Skip to content

chore(deps): bump the npm_and_yarn group across 2 directories with 7 updates#1

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-08daac90d2
Open

chore(deps): bump the npm_and_yarn group across 2 directories with 7 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-08daac90d2

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 15, 2025

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package From To
playwright 1.49.1 1.55.1
electron 28.2.4 35.7.5
vite 5.4.19 5.4.21
js-yaml 3.14.1 3.14.2
koa 2.16.2 2.16.3
min-document 2.19.0 2.19.2
tar-fs 2.1.3 2.1.4

Bumps the npm_and_yarn group with 1 update in the /packages/providers/mgt-electron-provider directory: electron.

Updates playwright from 1.49.1 to 1.55.1

Release notes

Sourced from playwright's releases.

v1.55.1

Highlights

microsoft/playwright#37479 - [Bug]: Upgrade Chromium to 140.0.7339.186. microsoft/playwright#37147 - [Regression]: Internal error: step id not found. microsoft/playwright#37146 - [Regression]: HTML reporter displays a broken chip link when there are no projects. microsoft/playwright#37137 - Revert "fix(a11y): track inert elements as hidden". microsoft/playwright#37532 - chore: do not use -k option

Browser Versions

  • Chromium 140.0.7339.186
  • Mozilla Firefox 141.0
  • WebKit 26.0

This version was also tested against the following stable channels:

  • Google Chrome 139
  • Microsoft Edge 139

v1.55.0

New APIs

  • New Property testStepInfo.titlePath Returns the full title path starting from the test file, including test and step titles.

Codegen

  • Automatic toBeVisible() assertions: Codegen can now generate automatic toBeVisible() assertions for common UI interactions. This feature can be enabled in the Codegen settings UI.

Breaking Changes

  • ⚠️ Dropped support for Chromium extension manifest v2.

Miscellaneous

  • Added support for Debian 13 "Trixie".

Browser Versions

  • Chromium 140.0.7339.16
  • Mozilla Firefox 141.0
  • WebKit 26.0

This version was also tested against the following stable channels:

  • Google Chrome 139
  • Microsoft Edge 139

v1.54.2

Highlights

microsoft/playwright#36714 - [Regression]: Codegen is not able to launch in Administrator Terminal on Windows (ProtocolError: Protocol error) microsoft/playwright#36828 - [Regression]: Playwright Codegen keeps spamming with selected option microsoft/playwright#36810 - [Regression]: Starting Codegen with target language doesn't work anymore

Browser Versions

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by playwright-bot, a new releaser for playwright since your current version.


Updates electron from 28.2.4 to 35.7.5

Release notes

Sourced from electron's releases.

electron v35.7.5

Release Notes for v35.7.5

[!WARNING] Electron 35.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

Fixes

  • Fixed an issue where shell.openPath was not non-blocking as expected. #48079 (Also in 36, 37, 38)

electron v35.7.4

Release Notes for v35.7.4

  • Fix ffmpeg generation on Windows non-x64

electron v35.7.2

Release Notes for v35.7.2

Fixes

  • Fixed an issue where printing PDFs with webContents.print({ silent: true }) would fail. #47645 (Also in 36, 37)

electron v35.7.0

Release Notes for v35.7.0

Other Changes

  • Updated Node.js to v22.16.0. #47213

electron v35.6.0

Release Notes for v35.6.0

Features

  • Added support for --no-experimental-global-navigator flag. #47416 (Also in 36, 37)
  • Added support for customizing system accent color and highlighting of active window border. #47539 (Also in 36, 37)

Fixes

  • Fixed a potential crash using session.clearData in some circumstances. #47410 (Also in 36, 37)
  • Fixed an error when importing electron for the first time from an ESM module loaded by a CJS module in a packaged app. #47344 (Also in 36, 37)
  • Fixed an issue where calling Fetch.continueResponse via debugger with WebContentsView could cause a crash. #47443 (Also in 36, 37)
  • Fixed an issue where utility processes could leak file handles. #47542 (Also in 36, 37)
  • Partially fixes an issue with printing a PDF via webContents.print() where the callback would not be called. #47399 (Also in 36, 37)

Other Changes

  • Backported fix for 420637585. #47369
Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

  • API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
  • Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
  • Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
  • Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
  • Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (40.0)

Deprecated: clipboard API access from renderer processes

Using the clipboard API directly in the renderer process is deprecated. If you want to call this API from a renderer process, place the API call in your preload script and expose it using the contextBridge API.

Behavior Changed: MacOS dSYM files now compressed with tar.xz

Debug symbols for MacOS (dSYM) now use xz compression in order to handle larger file sizes. dsym.zip files are now dsym.tar.xz files. End users using debug symbols may need to update their zip utilities.

Planned Breaking API Changes (39.0)

Deprecated: --host-rules command line switch

Chromium is deprecating the --host-rules switch.

You should use --host-resolver-rules instead.

Behavior Changed: window.open popups are always resizable

Per current WHATWG spec, the window.open API will now always create a resizable popup window.

To restore previous behavior:

webContents.setWindowOpenHandler((details) => {
  return {
    action: 'allow',
    overrideBrowserWindowOptions: {
      resizable: details.features.includes('resizable=yes')
    }
  }
})
</tr></table>

... (truncated)

Commits

Updates vite from 5.4.19 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

5.4.20 (2025-09-08)

Commits

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

Updates koa from 2.16.2 to 2.16.3

Release notes

Sourced from koa's releases.

v2.16.3

What's Changed

Full Changelog: koajs/koa@v2.16.2...v2.16.3

Commits

Updates min-document from 2.19.0 to 2.19.2

Commits
  • 0d14150 2.19.2
  • 49c2e06 Merge pull request #56 from wasabina67/fix/prototype-pollution-removeAttribut...
  • 9666461 Fix prototype pollution vulnerability in removeAttributeNS
  • 4490b40 2.19.1
  • 2cd5871 update ignore
  • fe32e8d Merge pull request #55 from jameswassink/fix/prototype-pollution-removeAttrib...
  • 6c5f31a Better prototype pollution fix
  • 0d4e819 Fix prototype pollution in removeAttributeNS
  • bf7b691 Update package.json
  • 1b5402d Merge pull request #49 from PixnBits/patch-1
  • Additional commits viewable in compare view

Updates tar-fs from 2.1.3 to 2.1.4

Commits

Updates electron from 28.3.3 to 39.2.0

Release notes

Sourced from electron's releases.

electron v35.7.5

Release Notes for v35.7.5

[!WARNING] Electron 35.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

Fixes

  • Fixed an issue where shell.openPath was not non-blocking as expected. #48079 (Also in 36, 37, 38)

electron v35.7.4

Release Notes for v35.7.4

  • Fix ffmpeg generation on Windows non-x64

electron v35.7.2

Release Notes for v35.7.2

Fixes

  • Fixed an issue where printing PDFs with webContents.print({ silent: true }) would fail. #47645 (Also in 36, 37)

electron v35.7.0

Release Notes for v35.7.0

Other Changes

  • Updated Node.js to v22.16.0. #47213

electron v35.6.0

Release Notes for v35.6.0

Features

  • Added support for --no-experimental-global-navigator flag. #47416 (Also in 36, 37)
  • Added support for customizing system accent color and highlighting of active window border. #47539 (Also in 36, 37)

Fixes

  • Fixed a potential crash using session.clearData in some circumstances. #47410 (Also in 36, 37)
  • Fixed an error when importing electron for the first time from an ESM module loaded by a CJS module in a packaged app. #47344 (Also in 36, 37)
  • Fixed an issue where calling Fetch.continueResponse via debugger with WebContentsView could cause a crash. #47443 (Also in 36, 37)
  • Fixed an issue where utility processes could leak file handles. #47542 (Also in 36, 37)
  • Partially fixes an issue with printing a PDF via webContents.print() where the callback would not be called. #47399 (Also in 36, 37)

Other Changes

  • Backported fix for 420637585. #47369
Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

  • API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
  • Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
  • Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
  • Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
  • Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (40.0)

Deprecated: clipboard API access from renderer processes

Using the clipboard API directly in the renderer process is deprecated. If you want to call this API from a renderer process, place the API call in your preload script and expose it using the contextBridge API.

Behavior Changed: MacOS dSYM files now compressed with tar.xz

Debug symbols for MacOS (dSYM) now use xz compression in order to handle larger file sizes. dsym.zip files are now dsym.tar.xz files. End users using debug symbols may need to update their zip utilities.

Planned Breaking API Changes (39.0)

Deprecated: --host-rules command line switch

Chromium is deprecating the --host-rules switch.

You should use --host-resolver-rules instead.

Behavior Changed: window.open popups are always resizable

Per current WHATWG spec, the window.open API will now always create a resizable popup window.

To restore previous behavior:

webContents.setWindowOpenHandler((details) => {
  return {
    action: 'allow',
    overrideBrowserWindowOptions: {
      resizable: details.features.includes('resizable=yes')
    }
  }
})
</tr></table>

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 2 directories with 7 …
32c96b6 
…updates

Bumps the npm_and_yarn group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [playwright](https://github.com/microsoft/playwright) | `1.49.1` | `1.55.1` |
| [electron](https://github.com/electron/electron) | `28.2.4` | `35.7.5` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.19` | `5.4.21` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |
| [koa](https://github.com/koajs/koa) | `2.16.2` | `2.16.3` |
| [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.3` | `2.1.4` |

Bumps the npm_and_yarn group with 1 update in the /packages/providers/mgt-electron-provider directory: [electron](https://github.com/electron/electron).


Updates `playwright` from 1.49.1 to 1.55.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.49.1...v1.55.1)

Updates `electron` from 28.2.4 to 35.7.5
- [Release notes](https://github.com/electron/electron/releases)
- [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md)
- [Commits](electron/electron@v28.2.4...v35.7.5)

Updates `vite` from 5.4.19 to 5.4.21
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite)

Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

Updates `koa` from 2.16.2 to 2.16.3
- [Release notes](https://github.com/koajs/koa/releases)
- [Changelog](https://github.com/koajs/koa/blob/master/History.md)
- [Commits](koajs/koa@v2.16.2...v2.16.3)

Updates `min-document` from 2.19.0 to 2.19.2
- [Commits](Raynos/min-document@v2.19.0...v2.19.2)

Updates `tar-fs` from 2.1.3 to 2.1.4
- [Commits](mafintosh/tar-fs@v2.1.3...v2.1.4)

Updates `electron` from 28.3.3 to 39.2.0
- [Release notes](https://github.com/electron/electron/releases)
- [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md)
- [Commits](electron/electron@v28.2.4...v35.7.5)

---
updated-dependencies:
- dependency-name: playwright
  dependency-version: 1.55.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: electron
  dependency-version: 35.7.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.21
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: koa
  dependency-version: 2.16.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: min-document
  dependency-version: 2.19.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: electron
  dependency-version: 39.2.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants