Skip to content

build(deps): Bump the npm_and_yarn group across 1 directory with 2 updates #8262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): Bump the npm_and_yarn group across 1 directory with 2 updates #8262

wants to merge 1 commit into from
+1,767 βˆ’1,411

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 15, 2025
edited
Loading

Bumps the npm_and_yarn group with 2 updates in the / directory: happy-dom and next.

Updates happy-dom from 17.4.4 to 20.0.2

Release notes

Sourced from happy-dom's releases.

v20.0.2

πŸ‘·β€β™‚οΈ Patch fixes

v20.0.1

πŸ‘·β€β™‚οΈ Patch fixes

  • Adds warning for environment with unfrozen intrinsics (builtins) when JavaScript evaluation is enabled- By @​capricorn86 in task #1932
    • A security advisory has been reported showing that the recommended preventive measure of running Node.js with --disallow-code-generation-from-strings wasn't enough to protect against attackers escaping the VM context and accessing process-level functions. Big thanks to @​cristianstaicu for reporting this!
    • The documentation for how to run Happy DOM with JavaScript evaluation enabled in a safer way has been updated. Read more about it in the Wiki

v20.0.0

I avoid making breaking changes as much as possible in Happy DOM. When I have to make a breaking change, I try to keep it as minimal as possible. This could be a breaking change that impacts many projects, and I am truly sorry if you are negatively affected by this.

πŸ’£ Breaking Changes

  • Due to security risks, JavaScript evaluation is now disabled by default - By @​capricorn86 in task #1930
    • A security advisory (GHSA-37j7-fg3j-429f) has been reported that shows a security vulnerability where it's possible to escape the VM context and get access to process level functionality. Big thanks to @​Mas0nShi for reporting this!
    • Due to this security risk, JavaScript evaluation is now disabled by default to prevent that consumers accidentally executes untrusted code without taking precautions
    • JavaScript evaluation can be enabled by setting enableJavaScriptEvaluation to "true". Read more about how to enable this in a safer way in the Wiki

v19.0.2

πŸ‘·β€β™‚οΈ Patch fixes

  • Fixes issue related to CSS pseudo selector :scope that didn't work correctly for direct descendants to root - By @​capricorn86 in task #1620

v19.0.1

πŸ‘·β€β™‚οΈ Patch fixes

  • Fixes issue with sending in URLs as string in @happy-dom/server-renderer config using CLI - By @​capricorn86 in task #1908

v19.0.0

πŸ’£ Breaking Changes

  • Removes support for CommonJS - By @​capricorn86 in task #1730
    • Support for CommonJS is no longer needed as Node.js v18 is deprecated and v20 and above supports loading ES modules from CommonJS using require()
  • Updates Jest to v30 in the @happy-dom/jest-environment package - By @​capricorn86 in task #1730
  • Makes Jest packages peer dependencies to make it easier to align versions with the project using @happy-dom/jest-environment - By @​capricorn86 in task #1730

🎨 Features

... (truncated)

Commits
  • f4bd4eb fix: #0 Adds frozen intrinsics flag to server-renderer workers (#1934)
  • f45d92e fix: #0 Adds warning for environemnt with unfrozen builtins (#1932)
  • 819d15b BREAKING CHANGE: #0 Changes JavaScript evaluation to be disabled by default...
  • c80a08f fix: #1620 Fixes issue related to CSS pseudo selector :scope (#1911)
  • 220df23 fix: #1908 Fixes issue with sending in URLs as string in server-renderer co...
  • 9849f8b chore: #1906 Fixes failing unit test caused by package version (#1907)
  • 48d174e chore: #1904 Updates conventional commit package (#1905)
  • 275efe5 BREAKING CHANGE: #1620 Release v18.0.0
  • cf74f5f fix: #1841 Addresses an issue where an error occurred if the Element ID was...
  • bfd0fff chore: #1154 Fixes failing unit test (#1843)
  • Additional commits viewable in compare view

Updates next from 15.3.5 to 15.4.7

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

PR-Codex overview

This PR updates various dependencies across multiple packages, primarily upgrading the next version from 15.3.5 to 15.4.7 and happy-dom from 17.4.4 to 20.0.2. It also includes minor version updates for other libraries.

Detailed summary

  • Upgraded next from 15.3.5 to 15.4.7 in:
    • apps/wallet-ui/package.json
    • apps/dashboard/package.json
    • apps/nebula/package.json
    • packages/ui/package.json
    • apps/portal/package.json
    • apps/playground-web/package.json
  • Upgraded happy-dom from 17.4.4 to 20.0.2 in packages/thirdweb/package.json
  • Minor version updates for several other libraries across various packages.

The following files were skipped due to too many changes: pnpm-lock.yaml

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

@dependabot dependabot bot added Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 15, 2025
@dependabot dependabot bot requested review from a team as code owners October 15, 2025 20:54
@dependabot dependabot bot added Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 15, 2025
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Oct 15, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 5802e68

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel Vercel
Copy link

vercel bot commented Oct 15, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
docs-v2 Ready Ready Preview Comment Oct 16, 2025 9:52pm
nebula Ready Ready Preview Comment Oct 16, 2025 9:52pm
thirdweb_playground Error Error Oct 16, 2025 9:52pm
thirdweb-www Ready Ready Preview Comment Oct 16, 2025 9:52pm
wallet-ui Ready Ready Preview Comment Oct 16, 2025 9:52pm

@graphite-app Graphite App
Copy link
Contributor

graphite-app bot commented Oct 15, 2025

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

  • merge-queue - adds this PR to the back of the merge queue
  • hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

@github-actions github-actions bot added Dashboard Involves changes to the Dashboard. Playground Changes involving the Playground codebase. Portal Involves changes to the Portal (docs) codebase. packages Ecosystem Portal Involves changes to the Ecosystem Portal SDK Involves changes to the thirdweb SDK labels Oct 15, 2025
@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 15, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@dependabot
build(deps): Bump the npm_and_yarn group across 1 directory with 2 up…
5802e68 
…dates

Bumps the npm_and_yarn group with 2 updates in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom) and [next](https://github.com/vercel/next.js).


Updates `happy-dom` from 17.4.4 to 20.0.2
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v17.4.4...v20.0.2)

Updates `next` from 15.3.5 to 15.4.7
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.3.5...v15.4.7)

---
updated-dependencies:
- dependency-name: happy-dom
  dependency-version: 20.0.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.4.7
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-8f118b1af4 branch from 6b8f173 to 5802e68 Compare October 16, 2025 21:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Dashboard Involves changes to the Dashboard. Dependencies Pull requests that update a dependency file Ecosystem Portal Involves changes to the Ecosystem Portal javascript Pull requests that update Javascript code packages Playground Changes involving the Playground codebase. Portal Involves changes to the Portal (docs) codebase. SDK Involves changes to the thirdweb SDK

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants