add getExamples method to extract example values from a schema (pull request #1199)
  • Add isbn validation action to validate ISBN-10 and ISBN-13 strings (pull request #1097)
  • Add exports for RawCheckAddIssue, RawCheckContext, RawCheckIssueInfo, RawTransformAddIssue, RawTransformContext and RawTransformIssueInfo types for better developer experience with rawCheck and rawTransform actions (pull request #1359)
  • Change build step to tsdown
  • Fix ReDoS vulnerability in EMOJI_REGEX used by emoji action

v1.2.0 (to-json-schema)

Many thanks to @​cruzdanilo and @​Xiot for contributing to this release.

  • Add support for title, description and examples in metadata action (pull request #1189)
  • Add new override configurations to override default behaviour of JSON Schema conversion (pull request #1197)
  • Add storage for global definitions with addGlobalDefs and getGlobalDefs (pull request #1197)
  • Add new toJsonSchemaDefs function to convert Valibot schema definitions to JSON Schema definitions (pull request #1197)

v1.1.0

Many thanks to @​EltonLobo07, @​sacrosanctic, @​muningis, @​EskiMojo14, @​MOZGIII, @​vktrl and @​jasperteo for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

  • Add message method to overwrite local error message configuration of a schema (pull request #1103)
  • Add summarize method to summarize issues into a pretty-printable multi-line string (pull request #1158)
  • Add getTitle, getDescription and getMetadata methods to extract metadata of a schema (pull request #1154)
  • Add minEntries and maxEntries validation action to validate number of object entries (pull request #1100)
  • Add entries and notEntries validation action to validate number of object entries (pull request #1156)
  • Add parseJson and stringifyJson transformation action to parse and stringify JSON (pull request #1137)
  • Add flavor transformation action to flavor the output type of a schema (pull request #950)
  • Add support for bigints to multipleOf validation action (pull request #1164)
  • Change implementation of variant and variantAsync schema to improve performance by aborting validation of discriminators early (pull request #1110)
  • Change name of NanoIDAction and NanoIDIssue interface to NanoIdAction and NanoIdIssue (pull request #1171)
  • Fix internal MarkOptional type to fix input and output type of objects in edge cases (issue #1176)

v1.1.0 (to-json-schema)

Many thanks to @​sruenwg, @​muningis and @​EltonLobo07 for contributing to this release.

  • Add support for minEntries and maxEntries action (pull request #1100)
  • Add support for entries action (pull request #1156)
  • Change Valibot peer dependency to v1.1.0
  • Fix toJsonSchema to be independent of definition order (pull request #1133)
  • Fix additionalItems for tuple schemas and add minItems (pull request #1126)
Commits
  • 053ae97 Bump version to 1.2.0 and update changelog
  • de76d7c Merge pull request #1361 from open-circle/v1.2-blog-post
  • c14f092 Add security fix for ReDoS vulnerability in emoji action and update release n...
  • cfb799d Merge commit from fork
  • 36fafd0 Add release notes blog post for Valibot v1.2 to website
  • 83c07ca Merge pull request #1097 from ysknsid25/feat/add-isbn-validation
  • 6957e0d Add beta annotation to JSDoc comment of isbn action
  • 6c7f9c0 Add docs for new isbn action to website
  • ca902e6 Refactor ISBN regex constants and update validation logic
  • e7a4f17 Refactor and improve new isbn action and update changelog
  • Additional commits viewable in compare view

Updates @babel/runtime from 7.26.9 to 7.28.6

Release notes

Sourced from @​babel/runtime's releases.

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

  • babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • babel-plugin-transform-regenerator
  • babel-plugin-transform-react-jsx

💅 Polish

  • babel-core, babel-standalone

🏠 Internal

  • babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

🏃‍♀️ Performance

  • babel-plugin-transform-react-jsx

Committers: 7

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

🐛 Bug Fix

  • babel-plugin-proposal-destructuring-private
  • babel-parser
  • babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/runtime since your current version.


Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

Updates form-data from 4.0.2 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13
Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

  • [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
  • [Dev Deps] update @ljharb/eslint-config, eslint 5822467
  • [Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13
Commits
  • 68ff7dd v4.0.5
  • 5822467 [Dev Deps] update @ljharb/eslint-config, eslint
  • 76d0dee [Fix] set Symbol.toStringTag in the proper place
  • 16e0076 [Tests] Switch to newer v8 prediction library; enable node 24 testing
  • 41996f5 v4.0.4
  • 316c82b [meta] actually ensure the readme backup isn’t published
  • 2300ca1 [meta] fix readme capitalization
  • 811f682 [meta] add auto-changelog
  • 5e34080 [Tests] fix linting errors
  • 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
  • Additional commits viewable in compare view
Install script changes

This version modifies prepublish sc...

Description has been truncated

@dependabot
Bump the npm_and_yarn group across 1 directory with 13 updates
3168323 
Bumps the npm_and_yarn group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@cloudflare/vite-plugin](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/vite-plugin-cloudflare) | `0.1.18` | `1.6.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.2.3` | `6.4.1` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.5.1` | `4.69.0` |
| [hono](https://github.com/honojs/hono) | `4.7.5` | `4.11.10` |
| [valibot](https://github.com/open-circle/valibot) | `1.0.0` | `1.2.0` |
| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.26.9` | `7.28.6` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |
| [form-data](https://github.com/form-data/form-data) | `4.0.2` | `4.0.5` |
| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |
| [rollup](https://github.com/rollup/rollup) | `4.34.9` | `4.59.0` |
| [tmp](https://github.com/raszi/node-tmp) | `0.0.33` | `removed` |



Updates `@cloudflare/vite-plugin` from 0.1.18 to 1.6.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/vite-plugin-cloudflare/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/@cloudflare/vite-plugin@1.6.0/packages/vite-plugin-cloudflare)

Updates `vite` from 6.2.3 to 6.4.1
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@6.4.1/packages/vite)

Updates `wrangler` from 4.5.1 to 4.69.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.69.0/packages/wrangler)

Updates `hono` from 4.7.5 to 4.11.10
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.7.5...v4.11.10)

Updates `valibot` from 1.0.0 to 1.2.0
- [Release notes](https://github.com/open-circle/valibot/releases)
- [Commits](open-circle/valibot@v1.0.0...v1.2.0)

Updates `@babel/runtime` from 7.26.9 to 7.28.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-runtime)

Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

Updates `form-data` from 4.0.2 to 4.0.5
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.2...v4.0.5)

Updates `glob` from 10.4.5 to 10.5.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v10.4.5...v10.5.0)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `react-router` from 6.30.0 to 6.30.3
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@6.30.3/packages/react-router)

Updates `rollup` from 4.34.9 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.34.9...v4.59.0)

Removes `tmp`

---
updated-dependencies:
- dependency-name: "@cloudflare/vite-plugin"
  dependency-version: 1.6.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.4.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: wrangler
  dependency-version: 4.69.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.11.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: valibot
  dependency-version: 1.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/runtime"
  dependency-version: 7.28.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: react-router
  dependency-version: 6.30.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 27, 2026
@dependabot dependabot bot mentioned this pull request Feb 27, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants