ssa/ollama
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases Packages Wiki Activity Actions

build(deps): bump the npm_and_yarn group across 1 directory with 13 updates #1

Open
dependabot[bot] wants to merge 1 commit from dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b into main
pull from: dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b
merge into: ssa:main
Conversation 0 Commits 1 Files changed 2 +294 -181
dependabot[bot] commented 2026-03-21 19:47:10 +00:00 (Migrated from github.com)
Copy link

Bumps the npm_and_yarn group with 13 updates in the /app/ui/app directory:

Package From To
playwright 1.53.2 1.58.2
storybook 9.0.14 9.1.20
vite 6.3.5 6.4.1
minimatch 3.1.2 3.1.5
dompurify 3.3.0 3.3.3
flatted 3.3.3 3.4.2
glob 10.4.5 10.5.0
js-yaml 4.1.0 4.1.1
lodash 4.17.21 4.17.23
mdast-util-to-hast 13.2.0 13.2.1
rollup 4.42.0 4.59.1
seroval 1.3.2 1.5.1
tar 7.4.3 7.5.12

Updates playwright from 1.53.2 to 1.58.2

Release notes

Sourced from playwright's releases.

v1.58.2

Highlights

#39121 fix(trace viewer): make paths via stdin work #39129 fix: do not force swiftshader on chromium mac

Browser Versions

  • Chromium 145.0.7632.6
  • Mozilla Firefox 146.0.1
  • WebKit 26.0

v1.58.1

Highlights

#39036 fix(msedge): fix local network permissions #39037 chore: update cft download location #38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

  • Chromium 145.0.7632.6
  • Mozilla Firefox 146.0.1
  • WebKit 26.0

v1.58.0

📣 Playwright CLI+SKILLs 📣

We are adding a new token-efficient CLI mode of operation to Playwright with the skills located at playwright-cli. This brings the long-awaited official SKILL-focused CLI mode to our story and makes it more coding agent-friendly.

It is the first snapshot with the essential command set (which is already larger than the original MCP!), but we expect it to grow rapidly. Unlike the token use, that one we expect to go down since snapshots are no longer forced into the LLM!

Timeline

If you're using merged reports, the HTML report Speedboard tab now shows the Timeline:

Timeline chart in the HTML report

UI Mode and Trace Viewer Improvements

  • New 'system' theme option follows your OS dark/light mode preference
  • Search functionality (Cmd/Ctrl+F) is now available in code editors
  • Network details panel has been reorganized for better usability
  • JSON responses are now automatically formatted for readability

Thanks to @​cpAdm for contributing these improvements!

Miscellaneous

browserType.connectOverCDP() now accepts an isLocal option. When set to true, it tells Playwright that it runs on the same host as the CDP server, enabling file system optimizations.

Breaking Changes ⚠️

  • Removed _react and _vue selectors. See locators guide for alternatives.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for playwright since your current version.


Updates storybook from 9.0.14 to 9.1.20

Release notes

Sourced from storybook's releases.

v9.1.20

9.1.20

  • Add request validation

v9.1.19

9.1.19

  • Harden websocket connection

v9.1.18

9.1.18

  • No-op release. No changes.

v9.1.17

9.1.17

Changelog

Sourced from storybook's changelog.

9.1.20

  • Add request validation

9.1.19

  • Harden websocket connection

9.1.18

  • No-op release. No changes.

9.1.16

9.1.15

9.1.14

9.1.13

9.1.12

  • Maintenance: Hotfix for missing nextjs dts files, thanks @​ndelangen!

9.1.11

9.1.10

... (truncated)

Commits
  • f4eff48 Bump version from "9.1.19" to "9.1.20" [skip ci]
  • 046ce4d Formatting
  • 98e74eb Clarify hostname validation for HTTP requests and WebSocket connections
  • 5f27e88 Core: Backport origin/host validation and update related configurations
  • 20887f1 Bump version from "9.1.18" to "9.1.19" [skip ci]
  • 66b2d8e Fix test
  • 31f16c4 fix linting
  • 62dd25b Core: Require token for websocket connections
  • bbe61e3 Bump version from "9.1.17" to "9.1.18" [skip ci]
  • d0d5a3d Bump version from 9.1.16 to 9.1.17 MANUALLY
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for storybook since your current version.


Updates vite from 6.3.5 to 6.4.1

Release notes

Sourced from vite's releases.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.1 (2026-03-19)

Features

Bug Fixes

  • bundled-dev: properly disable inlineConst optimization (#21865) (6d97142)
  • css: lightningcss minify failed when build.target: 'es6' (#21933) (5fcce46)
  • deps: update all non-major dependencies (#21878) (6dbbd7f)
  • dev: always use ESM Oxc runtime (#21829) (d323ed7)
  • dev: handle concurrent restarts in _createServer (#21810) (40bc729)
  • handle + symbol in package subpath exports during dep optimization (#21886) (86db93d)
  • improve no-cors request block error (#21902) (5ba688b)
  • use precise regexes for transform filter to avoid backtracking (#21800) (dbe41bd)
  • worker: require(json) result should not be wrapped (#21847) (0672fd2)
  • worker: make worker output consistent with client and SSR (#21871) (69454d7)

Miscellaneous Chores

8.0.0 (2026-03-12)

Vite 8 is here!

Today, we're thrilled to announce the release of the next Vite major:

⚠ BREAKING CHANGES

  • remove import.meta.hot.accept resolution fallback (#21382)
  • update default browser target (#21193)
  • the epic rolldown-vite merge (#21189)

Features

... (truncated)

Commits
  • 0a0c50a refactor: simplify pluginFilter implementation (#19828)
  • 59d0b35 perf(css): avoid constructing renderedModules (#19775)
  • 175a839 fix: reject requests with # in request-target (#19830)
  • e2e11b1 fix(module-runner): allow already resolved id as entry (#19768)
  • 7200dee fix: correct the behavior when multiple transform filter options are specifie...
  • b125172 fix(css): remove empty chunk imports correctly when chunk file name contained...
  • 8fe3538 test: tweak generateCodeFrame test (#19812)
  • 36935b5 fix(types): remove the keepProcessEnv from the DefaultEnvironmentOptions ...
  • a0e1a04 docs(vite): fix description of transformIndexHtml hook (#19799)
  • 71227be fix: unbundle fdir to fix commonjsOptions.dynamicRequireTargets (#19791)
  • Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates dompurify from 3.3.0 to 3.3.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

  • Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua

DOMPurify 3.3.2

  • Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
  • Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
  • Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
  • Bumped and removed several dependencies, thanks @​Rotzbua
  • Fixed the test suite after bumping dependencies, thanks @​Rotzbua

DOMPurify 3.3.1

  • Updated ADD_FORBID_CONTENTS setting to extend default list, thanks @​MariusRumpf
  • Updated the ESM import syntax to be more correct, thanks @​binhpv
Commits
  • 8bcbf73 chore: Preparing 3.3.3 release
  • 5faddd6 fix: engine requirement (#1210)
  • 0f91e3a Update README.md
  • d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
  • c3efd48 fix: moved back from jsdom 28 to jsdom 20
  • 988b888 fix: moved back from jsdom 28 to jsdom 20
  • 2726c74 chore: Preparing 3.3.2 release
  • 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
  • 302b51d fix: Expanded the regex ever so slightly to also cover script
  • cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
  • Additional commits viewable in compare view

Updates flatted from 3.3.3 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates glob from 10.4.5 to 10.5.0

Commits

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates lodash from 4.17.21 to 4.17.23

Commits

Updates mdast-util-to-hast from 13.2.0 to 13.2.1

Release notes

Sourced from mdast-util-to-hast's releases.

13.2.1

Fix

  • ab3a795 Fix support for spaces in class names

Types

  • efb5312 Refactor to use @imports
  • a5bc210 Add declaration maps

Full Changelog: https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1

Commits

Updates rollup from 4.42.0 to 4.59.1

Release notes

Sourced from rollup's releases.

v4.59.1

4.59.1

2026-03-21

Bug Fixes

  • Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

v4.59.0

4.59.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

v4.58.0

4.58.0

2026-02-20

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.1

2026-03-21

Bug Fixes

  • Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

4.59.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

4.58.0

2026-02-20

Features

  • Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates seroval from 1.3.2 to 1.5.1

Commits

Updates tar from 7.4.3 to 7.5.12

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.
Bumps the npm_and_yarn group with 13 updates in the /app/ui/app directory: | Package | From | To | | --- | --- | --- | | [playwright](https://github.com/microsoft/playwright) | `1.53.2` | `1.58.2` | | [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `9.0.14` | `9.1.20` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `6.4.1` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.3.0` | `3.3.3` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` | | [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` | | [rollup](https://github.com/rollup/rollup) | `4.42.0` | `4.59.1` | | [seroval](https://github.com/lxsmnsyc/seroval) | `1.3.2` | `1.5.1` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.12` | Updates `playwright` from 1.53.2 to 1.58.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/playwright/releases">playwright's releases</a>.</em></p> <blockquote> <h2>v1.58.2</h2> <h2>Highlights</h2> <p><a href="https://redirect.github.com/microsoft/playwright/issues/39121">#39121</a> fix(trace viewer): make paths via stdin work <a href="https://redirect.github.com/microsoft/playwright/issues/39129">#39129</a> fix: do not force swiftshader on chromium mac</p> <h2>Browser Versions</h2> <ul> <li>Chromium 145.0.7632.6</li> <li>Mozilla Firefox 146.0.1</li> <li>WebKit 26.0</li> </ul> <h2>v1.58.1</h2> <h2>Highlights</h2> <p><a href="https://redirect.github.com/microsoft/playwright/issues/39036">#39036</a> fix(msedge): fix local network permissions <a href="https://redirect.github.com/microsoft/playwright/issues/39037">#39037</a> chore: update cft download location <a href="https://redirect.github.com/microsoft/playwright/issues/38995">#38995</a> chore(webkit): disable frame sessions on fronzen builds</p> <h2>Browser Versions</h2> <ul> <li>Chromium 145.0.7632.6</li> <li>Mozilla Firefox 146.0.1</li> <li>WebKit 26.0</li> </ul> <h2>v1.58.0</h2> <h2>📣 Playwright CLI+SKILLs 📣</h2> <p>We are adding a new token-efficient CLI mode of operation to Playwright with the skills located at <a href="https://github.com/microsoft/playwright-cli">playwright-cli</a>. This brings the long-awaited official SKILL-focused CLI mode to our story and makes it more coding agent-friendly.</p> <blockquote> <p>It is the first snapshot with the essential command set (which is already larger than the original MCP!), but we expect it to grow rapidly. Unlike the token use, that one we expect to go down since snapshots are no longer forced into the LLM!</p> </blockquote> <h2>Timeline</h2> <p>If you're using <a href="https://playwright.dev/docs/test-sharding#merging-reports-from-multiple-environments">merged reports</a>, the HTML report Speedboard tab now shows the Timeline:</p> <p><img src="https://github.com/microsoft/playwright/blob/main/docs/src/images/timeline.png?raw=true" alt="Timeline chart in the HTML report" /></p> <h2>UI Mode and Trace Viewer Improvements</h2> <ul> <li>New 'system' theme option follows your OS dark/light mode preference</li> <li>Search functionality (Cmd/Ctrl+F) is now available in code editors</li> <li>Network details panel has been reorganized for better usability</li> <li>JSON responses are now automatically formatted for readability</li> </ul> <p>Thanks to <a href="https://github.com/cpAdm"><code>@​cpAdm</code></a> for contributing these improvements!</p> <h2>Miscellaneous</h2> <p><a href="https://playwright.dev/docs/api/class-browsertype#browser-type-connect-over-cdp">browserType.connectOverCDP()</a> now accepts an <code>isLocal</code> option. When set to <code>true</code>, it tells Playwright that it runs on the same host as the CDP server, enabling file system optimizations.</p> <h2>Breaking Changes ⚠️</h2> <ul> <li>Removed <code>_react</code> and <code>_vue</code> selectors. See <a href="https://playwright.dev/docs/locators">locators guide</a> for alternatives.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/playwright/commit/ce480a952553175eae75342aad2c5e86cdf2cbba"><code>ce480a9</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/39171">#39171</a>): devops: add ubuntu-22.04-arm bot</li> <li><a href="https://github.com/microsoft/playwright/commit/e40c137ebeb0221a56f968ac41c66287e8e2c810"><code>e40c137</code></a> chore: mark v1.58.2 (<a href="https://redirect.github.com/microsoft/playwright/issues/39155">#39155</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/50b7296be7208c275b12004f4703b8086ee45dfd"><code>50b7296</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/39152">#39152</a>): chore: fix execSync inheriting stdio</li> <li><a href="https://github.com/microsoft/playwright/commit/f3dcf50a2e7ddb225431b9a5e53804bdb8a25311"><code>f3dcf50</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/39129">#39129</a>): fix: do not force swiftshader on chromium mac</li> <li><a href="https://github.com/microsoft/playwright/commit/8684e0834f368cd1ff4973ab7c36c4775c1038a4"><code>8684e08</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/39121">#39121</a>): fix(trace viewer): make paths via stdin work</li> <li><a href="https://github.com/microsoft/playwright/commit/97bc385142cfb498a59219442d8032ca2e1d79fe"><code>97bc385</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/38995">#38995</a>): chore(webkit): disable frame sessions on fronzen builds</li> <li><a href="https://github.com/microsoft/playwright/commit/ad625fe2b6214967369ee06a80ebf580835cf5da"><code>ad625fe</code></a> chore: mark v1.58.1 (<a href="https://redirect.github.com/microsoft/playwright/issues/39055">#39055</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/f07234d2a0a5d88ec987c82ab8749db158154e3d"><code>f07234d</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/39036">#39036</a>): fix(msedge): fix local network permissions (<a href="https://redirect.github.com/microsoft/playwright/issues/39053">#39053</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/ab8136c375310d2a1e3edb9cbcfadff817b8fca5"><code>ab8136c</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/39037">#39037</a>): chore: update cft download location (<a href="https://redirect.github.com/microsoft/playwright/issues/39052">#39052</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/aa6ffebf0c33607e03aa85d3e9c35602b31b95b4"><code>aa6ffeb</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/39014">#39014</a>): docs: add 1.58 release notes for Java, Python, and C#</li> <li>Additional commits viewable in <a href="https://github.com/microsoft/playwright/compare/v1.53.2...v1.58.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for playwright since your current version.</p> </details> <br /> Updates `storybook` from 9.0.14 to 9.1.20 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/storybookjs/storybook/releases">storybook's releases</a>.</em></p> <blockquote> <h2>v9.1.20</h2> <h2>9.1.20</h2> <ul> <li>Add request validation</li> </ul> <h2>v9.1.19</h2> <h2>9.1.19</h2> <ul> <li>Harden websocket connection</li> </ul> <h2>v9.1.18</h2> <h2>9.1.18</h2> <ul> <li>No-op release. No changes.</li> </ul> <h2>v9.1.17</h2> <h2>9.1.17</h2> <ul> <li>Core: Fix .env-file parsing, thanks <a href="https://github.com/jreinhold"><code>@​jreinhold</code></a>!</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/storybookjs/storybook/blob/v9.1.20/CHANGELOG.md">storybook's changelog</a>.</em></p> <blockquote> <h2>9.1.20</h2> <ul> <li>Add request validation</li> </ul> <h2>9.1.19</h2> <ul> <li>Harden websocket connection</li> </ul> <h2>9.1.18</h2> <ul> <li>No-op release. No changes.</li> </ul> <h2>9.1.16</h2> <ul> <li>CLI: Fix Nextjs project creation in empty directories - <a href="https://redirect.github.com/storybookjs/storybook/pull/32828">#32828</a>, thanks <a href="https://github.com/yannbf"><code>@​yannbf</code></a>!</li> <li>Core: Add <code>experimental_devServer</code> preset - <a href="https://redirect.github.com/storybookjs/storybook/pull/32862">#32862</a>, thanks <a href="https://github.com/yannbf"><code>@​yannbf</code></a>!</li> <li>Telemetry: Fix preview-first-load event - <a href="https://redirect.github.com/storybookjs/storybook/pull/32859">#32859</a>, thanks <a href="https://github.com/shilman"><code>@​shilman</code></a>!</li> </ul> <h2>9.1.15</h2> <ul> <li>Core: Add <code>preview-first-load</code> telemetry - <a href="https://redirect.github.com/storybookjs/storybook/pull/32770">#32770</a>, thanks <a href="https://github.com/shilman"><code>@​shilman</code></a>!</li> <li>Dependencies: Update <code>vite-plugin-storybook-nextjs</code> - <a href="https://redirect.github.com/storybookjs/storybook/pull/32821">#32821</a>, thanks <a href="https://github.com/ndelangen"><code>@​ndelangen</code></a>!</li> </ul> <h2>9.1.14</h2> <ul> <li>NextJS: Add NextJS 16 support - <a href="https://redirect.github.com/storybookjs/storybook/pull/32791">#32791</a>, thanks <a href="https://github.com/yannbf"><code>@​yannbf</code></a> and <a href="https://github.com/ndelangen"><code>@​ndelangen</code></a>!</li> <li>Addon-Vitest: Support Vitest 4 - <a href="https://redirect.github.com/storybookjs/storybook/pull/32819">#32819</a>, thanks <a href="https://github.com/yannbf"><code>@​yannbf</code></a> and <a href="https://github.com/ndelangen"><code>@​ndelangen</code></a>!</li> <li>CSF: Fix <code>play-fn</code> tag for methods - <a href="https://redirect.github.com/storybookjs/storybook/pull/32695">#32695</a>, thanks <a href="https://github.com/shilman"><code>@​shilman</code></a>!</li> </ul> <h2>9.1.13</h2> <ul> <li>Nextjs: Fix config access for Vite - <a href="https://redirect.github.com/storybookjs/storybook/pull/32759">#32759</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@​valentinpalkovic</code></a>!</li> </ul> <h2>9.1.12</h2> <ul> <li>Maintenance: Hotfix for missing nextjs dts files, thanks <a href="https://github.com/ndelangen"><code>@​ndelangen</code></a>!</li> </ul> <h2>9.1.11</h2> <ul> <li>Automigration: Improve the viewport/backgrounds automigration - <a href="https://redirect.github.com/storybookjs/storybook/pull/32619">#32619</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@​valentinpalkovic</code></a>!</li> <li>Mocking: Fix <code>sb.mock</code> usage in Storybook's deployed in subpaths - <a href="https://redirect.github.com/storybookjs/storybook/pull/32678">#32678</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@​valentinpalkovic</code></a>!</li> <li>NextJS-Vite: Automatically fix bad PostCSS configuration - <a href="https://redirect.github.com/storybookjs/storybook/pull/32691">#32691</a>, thanks <a href="https://github.com/ndelangen"><code>@​ndelangen</code></a>!</li> <li>React Native Web: Fix REACT_NATIVE_AND_RNW should detect vite builder - <a href="https://redirect.github.com/storybookjs/storybook/pull/32718">#32718</a>, thanks <a href="https://github.com/dannyhw"><code>@​dannyhw</code></a>!</li> <li>Telemetry: Add metadata for react routers - <a href="https://redirect.github.com/storybookjs/storybook/pull/32615">#32615</a>, thanks <a href="https://github.com/shilman"><code>@​shilman</code></a>!</li> </ul> <h2>9.1.10</h2> <ul> <li>Automigrations: Add automigration for viewport and backgrounds - <a href="https://redirect.github.com/storybookjs/storybook/pull/31614">#31614</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@​valentinpalkovic</code></a>!</li> <li>Telemetry: Log userAgent in onboarding - <a href="https://redirect.github.com/storybookjs/storybook/pull/32566">#32566</a>, thanks <a href="https://github.com/shilman"><code>@​shilman</code></a>!</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/storybookjs/storybook/commit/f4eff4835ee6076bddf2fa2c8af680afebfaba0e"><code>f4eff48</code></a> Bump version from &quot;9.1.19&quot; to &quot;9.1.20&quot; [skip ci]</li> <li><a href="https://github.com/storybookjs/storybook/commit/046ce4d35020916e996521e04c18abfdf1052eaa"><code>046ce4d</code></a> Formatting</li> <li><a href="https://github.com/storybookjs/storybook/commit/98e74eb845a2f7f4d6a65d719284bc0a459395d6"><code>98e74eb</code></a> Clarify hostname validation for HTTP requests and WebSocket connections</li> <li><a href="https://github.com/storybookjs/storybook/commit/5f27e882807b4816fba5d30490232706dc8354e7"><code>5f27e88</code></a> Core: Backport origin/host validation and update related configurations</li> <li><a href="https://github.com/storybookjs/storybook/commit/20887f19d26d1f6e74712eeec4812f325031420b"><code>20887f1</code></a> Bump version from &quot;9.1.18&quot; to &quot;9.1.19&quot; [skip ci]</li> <li><a href="https://github.com/storybookjs/storybook/commit/66b2d8e30b1c235c198b8de0696755a13a72ceae"><code>66b2d8e</code></a> Fix test</li> <li><a href="https://github.com/storybookjs/storybook/commit/31f16c4cd46f9435e1558204cdccb6bf6b880c7f"><code>31f16c4</code></a> fix linting</li> <li><a href="https://github.com/storybookjs/storybook/commit/62dd25b508d3b8cd771cfadcac9a9f41881c0e11"><code>62dd25b</code></a> Core: Require token for websocket connections</li> <li><a href="https://github.com/storybookjs/storybook/commit/bbe61e351b4b45cd17c7d8005e48e4cab60a0315"><code>bbe61e3</code></a> Bump version from &quot;9.1.17&quot; to &quot;9.1.18&quot; [skip ci]</li> <li><a href="https://github.com/storybookjs/storybook/commit/d0d5a3d645df3493ad935e321d1ef101679cfc2e"><code>d0d5a3d</code></a> Bump version from 9.1.16 to 9.1.17 MANUALLY</li> <li>Additional commits viewable in <a href="https://github.com/storybookjs/storybook/commits/v9.1.20/code/core">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for storybook since your current version.</p> </details> <br /> Updates `vite` from 6.3.5 to 6.4.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v6.4.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.4.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.3.7</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.3.6</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.0...v8.0.1">8.0.1</a> (2026-03-19)<!-- raw HTML omitted --></h2> <h3>Features</h3> <ul> <li>update rolldown to 1.0.0-rc.10 (<a href="https://redirect.github.com/vitejs/vite/issues/21932">#21932</a>) (<a href="https://github.com/vitejs/vite/commit/b3c067d71a781ca72899d08d095c9acd119361ee">b3c067d</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>bundled-dev:</strong> properly disable <code>inlineConst</code> optimization (<a href="https://redirect.github.com/vitejs/vite/issues/21865">#21865</a>) (<a href="https://github.com/vitejs/vite/commit/6d97142abc4805ad53cc732826bb502d6d5dd6ce">6d97142</a>)</li> <li><strong>css:</strong> lightningcss minify failed when <code>build.target: 'es6'</code> (<a href="https://redirect.github.com/vitejs/vite/issues/21933">#21933</a>) (<a href="https://github.com/vitejs/vite/commit/5fcce46a609bc3e3c600810918626b5fc8f16448">5fcce46</a>)</li> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/21878">#21878</a>) (<a href="https://github.com/vitejs/vite/commit/6dbbd7f072b1e13abd96489b0016b3d93d937999">6dbbd7f</a>)</li> <li><strong>dev:</strong> always use ESM Oxc runtime (<a href="https://redirect.github.com/vitejs/vite/issues/21829">#21829</a>) (<a href="https://github.com/vitejs/vite/commit/d323ed7a824c232597c2b4ef2a4f3494e5231c3d">d323ed7</a>)</li> <li><strong>dev:</strong> handle concurrent restarts in <code>_createServer</code> (<a href="https://redirect.github.com/vitejs/vite/issues/21810">#21810</a>) (<a href="https://github.com/vitejs/vite/commit/40bc7293ef574103171f72cc8618f9ef22cc5fa0">40bc729</a>)</li> <li>handle <code>+</code> symbol in package subpath exports during dep optimization (<a href="https://redirect.github.com/vitejs/vite/issues/21886">#21886</a>) (<a href="https://github.com/vitejs/vite/commit/86db93d8b1d511e9a56a4ea576741a5350eac99f">86db93d</a>)</li> <li>improve <code>no-cors</code> request block error (<a href="https://redirect.github.com/vitejs/vite/issues/21902">#21902</a>) (<a href="https://github.com/vitejs/vite/commit/5ba688bc422c54944bc6fc563bfe1ba2616a0911">5ba688b</a>)</li> <li>use precise regexes for transform filter to avoid backtracking (<a href="https://redirect.github.com/vitejs/vite/issues/21800">#21800</a>) (<a href="https://github.com/vitejs/vite/commit/dbe41bddb9db3563c21ae9ce0ebc310e8b8878c9">dbe41bd</a>)</li> <li><strong>worker:</strong> <code>require(json)</code> result should not be wrapped (<a href="https://redirect.github.com/vitejs/vite/issues/21847">#21847</a>) (<a href="https://github.com/vitejs/vite/commit/0672fd20aac00e4f78fe8fe886978a9b64f63ba7">0672fd2</a>)</li> <li><strong>worker:</strong> make worker output consistent with client and SSR (<a href="https://redirect.github.com/vitejs/vite/issues/21871">#21871</a>) (<a href="https://github.com/vitejs/vite/commit/69454d7136f18334e9a58862741ec14a5edf6f98">69454d7</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li>add changelog rearrange script (<a href="https://redirect.github.com/vitejs/vite/issues/21835">#21835</a>) (<a href="https://github.com/vitejs/vite/commit/efef073a6f71be0330bd72784654ed8b8dd60cbf">efef073</a>)</li> <li><strong>deps:</strong> bump required <code>@vitejs/devtools</code> version to 0.1+ (<a href="https://redirect.github.com/vitejs/vite/issues/21925">#21925</a>) (<a href="https://github.com/vitejs/vite/commit/12932f5a5a36b7b3f55ce5e3b867a08154ba1547">12932f5</a>)</li> <li><strong>deps:</strong> update rolldown-related dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/21787">#21787</a>) (<a href="https://github.com/vitejs/vite/commit/1af1d3a3a4fd62fa581392b2dec9052efe8485b3">1af1d3a</a>)</li> <li>rearrange 8.0 changelog (<a href="https://github.com/vitejs/vite/commit/8e05b61d3f2271adb16713835b943e5e13d20499">8e05b61</a>)</li> <li>rearrange 8.0 changelog (<a href="https://redirect.github.com/vitejs/vite/issues/21834">#21834</a>) (<a href="https://github.com/vitejs/vite/commit/86edeee31eeacdbfb93c112df088fbd606f9917e">86edeee</a>)</li> </ul> <h2><a href="https://github.com/vitejs/vite/compare/v8.0.0-beta.18...v8.0.0">8.0.0</a> (2026-03-12)</h2> <p><img src="https://github.com/vitejs/vite/blob/main/docs/public/og-image-announcing-vite8.webp" alt="Vite 8 is here!" /></p> <p>Today, we're thrilled to announce the release of the next Vite major:</p> <ul> <li><strong><a href="https://vite.dev/blog/announcing-vite8.html">Vite 8.0 announcement blog post</a></strong></li> <li><a href="https://vite.dev/">Docs</a> (translations: <a href="https://cn.vite.dev/">简体中文</a>, <a href="https://ja.vite.dev/">日本語</a>, <a href="https://es.vite.dev/">Español</a>, <a href="https://pt.vite.dev/">Português</a>, <a href="https://ko.vite.dev/">한국어</a>, <a href="https://de.vite.dev/">Deutsch</a>, <a href="https://fa.vite.dev/">فارسی</a>)</li> <li><a href="https://vite.dev/guide/migration.html">Migration Guide</a></li> </ul> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>remove <code>import.meta.hot.accept</code> resolution fallback (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21382">#21382</a>)</li> <li>update default browser target (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21193">#21193</a>)</li> <li>the epic <code>rolldown-vite</code> merge (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21189">#21189</a>)</li> </ul> <h3>Features</h3> <ul> <li>update rolldown to 1.0.0-rc.9 (<a href="https://redirect.github.com/vitejs/vite/issues/21813">#21813</a>) (<a href="https://github.com/vitejs/vite/commit/f05be0eabf5c045b8892d463081da3c8fbf5a5ae">f05be0e</a>)</li> <li>warn when <code>vite-tsconfig-paths</code> plugin is detected (<a href="https://redirect.github.com/vitejs/vite/issues/21781">#21781</a>) (<a href="https://github.com/vitejs/vite/commit/ada493e4214ef2028b96583550443a386be2e2ae">ada493e</a>)</li> <li><strong>css:</strong> support es2025 build target for lightningcss (<a href="https://redirect.github.com/vitejs/vite/issues/21769">#21769</a>) (<a href="https://github.com/vitejs/vite/commit/08906e76f2fc0e55c8aea6243f6203ce0c78f106">08906e7</a>)</li> <li>forward browser console logs and errors to dev server terminal (<a href="https://redirect.github.com/vitejs/vite/issues/20916">#20916</a>) (<a href="https://github.com/vitejs/vite/commit/2540ed06d0b6f93829d2d764b6a02f7dbfd14923">2540ed0</a>)</li> <li>update rolldown to 1.0.0-rc.8 (<a href="https://redirect.github.com/vitejs/vite/issues/21790">#21790</a>) (<a href="https://github.com/vitejs/vite/commit/a0c950e30945cc97fb2381a2affac086730fa31e">a0c950e</a>)</li> <li>export <code>Visitor</code> and <code>ESTree</code> from <code>rolldown/utils</code> (<a href="https://redirect.github.com/vitejs/vite/issues/21664">#21664</a>) (<a href="https://github.com/vitejs/vite/commit/45de31e5ffcc514832aec96fa6e09a189c26d684">45de31e</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/0a0c50a7ed38017469ed6dcec941c2d8d0efd0d0"><code>0a0c50a</code></a> refactor: simplify pluginFilter implementation (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19828">#19828</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/59d0b35b30f3a38be33c0a9bdc177945b6f7eb1b"><code>59d0b35</code></a> perf(css): avoid constructing <code>renderedModules</code> (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19775">#19775</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70"><code>175a839</code></a> fix: reject requests with <code>#</code> in request-target (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830">#19830</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/e2e11b15a6083777ee521e26a3f79c3859abd411"><code>e2e11b1</code></a> fix(module-runner): allow already resolved id as entry (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19768">#19768</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/7200deec91a501fb84734e23906f80808734540c"><code>7200dee</code></a> fix: correct the behavior when multiple transform filter options are specifie...</li> <li><a href="https://github.com/vitejs/vite/commit/b1251720d47f15615ea354991cdaa90d9a94aae5"><code>b125172</code></a> fix(css): remove empty chunk imports correctly when chunk file name contained...</li> <li><a href="https://github.com/vitejs/vite/commit/8fe3538d9095384c670815dc42ef67e051f3246f"><code>8fe3538</code></a> test: tweak generateCodeFrame test (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19812">#19812</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/36935b58eabde46ab845e121e21525df5ad65ff1"><code>36935b5</code></a> fix(types): remove the <code>keepProcessEnv</code> from the <code>DefaultEnvironmentOptions</code> ...</li> <li><a href="https://github.com/vitejs/vite/commit/a0e1a0402648e0df60fb928ffd97b0230999990d"><code>a0e1a04</code></a> docs(vite): fix description of <code>transformIndexHtml</code> hook (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19799">#19799</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/71227be9aab52c1c5df59afba4539646204eff74"><code>71227be</code></a> fix: unbundle <code>fdir</code> to fix <code>commonjsOptions.dynamicRequireTargets</code> (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19791">#19791</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/create-vite@6.4.1/packages/vite">compare view</a></li> </ul> </details> <br /> Updates `minimatch` from 3.1.2 to 3.1.5 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712"><code>7bba978</code></a> 3.1.5</li> <li><a href="https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d"><code>bd25942</code></a> docs: add warning about ReDoS</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d"><code>1a9c27c</code></a> fix partial matching of globstar patterns</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23"><code>1a2e084</code></a> 3.1.4</li> <li><a href="https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47"><code>ae24656</code></a> update lockfile</li> <li><a href="https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e"><code>b100374</code></a> limit recursion for **, improve perf considerably</li> <li><a href="https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13"><code>26ffeaa</code></a> lockfile update</li> <li><a href="https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb"><code>9eca892</code></a> lock node version to 14</li> <li><a href="https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a"><code>00c323b</code></a> 3.1.3</li> <li><a href="https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b"><code>30486b2</code></a> update CI matrix and actions</li> <li>Additional commits viewable in <a href="https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5">compare view</a></li> </ul> </details> <br /> Updates `dompurify` from 3.3.0 to 3.3.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.3.3</h2> <ul> <li>Fixed an engine requirement for Node 20 which caused hiccups, thanks <a href="https://github.com/Rotzbua"><code>@​Rotzbua</code></a></li> </ul> <h2>DOMPurify 3.3.2</h2> <ul> <li>Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters</li> <li>Fixed a prototype pollution issue when working with custom elements, thanks <a href="https://github.com/christos-eth"><code>@​christos-eth</code></a></li> <li>Fixed a lenient config parsing in <code>_isValidAttribute</code>, thanks <a href="https://github.com/christos-eth"><code>@​christos-eth</code></a></li> <li>Bumped and removed several dependencies, thanks <a href="https://github.com/Rotzbua"><code>@​Rotzbua</code></a></li> <li>Fixed the test suite after bumping dependencies, thanks <a href="https://github.com/Rotzbua"><code>@​Rotzbua</code></a></li> </ul> <h2>DOMPurify 3.3.1</h2> <ul> <li>Updated <code>ADD_FORBID_CONTENTS</code> setting to extend default list, thanks <a href="https://github.com/MariusRumpf"><code>@​MariusRumpf</code></a></li> <li>Updated the ESM import syntax to be more correct, thanks <a href="https://github.com/binhpv"><code>@​binhpv</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27"><code>8bcbf73</code></a> chore: Preparing 3.3.3 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c"><code>5faddd6</code></a> fix: engine requirement (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1210">#1210</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af"><code>0f91e3a</code></a> Update README.md</li> <li><a href="https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea"><code>d5ff1a8</code></a> Merge branch 'main' of github.com:cure53/DOMPurify</li> <li><a href="https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462"><code>c3efd48</code></a> fix: moved back from jsdom 28 to jsdom 20</li> <li><a href="https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885"><code>988b888</code></a> fix: moved back from jsdom 28 to jsdom 20</li> <li><a href="https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67"><code>2726c74</code></a> chore: Preparing 3.3.2 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1"><code>6202c7e</code></a> build(deps): bump <code>@​tootallnate/once</code> and jsdom (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1204">#1204</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80"><code>302b51d</code></a> fix: Expanded the regex ever so slightly to also cover script</li> <li><a href="https://github.com/cure53/DOMPurify/commit/cd85175da3c4614aeb0f1022f2a347e5e9bdd58b"><code>cd85175</code></a> Merge branch 'main' of github.com:cure53/DOMPurify</li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.3.0...3.3.3">compare view</a></li> </ul> </details> <br /> Updates `flatted` from 3.3.3 to 3.4.2 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7"><code>3bf0909</code></a> 3.4.2</li> <li><a href="https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"><code>885ddcc</code></a> fix CWE-1321</li> <li><a href="https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3"><code>0bdba70</code></a> added flatted-view to the benchmark</li> <li><a href="https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20"><code>2a02dce</code></a> 3.4.1</li> <li><a href="https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416"><code>fba4e8f</code></a> Merge pull request <a href="https://redirect.github.com/WebReflection/flatted/issues/89">#89</a> from WebReflection/python-fix</li> <li><a href="https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7"><code>5fe8648</code></a> added &quot;when in Rome&quot; also a test for PHP</li> <li><a href="https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0"><code>53517ad</code></a> some minor improvement</li> <li><a href="https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f"><code>b3e2a0c</code></a> Fixing recursion issue in Python too</li> <li><a href="https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad"><code>c4b46db</code></a> Add SECURITY.md for security policy and reporting</li> <li><a href="https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988"><code>f86d071</code></a> Create dependabot.yml for version updates</li> <li>Additional commits viewable in <a href="https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2">compare view</a></li> </ul> </details> <br /> Updates `glob` from 10.4.5 to 10.5.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1"><code>56774ef</code></a> 10.5.0</li> <li><a href="https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f"><code>1e4e297</code></a> bin: Do not expose filenames to shell expansion</li> <li>See full diff in <a href="https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0">compare view</a></li> </ul> </details> <br /> Updates `js-yaml` from 4.1.0 to 4.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (&lt;&lt;) operator.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a"><code>cc482e7</code></a> 4.1.1 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f"><code>50968b8</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b"><code>d092d86</code></a> lint fix</li> <li><a href="https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"><code>383665f</code></a> fix prototype pollution in merge (&lt;&lt;)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976"><code>0d3ca7a</code></a> README.md: HTTP =&gt; HTTPS (<a href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b"><code>49baadd</code></a> doc: 'empty' style option for !!null</li> <li><a href="https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce"><code>ba3460e</code></a> Fix demo link (<a href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare view</a></li> </ul> </details> <br /> Updates `lodash` from 4.17.21 to 4.17.23 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/dec55b7a3b382da075e2eac90089b4cd00a26cbb"><code>dec55b7</code></a> Bump main to v4.17.23 (<a href="https://redirect.github.com/lodash/lodash/issues/6088">#6088</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/19c9251b3631d7cf220b43bc757eb33f1084f117"><code>19c9251</code></a> fix: setCacheHas JSDoc return type should be boolean (<a href="https://redirect.github.com/lodash/lodash/issues/6071">#6071</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b5e672995ae26929d111a6e94589f8d03fb8e578"><code>b5e6729</code></a> jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (<a href="https://redirect.github.com/lodash/lodash/issues/6062">#6062</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81"><code>edadd45</code></a> Prevent prototype pollution on baseUnset function</li> <li><a href="https://github.com/lodash/lodash/commit/4879a7a7d0a4494b0e83c7fa21bcc9fc6e7f1a6d"><code>4879a7a</code></a> doc: fix autoLink function, conversion of source links (<a href="https://redirect.github.com/lodash/lodash/issues/6056">#6056</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/9648f692b0fc7c2f6a7a763d754377200126c2e8"><code>9648f69</code></a> chore: remove <code>yarn.lock</code> file (<a href="https://redirect.github.com/lodash/lodash/issues/6053">#6053</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/dfa407db0bf5b200f2c7a9e4f06830ceaf074be9"><code>dfa407d</code></a> ci: remove legacy configuration files (<a href="https://redirect.github.com/lodash/lodash/issues/6052">#6052</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/156e1965ae78b121a88f81178ab81632304e8d64"><code>156e196</code></a> feat: add renovate setup (<a href="https://redirect.github.com/lodash/lodash/issues/6039">#6039</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/933e1061b8c344d3fc742cdc400175d5ffc99bce"><code>933e106</code></a> ci: add pipeline for Bun (<a href="https://redirect.github.com/lodash/lodash/issues/6023">#6023</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/072a807ff7ad8ffc7c1d2c3097266e815d138e20"><code>072a807</code></a> docs: update links related to Open JS Foundation (<a href="https://redirect.github.com/lodash/lodash/issues/5968">#5968</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23">compare view</a></li> </ul> </details> <br /> Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/syntax-tree/mdast-util-to-hast/releases">mdast-util-to-hast's releases</a>.</em></p> <blockquote> <h2>13.2.1</h2> <h4>Fix</h4> <ul> <li>ab3a795 Fix support for spaces in class names</li> </ul> <h4>Types</h4> <ul> <li>efb5312 Refactor to use <code>@import</code>s</li> <li>a5bc210 Add declaration maps</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1">https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/174795b21f7757fffb54dd8d5fb4012f4751f791"><code>174795b</code></a> 13.2.1</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/3d05b3a715133df55689fe3753c2e47101315b4e"><code>3d05b3a</code></a> Update Node in Actions</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/ab3a79570a1afbfa7efef5d4a0cd9b5caafbc5d7"><code>ab3a795</code></a> Fix support for spaces in class names</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/efb531231020055e0dab7b39a18d80b569d5b566"><code>efb5312</code></a> Refactor to use <code>@import</code>s</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/a5bc210f1aa308e4c6141ac374893c9237fcd746"><code>a5bc210</code></a> Add declaration maps</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/b54955d4e123b0167eac13646333c809bb8f301c"><code>b54955d</code></a> Add <code>.tsbuildinfo</code> to <code>.gitignore</code></li> <li>See full diff in <a href="https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1">compare view</a></li> </ul> </details> <br /> Updates `rollup` from 4.42.0 to 4.59.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/releases">rollup's releases</a>.</em></p> <blockquote> <h2>v4.59.1</h2> <h2>4.59.1</h2> <p><em>2026-03-21</em></p> <h3>Bug Fixes</h3> <ul> <li>Fix a crash when using lazy dynamic imports with moduleSideEffects:false (<a href="https://redirect.github.com/rollup/rollup/issues/6306">#6306</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6281">#6281</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6282">#6282</a>: chore(deps): update github artifact actions (major) (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6283">#6283</a>: chore(deps): update dependency nyc to v18 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6284">#6284</a>: fix(deps): update swc monorepo (major) (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6285">#6285</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6290">#6290</a>: chore(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6291">#6291</a>: chore(deps): update dependency <code>@​shikijs/vitepress-twoslash</code> to v4 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6292">#6292</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6297">#6297</a>: chore(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6298">#6298</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6299">#6299</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6300">#6300</a>: docs: update packagephobia link (<a href="https://github.com/bluwy"><code>@​bluwy</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6301">#6301</a>: chore(deps): update dependency lint-staged to ^16.3.3 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6306">#6306</a>: fix: fix chunk assignment for deoptimized module with dynamic import (<a href="https://github.com/JoaoBrlt"><code>@​JoaoBrlt</code></a>, <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6307">#6307</a>: chore(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6308">#6308</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6309">#6309</a>: chore(deps): update dependency vite to v8 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6310">#6310</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6311">#6311</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6312">#6312</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> </ul> <h2>v4.59.0</h2> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6275">#6275</a>: Validate bundle stays within output dir (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <h2>v4.58.0</h2> <h2>4.58.0</h2> <p><em>2026-02-20</em></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/blob/master/CHANGELOG.md">rollup's changelog</a>.</em></p> <blockquote> <h2>4.59.1</h2> <p><em>2026-03-21</em></p> <h3>Bug Fixes</h3> <ul> <li>Fix a crash when using lazy dynamic imports with moduleSideEffects:false (<a href="https://redirect.github.com/rollup/rollup/issues/6306">#6306</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6281">#6281</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6282">#6282</a>: chore(deps): update github artifact actions (major) (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6283">#6283</a>: chore(deps): update dependency nyc to v18 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6284">#6284</a>: fix(deps): update swc monorepo (major) (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6285">#6285</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6290">#6290</a>: chore(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6291">#6291</a>: chore(deps): update dependency <code>@​shikijs/vitepress-twoslash</code> to v4 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6292">#6292</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6297">#6297</a>: chore(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6298">#6298</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6299">#6299</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6300">#6300</a>: docs: update packagephobia link (<a href="https://github.com/bluwy"><code>@​bluwy</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6301">#6301</a>: chore(deps): update dependency lint-staged to ^16.3.3 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6306">#6306</a>: fix: fix chunk assignment for deoptimized module with dynamic import (<a href="https://github.com/JoaoBrlt"><code>@​JoaoBrlt</code></a>, <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6307">#6307</a>: chore(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6308">#6308</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6309">#6309</a>: chore(deps): update dependency vite to v8 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6310">#6310</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6311">#6311</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6312">#6312</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> </ul> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6275">#6275</a>: Validate bundle stays within output dir (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <h2>4.58.0</h2> <p><em>2026-02-20</em></p> <h3>Features</h3> <ul> <li>Also support <code>__NO_SIDE_EFFECTS__</code> annotation before variable declarations declaring function expressions (<a href="https://redirect.github.com/rollup/rollup/issues/6272">#6272</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rollup/rollup/commit/0cba9e079e1d6e56882558827b37557f36c52966"><code>0cba9e0</code></a> 4.59.1</li> <li><a href="https://github.com/rollup/rollup/commit/4eeea29bd42b6abf3dad53b760f53750cd698872"><code>4eeea29</code></a> Pin Vite</li> <li><a href="https://github.com/rollup/rollup/commit/1cd49ae2a2a3de50627e2790b17e3c8704012626"><code>1cd49ae</code></a> fix: fix chunk assignment for deoptimized module with dynamic import (<a href="https://redirect.github.com/rollup/rollup/issues/6306">#6306</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/c9dabc3744b5316a1a08c85b65fce73d465e5453"><code>c9dabc3</code></a> Downgrade Vite</li> <li><a href="https://github.com/rollup/rollup/commit/d46200fd92b083d0997c0216a21f5bcdc5e6efea"><code>d46200f</code></a> chore(deps): update dependency vite to v8 (<a href="https://redirect.github.com/rollup/rollup/issues/6309">#6309</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/aa6c853da554cd8b56b48e94fcfc21a5b027b271"><code>aa6c853</code></a> chore(deps): update dependency lru-cache to v11 (<a href="https://redirect.github.com/rollup/rollup/issues/6308">#6308</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/4208811aa6600f81d94a746a01bd0ff861718578"><code>4208811</code></a> chore(deps): lock file maintenance (<a href="https://redirect.github.com/rollup/rollup/issues/6312">#6312</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/5348a82cee5e07a39164fb78ce9d69bfc557d341"><code>5348a82</code></a> chore(deps): lock file maintenance (<a href="https://redirect.github.com/rollup/rollup/issues/6311">#6311</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/c942b8dc8d9c7e8ed666bb8a694e93a2f7100d63"><code>c942b8d</code></a> chore(deps): update minor/patch updates (<a href="https://redirect.github.com/rollup/rollup/issues/6307">#6307</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/bf9d35c1de82328873302e2930a5388be6de5b96"><code>bf9d35c</code></a> chore(deps): lock file maintenance (<a href="https://redirect.github.com/rollup/rollup/issues/6310">#6310</a>)</li> <li>Additional commits viewable in <a href="https://github.com/rollup/rollup/compare/v4.42.0...v4.59.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for rollup since your current version.</p> </details> <details> <summary>Install script changes</summary> <p>This version modifies <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> Updates `seroval` from 1.3.2 to 1.5.1 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/lxsmnsyc/seroval/commits">compare view</a></li> </ul> </details> <br /> Updates `tar` from 7.4.3 to 7.5.12 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>7.5</h2> <ul> <li>Added <code>zstd</code> compression support.</li> <li>Consistent TOCTOU behavior in sync t.list</li> <li>Only read from ustar block if not specified in Pax</li> <li>Fix sync tar.list when file size reduces while reading</li> <li>Sanitize absolute linkpaths properly</li> <li>Prevent writing hardlink entries to the archive ahead of their file target</li> </ul> <h2>7.4</h2> <ul> <li>Deprecate <code>onentry</code> in favor of <code>onReadEntry</code> for clarity.</li> </ul> <h2>7.3</h2> <ul> <li>Add <code>onWriteEntry</code> option</li> </ul> <h2>7.2</h2> <ul> <li>DRY the command definitions into a single <code>makeCommand</code> method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.</li> </ul> <h2>7.1</h2> <ul> <li>Update minipass to v7.1.0</li> <li>Update the type definitions of <code>write()</code> and <code>end()</code> methods on <code>Unpack</code> and <code>Parser</code> classes to be compatible with the NodeJS.WritableStream type in the latest versions of <code>@types/node</code>.</li> </ul> <h2>7.0</h2> <ul> <li>Drop support for node &lt;18</li> <li>Rewrite in TypeScript, provide ESM and CommonJS hybrid interface</li> <li>Add tree-shake friendly exports, like <code>import('tar/create')</code> and <code>import('tar/read-entry')</code> to get individual functions or classes.</li> <li>Add <code>chmod</code> option that defaults to false, and deprecate <code>noChmod</code>. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.</li> <li>Add <code>processUmask</code> option to avoid having to call <code>process.umask()</code> when <code>chmod: true</code> (or <code>noChmod: false</code>) is set.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/node-tar/commit/2a294d3fbb24c18dc80f31059f49dd9af15653fe"><code>2a294d3</code></a> 7.5.12</li> <li><a href="https://github.com/isaacs/node-tar/commit/01082a42c3256ca6054f9627911cce4dbfe00d92"><code>01082a4</code></a> fix: reject top promise on floating addFilesAsync rejections</li> <li><a href="https://github.com/isaacs/node-tar/commit/dd1c36ab7acff26e5a34935d17f27a45bb088db3"><code>dd1c36a</code></a> linting</li> <li><a href="https://github.com/isaacs/node-tar/commit/35a1ffe73eb4aa05cd2613f8fdcfb4c9c9ed59f9"><code>35a1ffe</code></a> doc: more clarity in security warning</li> <li><a href="https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4"><code>bf776f6</code></a> 7.5.11</li> <li><a href="https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad"><code>f48b5fa</code></a> prevent escaping symlinks with drive-relative paths</li> <li><a href="https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3"><code>97cff15</code></a> docs: more security info</li> <li><a href="https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1"><code>2b72abc</code></a> 7.5.10</li> <li><a href="https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f"><code>7bc755d</code></a> parse root off paths before sanitizing .. parts</li> <li><a href="https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778"><code>c8cb846</code></a> update deps</li> <li>Additional commits viewable in <a href="https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.12">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for tar since your current version.</p> </details> <details> <summary>Install script changes</summary> <p>This version adds <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/shafiqalibhai/ollama/network/alerts). </details>
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b:dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b
git switch dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b
git switch dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b
git rebase main
git switch main
git merge --ff-only dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b
git switch dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b
git rebase main
git switch main
git merge --no-ff dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b
git switch main
git merge --squash dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b
git switch main
git merge --ff-only dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b
git switch main
git merge dependabot/npm_and_yarn/app/ui/app/npm_and_yarn-9c68a3824b
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug
Something isn't working

  
dependencies
Pull requests that update a dependency file

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
go
Pull requests that update go code

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
javascript
Pull requests that update javascript code

  
question
Further information is requested

  
wontfix
This will not be worked on

No labels
bug
dependencies
documentation
duplicate
enhancement
go
good first issue
help wanted
invalid
javascript
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ssa/ollama!1
No description provided.