Skip to content

Bump the npm_and_yarn group across 2 directories with 13 updates#10

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/src/vscode-windhawk/npm_and_yarn-b1223fdc29
Open

Bump the npm_and_yarn group across 2 directories with 13 updates#10
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/src/vscode-windhawk/npm_and_yarn-b1223fdc29

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps the npm_and_yarn group with 4 updates in the /src/vscode-windhawk directory: webpack, minimatch, @tootallnate/once and serialize-javascript.
Bumps the npm_and_yarn group with 8 updates in the /src/vscode-windhawk-ui directory:

Package From To
webpack 5.103.0 5.105.4
@tootallnate/once 2.0.0 removed
webpack-dev-server 4.15.2 5.2.3
diff 4.0.2 4.0.4
lodash 4.17.21 4.17.23
mdast-util-to-hast 13.2.0 13.2.1
react-router 7.9.6 7.13.1
svgo 3.3.2 3.3.3

Updates webpack from 5.103.0 to 5.105.4

Release notes

Sourced from webpack's releases.

v5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

v5.105.3

Patch Changes

  • Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

  • Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

  • Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

  • Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

  • Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

  • Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

  • Fix some types. (by @​alexander-akait in #20412)

  • Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

  • Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

  • Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

  • Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

  • Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

v5.105.2

Patch Changes

v5.105.1

Patch Changes

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

5.105.3

Patch Changes

  • Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

  • Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

  • Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

  • Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

  • Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

  • Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

  • Fix some types. (by @​alexander-akait in #20412)

  • Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

  • Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

  • Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

  • Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

  • Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

5.105.2

Patch Changes

... (truncated)

Commits
  • 27c13b4 chore(release): new release (#20550)
  • 9b2f41e chore: bump terser plugin (#20569)
  • eafe060 fix: narrow the export presence guard detection (#20561)
  • 75d605c refactor: add AppendOnlyStackedSet iteration support and tests (#20560)
  • afa607d refactor: remove unused code (#20562)
  • 4098902 test: add source files for web-webworker and web-webworker-auto-public-path (...
  • f97be67 refactor: fix duplicated word in Compilation JSDoc (#20547)
  • 9d76fff refactor: add Module.getSourceBasicTypes for basic JS type detection (#20546)
  • a3d7839 fix: types for multi stats (#20556)
  • b8e9b05 fix: update enhanced-resolve to support new features for tsconfig.json (#...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack since your current version.


Updates minimatch from 3.1.2 to 3.1.5

Commits

Removes @tootallnate/once

Updates serialize-javascript from 6.0.2 to 7.0.4

Release notes

Sourced from serialize-javascript's releases.

v7.0.4

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

  • fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
  • build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

New Contributors

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

  • requires Node.js v20+

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for serialize-javascript since your current version.


Updates tar from 6.2.1 to 7.5.11

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates webpack from 5.103.0 to 5.105.4

Release notes

Sourced from webpack's releases.

v5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

v5.105.3

Patch Changes

  • Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

  • Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

  • Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

  • Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

  • Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

  • Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

  • Fix some types. (by @​alexander-akait in #20412)

  • Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

  • Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

  • Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

  • Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

  • Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

v5.105.2

Patch Changes

v5.105.1

Patch Changes

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

5.105.3

Patch Changes

  • Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

  • Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

  • Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

  • Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

  • Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

  • Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

  • Fix some types. (by @​alexander-akait in #20412)

  • Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

  • Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

  • Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

  • Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

  • Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

5.105.2

Patch Changes

... (truncated)

Commits
  • 27c13b4 chore(release): new release (#20550)
  • 9b2f41e chore: bump terser plugin (#20569)
  • eafe060 fix: narrow the export presence guard detection (#20561)
  • 75d605c refactor: add AppendOnlyStackedSet iteration support and tests (#20560)
  • afa607d refactor: remove unused code (#20562)
  • 4098902 test: add source files for web-webworker and web-webworker-auto-public-path (...
  • f97be67 refactor: fix duplicated word in Compilation JSDoc (#20547)
  • 9d76fff refactor: add Module.getSourceBasicTypes for basic JS type detection (#20546)
  • a3d7839 fix: types for multi stats (#20556)
  • b8e9b05 fix: update enhanced-resolve to support new features for tsconfig.json (#...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack since your current version.


Removes @tootallnate/once

Updates webpack-dev-server from 4.15.2 to 5.2.3

Release notes

Sourced from webpack-dev-server's releases.

v5.2.3

5.2.3 (2026-01-12)

Bug Fixes

  • add cause for errorObject (#5518) (37b033d)
  • compatibility with event target and universal target and lazy compilation (574026c)
  • overlay: add ESC key to dismiss overlay (#5598) (f91baa8)
  • progress indicator styles (#5557) (41a53a1)
  • upgrade selfsigned to v5

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

v5.2.1

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

  • speed up initial client bundling (145b5d0)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.3 (2026-01-12)

Bug Fixes

  • add cause for errorObject (#5518) (37b033d)
  • compatibility with event target and universal target and lazy compilation (574026c)
  • overlay: add ESC key to dismiss overlay (#5598) (f91baa8)
  • progress indicator styles (#5557) (41a53a1)
  • upgrade selfsigned to v5

5.2.2 (2025-06-03)

Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

  • speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

... (truncated)

Commits
  • b550a70 chore(release): 5.2.3
  • 9704dc5 chore: upgrade selfsigned to v5 and remove node-forge dependency (#5618)
  • 92bf644 chore: bump express to update qs (#5621)
  • 792b2f0 chore(deps-dev): bump the dependencies group with 4 updates (#5606)
  • 6d587ca chore(deps): bump the dependencies group across 1 directory with 27 updates (...
  • f91baa8 fix(overlay): add ESC key to dismiss overlay (#5598)
  • 574026c fix: compatibility with event target and universal target and lazy compilation
  • c53955d docs: remove unused files
  • efe0aea test: fix
  • b6bb50c chore(deps): update
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates qs from 6.13.0 to 6.14.0

Changelog

Sourced from qs's changelog.

6.14.0

  • [New] parse: add throwOnParameterLimitExceeded option (#517)
  • [Refactor] parse: use utils.combine more
  • [patch] parse: add explicit throwOnLimitExceeded default
  • [actions] use shared action; re-add finishers
  • [meta] Fix changelog formatting bug
  • [Deps] update side-channel
  • [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
  • [Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

  • [Robustness] avoid .push, use void
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [actions] fix rebase workflow permissions

6.13.1

  • [Fix] stringify: avoid a crash when a filter key is null
  • [Fix] utils.merge: functions should not be stringified into keys
  • [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
  • [Fix] stringify: ensure a non-string filter does not crash
  • [Refactor] use __proto__ syntax instead of Object.create for null objects
  • [Refactor] misc cleanup
  • [Tests] utils.merge: add some coverage
  • [Tests] fix a test case
  • [actions] split out node 10-20, and 20+
  • [Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape
Commits
  • 32dcc63 v6.14.0
  • 4ec582b [Dev Deps] update es-value-fixtures, has-bigints
  • a240c52 [Tests] increase coverage
  • 25956a7 [Refactor] parse: use utils.combine more
  • b189ed4 [patch] parse: add explicit throwOnLimitExceeded default
  • 1d590de [actions] simplify finisher
  • 6cd60a5 [actions] use shared action
  • 89edfd2 [Deps] update side-channel
  • e26e7a8 [Dev Deps] update has-proto, has-symbols
  • 51fdc98 [actions] re-add finishers
  • Additional commits viewable in compare view

Updates diff from 4.0.2 to 4.0.4

Changelog

Sourced from diff's changelog.

v4.0.4 - January 2026

Only change from 4.0.2 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v4.0.3 (deprecated)

Accidental release - do not use.

Commits
Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.


Updates immutable from 5.1.4 to 5.1.5

Release notes

Sourced from immutable's releases.

v5.1.5

What's Changed

Full Changelog: immutable-js/immutable-js@v5.1.4...v5.1.5

Changelog

Sourced from immutable's changelog.

5.1.5

  • Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable
Commits
  • b37b855 5.1.5
  • 16b3313 Merge commit from fork
  • fd2ef49 fix new proto key injection
  • 6734b7b fix Prototype Pollution in mergeDeep, toJS, etc.
  • 6f772de Merge pull request #2175 from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0
  • 5f3dc61 Bump rollup from 4.34.8 to 4.59.0
  • 049a594 Merge pull request #2173 from immutable-js/dependabot/npm_and_yarn/lodash-4.1...
  • 2481a77 Merge pull request Description has been truncated

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 16, 2026
This was referenced Mar 16, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/src/vscode-windhawk/npm_and_yarn-b1223fdc29 branch 3 times, most recently from 8e1a166 to 09dc448 Compare March 19, 2026 23:32
@dependabot
Bump the npm_and_yarn group across 2 directories with 13 updates
bdbec2b 
Bumps the npm_and_yarn group with 4 updates in the /src/vscode-windhawk directory: [webpack](https://github.com/webpack/webpack), [minimatch](https://github.com/isaacs/minimatch), [@tootallnate/once](https://github.com/TooTallNate/once) and [serialize-javascript](https://github.com/yahoo/serialize-javascript).
Bumps the npm_and_yarn group with 8 updates in the /src/vscode-windhawk-ui directory:

| Package | From | To |
| --- | --- | --- |
| [webpack](https://github.com/webpack/webpack) | `5.103.0` | `5.105.4` |
| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `removed` |
| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.2` | `5.2.3` |
| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |
| [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` |
| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.9.6` | `7.13.1` |
| [svgo](https://github.com/svg/svgo) | `3.3.2` | `3.3.3` |



Updates `webpack` from 5.103.0 to 5.105.4
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.103.0...v5.105.4)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Removes `@tootallnate/once`

Updates `serialize-javascript` from 6.0.2 to 7.0.4
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.4)

Updates `tar` from 6.2.1 to 7.5.11
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.1...v7.5.11)

Updates `webpack` from 5.103.0 to 5.105.4
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.103.0...v5.105.4)

Removes `@tootallnate/once`

Updates `webpack-dev-server` from 4.15.2 to 5.2.3
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v4.15.2...v5.2.3)

Updates `qs` from 6.13.0 to 6.14.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.13.0...v6.14.0)

Updates `diff` from 4.0.2 to 4.0.4
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4)

Updates `immutable` from 5.1.4 to 5.1.5
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](immutable-js/immutable-js@v5.1.4...v5.1.5)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1
- [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases)
- [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1)

Updates `react-router` from 7.9.6 to 7.13.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@7.13.1/packages/react-router)

Updates `svgo` from 3.3.2 to 3.3.3
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.3.2...v3.3.3)

---
updated-dependencies:
- dependency-name: webpack
  dependency-version: 5.105.4
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@tootallnate/once"
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version: 7.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-version: 5.105.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@tootallnate/once"
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-server
  dependency-version: 5.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.14.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: immutable
  dependency-version: 5.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mdast-util-to-hast
  dependency-version: 13.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: react-router
  dependency-version: 7.13.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: svgo
  dependency-version: 3.3.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/src/vscode-windhawk/npm_and_yarn-b1223fdc29 branch from 09dc448 to bdbec2b Compare March 19, 2026 23:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants