Skip to content

Comments

chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates#30

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-5f4c424d98
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates#30
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-5f4c424d98

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 10, 2026
edited
Loading

Bumps the npm_and_yarn group with 14 updates in the / directory:

Package From To
next 15.5.7 15.5.10
cloudinary 2.5.1 2.7.0
@babel/helpers 7.26.9 7.28.6
brace-expansion 1.1.11 1.1.12
diff 4.0.2 4.0.4
form-data 4.0.2 4.0.5
h3 1.15.1 1.15.5
hono 4.8.5 4.11.9
js-yaml 3.14.1 3.14.2
jws 3.2.2 3.2.3
mdast-util-to-hast 13.2.0 13.2.1
sha.js 2.4.11 2.4.12
tmp 0.2.3 0.2.5
undici 5.28.5 5.29.0

Updates next from 15.5.7 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

Commits

Updates cloudinary from 2.5.1 to 2.7.0

Release notes

Sourced from cloudinary's releases.

Version 2.7.0

  • fix: prevent parameter injection via ampersand in parameter values (#709)

Version 2.6.1

No release notes provided.

Version 2.6.1-rc.1

  • fix: uploader interface

Version 2.6.0

  • chore: bumped jsdoc
  • fix: defaults for related asset methods and proper content_type
  • chore: Updated Sample Projects (#698)
  • fix: metadata field datasource type (#693)
  • feat: Add support for DELETE /resources/backup/:asset_id (#700)
  • chore: dev dependencies cleanup
  • chore: new node version support in CI
Changelog

Sourced from cloudinary's changelog.

2.7.0 / 2025-06-18

  • fix: prevent parameter injection via ampersand in parameter values (#709)

2.6.1 / 2025-05-05

2.6.1-rc.1 / 2025-05-05

  • fix: uploader interface

2.6.0 / 2025-03-11

  • chore: bumped jsdoc
  • fix: defaults for related asset methods and proper content_type
  • chore: Updated Sample Projects (#698)
  • fix: metadata field datasource type (#693)
  • feat: Add support for DELETE /resources/backup/:asset_id (#700)
  • chore: dev dependencies cleanup
  • chore: new node version support in CI
Commits

Updates @babel/helpers from 7.26.9 to 7.28.6

Release notes

Sourced from @​babel/helpers's releases.

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

  • babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • babel-plugin-transform-regenerator
  • babel-plugin-transform-react-jsx

💅 Polish

  • babel-core, babel-standalone

🏠 Internal

  • babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

🏃‍♀️ Performance

  • babel-plugin-transform-react-jsx

Committers: 7

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

🐛 Bug Fix

  • babel-plugin-proposal-destructuring-private
  • babel-parser
  • babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/helpers since your current version.


Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates diff from 4.0.2 to 4.0.4

Changelog

Sourced from diff's changelog.

v4.0.4 - January 2026

Only change from 4.0.2 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v4.0.3 (deprecated)

Accidental release - do not use.

Commits
Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.


Updates form-data from 4.0.2 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13
Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

  • [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
  • [Dev Deps] update @ljharb/eslint-config, eslint 5822467
  • [Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13
Commits
  • 68ff7dd v4.0.5
  • 5822467 [Dev Deps] update @ljharb/eslint-config, eslint
  • 76d0dee [Fix] set Symbol.toStringTag in the proper place
  • 16e0076 [Tests] Switch to newer v8 prediction library; enable node 24 testing
  • 41996f5 v4.0.4
  • 316c82b [meta] actually ensure the readme backup isn’t published
  • 2300ca1 [meta] fix readme capitalization
  • 811f682 [meta] add auto-changelog
  • 5e34080 [Tests] fix linting errors
  • 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
  • Additional commits viewable in compare view

Updates h3 from 1.15.1 to 1.15.5

Release notes

Sourced from h3's releases.

v1.15.5

compare changes

[!IMPORTANT] Security: Fixed a bug in readBody(event) and readRawBody(event) utils where certain Transfer-Encoding header formats could cause the request body to be ignored.

In some deployments (for example, behind TCP load balancers or non-normalizing proxies), this could allow request smuggling. The handling is now safe and fully compliant. (read more)

🩹 Fixes

  • readRawBody: Fix case-sensitive Transfer-Encoding check causing request smuggling risk (618ccf4)

v1.15.4

compare changes

🩹 Fixes

  • getRequestHost: Return first host from x-forwarded-host (#1175)

💅 Refactors

  • useSession: Backport SessionManager interface to fix types (#1058)

🏡 Chore

  • docs: Fix typos (#1108)

❤️ Contributors

v1.15.3

compare changes

🩹 Fixes

  • serveStatic: Omit decoded id from statusMessage (#1044)

v1.15.2

compare changes

🩹 Fixes

  • Handle FormData body (3757072 f38dd03 0c9b276)
  • cache: Correct comparison in cache headers (#1034)
  • Handle Headers when merging proxy headers (#1027)
  • setCookie: Unique by name, domain, and path only (#1042)

... (truncated)

Changelog

Sourced from h3's changelog.

v1.15.5

compare changes

🩹 Fixes

  • readRawBody: Fix case-sensitive Transfer-Encoding check causing request smuggling risk (618ccf4)

🏡 Chore

🤖 CI

❤️ Contributors

v1.15.4

compare changes

🩹 Fixes

  • serveStatic: Omit decoded id from statusMessage (#1044)
  • getRequestHost: Return first host from x-forwarded-host (#1175)

💅 Refactors

  • useSession: Backport SessionManager interface to fix types (#1058)

📦 Build

  • Update repository field (d94b09a)

🏡 Chore

... (truncated)

Commits
  • 24231b9 chore(release): v1.15.5
  • bd92b74 chore: fix more ts/lint issues
  • d18c074 chore: update deps
  • c9ebf80 chore: fix ts issue
  • 618ccf4 fix(readRawBody): fix case-sensitive Transfer-Encoding check causing reques...
  • 401c9b8 ci: fix publish tag
  • 589625c chore: update publish tag to 1.x
  • b4dce71 chore: update ci
  • 0a4a115 chore: add test:types script
  • c934599 chore: update ci
  • Additional commits viewable in compare view

Updates hono from 4.8.5 to 4.11.9

Release notes

Sourced from hono's releases.

v4.11.9

What's Changed

Full Changelog: honojs/hono@v4.11.8...v4.11.9

v4.11.8

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.11.7...v4.11.8

v4.11.7

Security Release

This release includes security fixes for multiple vulnerabilities in Hono and related middleware. We recommend upgrading if you are using any of the affected components.

Components

IP Restriction Middleware

Fixed an IPv4 address validation bypass that could allow IP-based access control to be bypassed under certain configurations.

Cache Middleware

Fixed an issue where responses marked with Cache-Control: private or no-store could be cached, potentially leading to information disclosure on some runtimes.

Serve Static Middleware (Cloudflare Workers adapter)

Fixed an issue that could allow unintended access to internal asset keys when serving static files with user-controlled paths.

hono/jsx ErrorBoundary

Fixed a reflected Cross-Site Scripting (XSS) issue in the ErrorBoundary component that could occur when untrusted strings were rendered without proper escaping.

Recommendation

Users are encouraged to upgrade to this release, especially if they:

  • Use IP Restriction Middleware
  • Use Cache Middleware on Deno, Bun, or Node.js
  • Use Serve Static Middleware with user-controlled paths on Cloudflare Workers
  • Render untrusted data inside ErrorBoundary components

... (truncated)

Commits

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

Updates jws from 3.2.2 to 3.2.3

Release notes

Sourced from jws's releases.

v3.2.3

Changed

  • Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
  • Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.
Changelog

Sourced from jws's changelog.

[3.2.3]

Changed

  • Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
  • Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.

[3.0.0]

Changed

2.0.0 - 2015-01-30

Changed

  • BREAKING: Default payload encoding changed from binary to utf8. utf8 is a is a more sensible default than binary because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (6b6de48)

  • Code reorganization, thanks @​fearphage! (7880050)

Added

  • Option in all relevant methods for encoding. For those few users that might be depending on a binary encoding of the messages, this is for them. (6b6de48)
Commits
  • 4f6e73f Merge commit from fork
  • bd0fea5 version 3.2.3
  • 7c3b4b4 Enhance tests for HMAC streaming sign and verify
  • a9b8ed9 Improve secretOrKey initialization in VerifyStream
  • 6707fde Improve secret handling in SignStream
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.


Updates mdast-util-to-hast from 13.2.0 to 13.2.1

Release notes

Sourced from mdast-util-to-hast's releases.

13.2.1

Fix

  • ab3a795 Fix support for spaces in class names

Types

  • efb5312 Refactor to use @imports
  • a5bc210 Add declaration maps

Full Changelog: syntax-tree/mdast-util-to-hast@13.2.0...13.2.1

Commits

Updates sha.js from 2.4.11 to 2.4.12

Changelog

Sourced from sha.js's changelog.

v2.4.12 - 2025-07-01

Commits

  • [eslint] switch to eslint 7acadfb
  • [meta] add auto-changelog b46e711
  • [eslint] fix package.json indentation df9d521
  • [Tests] migrate from travis to GHA c43c64a
  • [Fix] support multi-byte wide typed arrays f2a258e
  • [meta] reorder package.json d8d77c0
  • [meta] add npmignore 35aec35
  • [Tests] avoid console logs 73e33ae
  • [Tests] fix tests run in batch 2629130
  • [Tests] drop node requirement to 0.10 00c7f23
  • [Dev Deps] update buffer, hash-test-vectors, standard, tape, typedarray 92b5de5
  • [Tests] drop node requirement to v3 9b5eca8
  • [meta] set engines to &gt;= 4 807084c
  • Only apps should have lockfiles c72789c
  • [Deps] update inherits, safe-buffer 5428cfc
  • [Dev Deps] update @ljharb/eslint-config 2dbe0aa
  • update README to reflect LICENSE 8938256
  • [Dev Deps] add missing peer dep d528896
  • [Dev Deps] remove unused buffer dep 94ca724
Commits
  • eb4ea2f v2.4.12
  • d8d77c0 [meta] reorder package.json
  • df9d521 [eslint] fix package.json indentation
  • 35aec35 [meta] add npmignore
  • d528896 [Dev Deps] add missing peer dep
  • b46e711 [meta] add auto-changelog
  • 94ca724 [Dev Deps] remove unused buffer dep
  • 2dbe0aa [Dev Deps] update @ljharb/eslint-config
  • 73e33ae [Tests] avoid console logs
  • f2a258e [Fix] support multi-byte wide typed arrays
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for sha.js since your current version.


Updates tmp from 0.2.3 to 0.2.5

Commits

Updates undici from 5.28.5 to 5.29.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

Commits
  • 9528f68 Bumped v5.29.0
  • f1d75a4 increase timeout for redirect test
  • 2d31ed6 remove fuzzing tests
  • 6b36d49 fix redirect test in Node v16
  • 648dd8f more fix for the wpt runner on Windows
  • a0516ba don't use internal header state for cookies (#3295)
  • 87ce4af fix test/client for node 20Description has been truncated

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 10, 2026
@dependabot dependabot bot mentioned this pull request Feb 10, 2026
Closed
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-5f4c424d98 branch from 6fdb395 to 2cf3e7e Compare February 18, 2026 16:24
@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 14 u…
21f6ea4 
…pdates

Bumps the npm_and_yarn group with 14 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [next](https://github.com/vercel/next.js) | `15.5.7` | `15.5.10` |
| [cloudinary](https://github.com/cloudinary/cloudinary_npm) | `2.5.1` | `2.7.0` |
| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.26.9` | `7.28.6` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |
| [form-data](https://github.com/form-data/form-data) | `4.0.2` | `4.0.5` |
| [h3](https://github.com/h3js/h3) | `1.15.1` | `1.15.5` |
| [hono](https://github.com/honojs/hono) | `4.8.5` | `4.11.9` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |
| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |
| [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` |
| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |
| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.5` |
| [undici](https://github.com/nodejs/undici) | `5.28.5` | `5.29.0` |



Updates `next` from 15.5.7 to 15.5.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.7...v15.5.10)

Updates `cloudinary` from 2.5.1 to 2.7.0
- [Release notes](https://github.com/cloudinary/cloudinary_npm/releases)
- [Changelog](https://github.com/cloudinary/cloudinary_npm/blob/master/CHANGELOG.md)
- [Commits](cloudinary/cloudinary_npm@2.5.1...2.7.0)

Updates `@babel/helpers` from 7.26.9 to 7.28.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-helpers)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `diff` from 4.0.2 to 4.0.4
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4)

Updates `form-data` from 4.0.2 to 4.0.5
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.2...v4.0.5)

Updates `h3` from 1.15.1 to 1.15.5
- [Release notes](https://github.com/h3js/h3/releases)
- [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md)
- [Commits](h3js/h3@v1.15.1...v1.15.5)

Updates `hono` from 4.8.5 to 4.11.9
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.8.5...v4.11.9)

Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

Updates `jws` from 3.2.2 to 3.2.3
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.2.2...v3.2.3)

Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1
- [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases)
- [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1)

Updates `sha.js` from 2.4.11 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.11...v2.4.12)

Updates `tmp` from 0.2.3 to 0.2.5
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.3...v0.2.5)

Updates `undici` from 5.28.5 to 5.29.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.5...v5.29.0)

Updates `next` from 15.5.7 to 15.5.12
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.7...v15.5.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: cloudinary
  dependency-version: 2.7.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/helpers"
  dependency-version: 7.28.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: h3
  dependency-version: 1.15.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.11.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mdast-util-to-hast
  dependency-version: 13.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 0.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.12
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-5f4c424d98 branch from 2cf3e7e to 21f6ea4 Compare February 20, 2026 08:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants