Skip to content

chore(deps): bump the npm_and_yarn group across 3 directories with 8 updates #178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the npm_and_yarn group across 3 directories with 8 updates #178

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 20, 2025
edited
Loading

Bumps the npm_and_yarn group with 3 updates in the /apps directory: brace-expansion, form-data and next.
Bumps the npm_and_yarn group with 6 updates in the /electron directory:

Package From To
vite 6.3.5 6.3.6
brace-expansion 1.1.11 1.1.12
form-data 4.0.1 4.0.4
tar-fs 3.0.7 3.0.9
electron 29.4.6 35.7.5
tmp 0.2.3 0.2.5

Bumps the npm_and_yarn group with 1 update in the /web directory: axios.

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates form-data from 4.0.2 to 4.0.4

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13
Changelog

Sourced from form-data's changelog.

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13
Commits
  • 41996f5 v4.0.4
  • 316c82b [meta] actually ensure the readme backup isn’t published
  • 2300ca1 [meta] fix readme capitalization
  • 811f682 [meta] add auto-changelog
  • 5e34080 [Tests] fix linting errors
  • 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
  • 58c25d7 [Dev Deps] update @ljharb/eslint-config
  • 3d17230 [Fix] Switch to using crypto random for boundary values
  • d8d67dc v4.0.3
  • e6e83cc [meta] remove local commit hooks
  • Additional commits viewable in compare view

Updates next from 15.3.2 to 15.5.3

Release notes

Sourced from next's releases.

v15.5.3

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: validation return types of pages API routes (#83069)
  • fix: relative paths in dev in validator.ts (#83073)
  • fix: remove satisfies keyword from type validation to preserve old TS compatibility (#83071)

Credits

Huge thanks to @​bgub for helping!

v15.5.2

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: disable unknownatrules lint rule entirely (#83059)
  • revert: add ?dpl to fonts in /_next/static/media (#83062)

Credits

Huge thanks to @​bgub and @​ztanner for helping!

v15.5.1

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: aliased navigations should apply scroll handling (#82900)
  • Turbopack: fix invalid NFT entry with file behind symlink (#82887)
  • fix: typesafe linking to route handlers and pages API routes (#82858)
  • fix: change "noUnknownAtRules" to "warn" for Biome (#82974)
  • fix: add path normalization to getRelativePath for Windows (#82918)
  • feat: add typesafety with config.typedRoutes to redirect() and permanentRedirect() (#82860)
  • fix: avoid importing types that will be unused (#82856)
  • fix: update the config.api.responseLimit type (#82852)
  • fix: update validation return types (#82854)

Credits

Huge thanks to @​bgub, @​mischnic, and @​ztanner for helping!

v15.5.1-canary.39

Core Changes

  • [metadata] change the metadata routes params to promises: #83560

... (truncated)

Commits

Updates vite from 6.3.5 to 6.3.6

Release notes

Sourced from vite's releases.

v6.3.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.3.6 (2025-09-08)

Commits

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates form-data from 4.0.1 to 4.0.4

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13
Changelog

Sourced from form-data's changelog.

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13
Commits
  • 41996f5 v4.0.4
  • 316c82b [meta] actually ensure the readme backup isn’t published
  • 2300ca1 [meta] fix readme capitalization
  • 811f682 [meta] add auto-changelog
  • 5e34080 [Tests] fix linting errors
  • 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
  • 58c25d7 [Dev Deps] update @ljharb/eslint-config
  • 3d17230 [Fix] Switch to using crypto random for boundary values
  • d8d67dc v4.0.3
  • e6e83cc [meta] remove local commit hooks
  • Additional commits viewable in compare view

Updates tar-fs from 3.0.7 to 3.0.9

Commits

Updates electron from 29.4.6 to 35.7.5

Release notes

Sourced from electron's releases.

electron v35.7.5

Release Notes for v35.7.5

[!WARNING] Electron 35.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

Fixes

  • Fixed an issue where shell.openPath was not non-blocking as expected. #48079 (Also in 36, 37, 38)

electron v35.7.4

Release Notes for v35.7.4

  • Fix ffmpeg generation on Windows non-x64

electron v35.7.2

Release Notes for v35.7.2

Fixes

  • Fixed an issue where printing PDFs with webContents.print({ silent: true }) would fail. #47645 (Also in 36, 37)

electron v35.7.0

Release Notes for v35.7.0

Other Changes

  • Updated Node.js to v22.16.0. #47213

electron v35.6.0

Release Notes for v35.6.0

Features

  • Added support for --no-experimental-global-navigator flag. #47416 (Also in 36, 37)
  • Added support for customizing system accent color and highlighting of active window border. #47539 (Also in 36, 37)

Fixes

  • Fixed a potential crash using session.clearData in some circumstances. #47410 (Also in 36, 37)
  • Fixed an error when importing electron for the first time from an ESM module loaded by a CJS module in a packaged app. #47344 (Also in 36, 37)
  • Fixed an issue where calling Fetch.continueResponse via debugger with WebContentsView could cause a crash. #47443 (Also in 36, 37)
  • Fixed an issue where utility processes could leak file handles. #47542 (Also in 36, 37)
  • Partially fixes an issue with printing a PDF via webContents.print() where the callback would not be called. #47399 (Also in 36, 37)

Other Changes

  • Backported fix for 420637585. #47369

electron v35.5.1

Release Notes for v35.5.1

... (truncated)

Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

  • API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
  • Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
  • Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
  • Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
  • Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (39.0)

Deprecated: --host-rules command line switch

Chromium is deprecating the --host-rules switch.

You should use --host-resolver-rules instead.

Behavior Changed: window.open popups are always resizable

Per current WHATWG spec, the window.open API will now always create a resizable popup window.

To restore previous behavior:

webContents.setWindowOpenHandler((details) => {
  return {
    action: 'allow',
    overrideBrowserWindowOptions: {
      resizable: details.features.includes('resizable=yes')
    }
  }
})

Behavior Changed: shared texture OSR paint event data structure

When using shared texture offscreen rendering feature, the paint event now emits a more structured object. It moves the sharedTextureHandle, planes, modifier into a unified handle property. See here for more details.

Planned Breaking API Changes (38.0)

Removed: ELECTRON_OZONE_PLATFORM_HINT environment variable

The default value of the --ozone-plaftform flag changed to auto.

... (truncated)

Commits

Updates tmp from 0.2.3 to 0.2.5

Commits

Updates axios from 1.10.0 to 1.12.0

Release notes

Sourced from axios's releases.

Release v1.12.0

Release notes:

Bug Fixes

Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

Release v1.11.0

Release notes:

Bug Fixes

  • form-data npm pakcage (#6970) (e72c193)
  • prevent RangeError when using large Buffers (#6961) (a2214ca)
  • types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

Changelog

Sourced from axios's changelog.

1.12.0 (2025-09-11)

Bug Fixes

Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

1.11.0 (2025-07-22)

Bug Fixes

  • form-data npm pakcage (#6970) (e72c193)
  • prevent RangeError when using large Buffers (#6961) (a2214ca)
  • types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

... (truncated)

Commits
  • 0d8ad6e chore(release): v1.12.0 (#7013)
  • fd7f404 fix: release pr run
  • a2edc36 fix: dont add dist on release
  • 9ec86de fix: adding build artifacts
  • 945435f fix(node): enforce maxContentLength for data: URLs (#7011)
  • 28e5e30 chore(sponsor): update sponsor block (#7005)
  • d03f245 chore(CI): fixed release info script to use npm registry instead of git as fi...
  • a0bc911 chore: removing dist files from src (#7002)
  • c959ff2 feat(fetch): add fetch, Request, Response env config variables for the adapte...
  • a9f47af fix(fetch-adapter): set correct Content-Type for Node FormData (#6998)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 20, 2025
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Sep 20, 2025
edited
Loading

Deploying nodetool with  Cloudflare Pages  Cloudflare Pages

Latest commit: f6428b1
Status: ✅  Deploy successful!
Preview URL: https://e6df6f95.nodetool.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-apps-f2ew.nodetool.pages.dev

View logs

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Sep 20, 2025
edited
Loading

Deploying nodetool-staging with  Cloudflare Pages  Cloudflare Pages

Latest commit: f6428b1
Status: ✅  Deploy successful!
Preview URL: https://342bc21b.nodetool-staging.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-apps-terq.nodetool-staging.pages.dev

View logs

@dependabot
chore(deps): bump the npm_and_yarn group across 3 directories with 8 …
f6428b1 
…updates

Bumps the npm_and_yarn group with 3 updates in the /apps directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [form-data](https://github.com/form-data/form-data) and [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 6 updates in the /electron directory:

| Package | From | To |
| --- | --- | --- |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `6.3.6` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [form-data](https://github.com/form-data/form-data) | `4.0.1` | `4.0.4` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `3.0.7` | `3.0.9` |
| [electron](https://github.com/electron/electron) | `29.4.6` | `35.7.5` |
| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.5` |

Bumps the npm_and_yarn group with 1 update in the /web directory: [axios](https://github.com/axios/axios).


Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `form-data` from 4.0.2 to 4.0.4
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.2...v4.0.4)

Updates `next` from 15.3.2 to 15.5.3
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.3.2...v15.5.3)

Updates `vite` from 6.3.5 to 6.3.6
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.3.6/packages/vite)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `form-data` from 4.0.1 to 4.0.4
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.2...v4.0.4)

Updates `tar-fs` from 3.0.7 to 3.0.9
- [Commits](mafintosh/tar-fs@v3.0.7...v3.0.9)

Updates `electron` from 29.4.6 to 35.7.5
- [Release notes](https://github.com/electron/electron/releases)
- [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md)
- [Commits](electron/electron@v29.4.6...v35.7.5)

Updates `tmp` from 0.2.3 to 0.2.5
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.3...v0.2.5)

Updates `axios` from 1.10.0 to 1.12.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.10.0...v1.12.0)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.3.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 3.0.9
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: electron
  dependency-version: 35.7.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 0.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.12.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/apps/npm_and_yarn-2f782ad46f branch from 59e1503 to f6428b1 Compare September 24, 2025 18:26
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 17, 2025

Superseded by #185.

@dependabot dependabot bot closed this Oct 17, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/apps/npm_and_yarn-2f782ad46f branch October 17, 2025 11:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant