Skip to content

Bump the npm_and_yarn group across 1 directory with 12 updates #145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 12 updates #145

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 16, 2025

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package From To
axios 1.9.0 1.12.0
vite 5.4.19 5.4.20
form-data 3.0.3 3.0.4
esbuild 0.21.5 0.25.9
vite 5.4.20 7.1.5
@vitest/coverage-v8 1.6.1 3.2.4
@vitest/ui 1.6.1 3.2.4
vite-plugin-node-polyfills 0.22.0 0.24.0
vitest 1.6.1 3.2.4
on-headers 1.0.2 1.1.0
compression 1.8.0 1.8.1
pbkdf2 3.1.2 3.1.3
sha.js 2.4.11 2.4.12

Updates axios from 1.9.0 to 1.12.0

Release notes

Sourced from axios's releases.

Release v1.12.0

Release notes:

Bug Fixes

Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

Release v1.11.0

Release notes:

Bug Fixes

  • form-data npm pakcage (#6970) (e72c193)
  • prevent RangeError when using large Buffers (#6961) (a2214ca)
  • types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.12.0 (2025-09-11)

Bug Fixes

Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

1.11.0 (2025-07-22)

Bug Fixes

  • form-data npm pakcage (#6970) (e72c193)
  • prevent RangeError when using large Buffers (#6961) (a2214ca)
  • types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

... (truncated)

Commits
  • 0d8ad6e chore(release): v1.12.0 (#7013)
  • fd7f404 fix: release pr run
  • a2edc36 fix: dont add dist on release
  • 9ec86de fix: adding build artifacts
  • 945435f fix(node): enforce maxContentLength for data: URLs (#7011)
  • 28e5e30 chore(sponsor): update sponsor block (#7005)
  • d03f245 chore(CI): fixed release info script to use npm registry instead of git as fi...
  • a0bc911 chore: removing dist files from src (#7002)
  • c959ff2 feat(fetch): add fetch, Request, Response env config variables for the adapte...
  • a9f47af fix(fetch-adapter): set correct Content-Type for Node FormData (#6998)
  • Additional commits viewable in compare view

Updates vite from 5.4.19 to 5.4.20

Release notes

Sourced from vite's releases.

v5.4.20

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.20 (2025-09-08)

Commits

Updates form-data from 3.0.3 to 3.0.4

Changelog

Sourced from form-data's changelog.

v3.0.4 - 2025-07-16

Fixed

Commits

  • [eslint] update linting config f5e7eb0
  • [meta] add auto-changelog d2eb290
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 e8c574c
  • [Fix] Switch to using crypto random for boundary values c6ced61
  • [Refactor] use hasown 1a78b5d
  • [Fix] validate boundary type in setBoundary() method 70bbaa0
  • [Tests] add tests to check the behavior of getBoundary with non-strings b22a64e
  • [meta] actually ensure the readme backup isn’t published 0150851
  • [meta] remove local commit hooks fc42bb9
  • [Dev Deps] remove unused deps a14d09e
  • [meta] fix scripts to use prepublishOnly 11d9f73
  • [meta] fix readme capitalization fc38b48
Commits
  • 9c82fcd v3.0.4
  • e8c574c [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
  • c6ced61 [Fix] Switch to using crypto random for boundary values
  • 0150851 [meta] actually ensure the readme backup isn’t published
  • fc38b48 [meta] fix readme capitalization
  • d2eb290 [meta] add auto-changelog
  • fc42bb9 [meta] remove local commit hooks
  • a14d09e [Dev Deps] remove unused deps
  • 002b9b0 [Fix] append: avoid a crash on nullish values
  • 70bbaa0 [Fix] validate boundary type in setBoundary() method
  • Additional commits viewable in compare view

Updates esbuild from 0.21.5 to 0.25.9

Release notes

Sourced from esbuild's releases.

v0.25.9

  • Better support building projects that use Yarn on Windows (#3131, #3663)

    With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the C: drive. The problem was as follows:

    1. Yarn in Plug'n'Play mode on Windows stores its global module cache on the C: drive
    2. Some developers put their projects on the D: drive
    3. Yarn generates relative paths that use ../.. to get from the project directory to the cache directory
    4. Windows-style paths don't support directory traversal between drives via .. (so D:\.. is just D:)
    5. I didn't have access to a Windows machine for testing this edge case

    Yarn works around this edge case by pretending Windows-style paths beginning with C:\ are actually Unix-style paths beginning with /C:/, so the ../.. path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.

  • Preserve parentheses around function expressions (#4252)

    The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read V8's blog post about this for more details.

    Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:

    // Original code
const fn0 = () => 0
const fn1 = (() => 1)
console.log(fn0, function() { return fn1() }())
// Old output
const fn0 = () => 0;
const fn1 = () => 1;
console.log(fn0, function() {
return fn1();
}());
// New output
const fn0 = () => 0;
const fn1 = (() => 1);
console.log(fn0, (function() {
return fn1();
})());

    Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.

  • Update Go from 1.23.10 to 1.23.12 (#4257, #4258)

    This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.

v0.25.8

  • Fix another TypeScript parsing edge case (#4248)

    This fixes a regression with a change in the previous release that tries to more accurately parse TypeScript arrow functions inside the ?: operator. The regression specifically involves parsing an arrow function containing a #private identifier inside the middle of a ?: ternary operator inside a class body. This was fixed by propagating private identifier state into the parser clone used to speculatively parse the arrow function body. Here is an example of some affected code:

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

0.24.2

  • Fix regression with --define and import.meta (#4010, #4012, #4013)

    The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

    This fix was contributed by @​sapphi-red.

0.24.1

  • Allow es2024 as a target in tsconfig.json (#4004)

    TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

    {
  "compilerOptions": {
    "target": "ES2024"
  }
}

    As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

    This fix was contributed by @​billyjanitsch.

  • Allow automatic semicolon insertion after get/set

    This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

    class Foo {
  get
  *x() {}
  set
  *y() {}
}

    The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

  • Allow quoted property names in --define and --pure (#4008)

    The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

    

    • 






... (truncated)





Commits






Updates vite from 5.4.20 to 7.1.5



Release notes

Sourced from vite's releases.




v5.4.20


Please refer to CHANGELOG.md for details.







Changelog

Sourced from vite's changelog.




5.4.20 (2025-09-08)








Commits






Updates @vitest/coverage-v8 from 1.6.1 to 3.2.4



Release notes

Sourced from @​vitest/coverage-v8's releases.




v3.2.4


   🐞 Bug Fixes



    View changes on GitHub


v3.2.3


   🚀 Features



   🐞 Bug Fixes



    View changes on GitHub


v3.2.2





... (truncated)





Commits






Updates @vitest/ui from 1.6.1 to 3.2.4



Release notes

Sourced from @​vitest/ui's releases.




v3.2.4


   🐞 Bug Fixes



    View changes on GitHub


v3.2.3


   🚀 Features



   🐞 Bug Fixes



    View changes on GitHub


v3.2.2





... (truncated)





Commits

    

  • c666d14 chore: release v3.2.4
    • 

  • 93f3200 fix(deps): update all non-major dependencies (#8123)
    • 

  • b87ee3e chore: release v3.2.3
    • 

  • c69be1f feat(ui): show test annotations and metadata in the test report tab (#8093)
    • 

  • 7ddcd33 chore: release v3.2.2
    • 

  • f858f3b chore: release v3.2.1
    • 

  • 59200ae chore: release v3.2.0
    • 

  • cce98d3 chore(deps): update all non-major dependencies (#8067)
    • 

  • b03f209 feat: annotation API (#7953)
    • 

  • 3bdf05d fix: ensure errors keep their message and stack after toJSON serialisation ...
    • 

  • Additional commits viewable in compare view
    • 







Updates vite-plugin-node-polyfills from 0.22.0 to 0.24.0



Release notes

Sourced from vite-plugin-node-polyfills's releases.




v0.24.0


    

  • Add rolldown-vite support
    • 

  • Fix broken v0.23.1 build
    • 



v0.23.1


    

  • Allow installation in Vite v7 projects
    • 



v0.23.0


    

  • Improve performance when not using globals
    • 

  • Support Vite v6
    • 








Commits






Updates vitest from 1.6.1 to 3.2.4



Release notes

Sourced from vitest's releases.




v3.2.4


   🐞 Bug Fixes



    

  
  



      


          

          
  
  

    
  
    
    

  

  

  



          

        
      




  




      

       
            



      

  
        

  

      

  
  

  
          

  

    

      


  

      
        @dependabot
  




      

        
          Bump the npm_and_yarn group across 1 directory with 12 updates
        

          
                        
      


      

        

    
    
    

  

    


      


      

        

          

    
    
    

  

  

    
  



        

      


      

        
          3992989
        
      

    

  

    

      
Bumps the npm_and_yarn group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.9.0` | `1.12.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.19` | `5.4.20` |
| [form-data](https://github.com/form-data/form-data) | `3.0.3` | `3.0.4` |
| [esbuild](https://github.com/evanw/esbuild) | `0.21.5` | `0.25.9` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.20` | `7.1.5` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `1.6.1` | `3.2.4` |
| [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui) | `1.6.1` | `3.2.4` |
| [vite-plugin-node-polyfills](https://github.com/davidmyersdev/vite-plugin-node-polyfills) | `0.22.0` | `0.24.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `1.6.1` | `3.2.4` |
| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |
| [compression](https://github.com/expressjs/compression) | `1.8.0` | `1.8.1` |
| [pbkdf2](https://github.com/crypto-browserify/pbkdf2) | `3.1.2` | `3.1.3` |
| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |



Updates `axios` from 1.9.0 to 1.12.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.9.0...v1.12.0)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.20/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.20/packages/vite)

Updates `form-data` from 3.0.3 to 3.0.4
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/v3.0.4/CHANGELOG.md)
- [Commits](form-data/form-data@v3.0.3...v3.0.4)

Updates `esbuild` from 0.21.5 to 0.25.9
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](evanw/esbuild@v0.21.5...v0.25.9)

Updates `vite` from 5.4.20 to 7.1.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.20/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.20/packages/vite)

Updates `@vitest/coverage-v8` from 1.6.1 to 3.2.4
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.4/packages/coverage-v8)

Updates `@vitest/ui` from 1.6.1 to 3.2.4
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.4/packages/ui)

Updates `vite-plugin-node-polyfills` from 0.22.0 to 0.24.0
- [Release notes](https://github.com/davidmyersdev/vite-plugin-node-polyfills/releases)
- [Commits](davidmyersdev/vite-plugin-node-polyfills@v0.22.0...v0.24.0)

Updates `vitest` from 1.6.1 to 3.2.4
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.4/packages/vitest)

Updates `on-headers` from 1.0.2 to 1.1.0
- [Release notes](https://github.com/jshttp/on-headers/releases)
- [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md)
- [Commits](jshttp/on-headers@v1.0.2...v1.1.0)

Updates `compression` from 1.8.0 to 1.8.1
- [Release notes](https://github.com/expressjs/compression/releases)
- [Changelog](https://github.com/expressjs/compression/blob/master/HISTORY.md)
- [Commits](expressjs/compression@1.8.0...v1.8.1)

Updates `pbkdf2` from 3.1.2 to 3.1.3
- [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md)
- [Commits](browserify/pbkdf2@v3.1.2...v3.1.3)

Updates `sha.js` from 2.4.11 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.11...v2.4.12)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.12.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 3.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.25.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.1.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 3.2.4
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@vitest/ui"
  dependency-version: 3.2.4
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite-plugin-node-polyfills
  dependency-version: 0.24.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 3.2.4
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: on-headers
  dependency-version: 1.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: compression
  dependency-version: 1.8.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: pbkdf2
  dependency-version: 3.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>

    







  








      

  
            

    

      
    

    


      


          @dependabot
dependabot
bot



            added
      

  dependencies

  Pull requests that update a dependency file

      

  javascript

  Pull requests that update javascript code

  labels


      Sep 16, 2025

    

  












  
  

    

      

  




      


    


    

      

        
      

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



      

    

  




  
          



      

  

    
    

    

  

    Reviewers
  


    

    No reviews






    

  


      
  

    Assignees
  



        


    No one assigned







      


  


  

    Labels
  



    

      

    dependencies

  Pull requests that update a dependency file
  

    javascript

  Pull requests that update javascript code








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    

      
        

          
  

    Development
  



            


Successfully merging this pull request may close these issues.





  
  



      
    

  




      

    

  
      

  

    

      0 participants