Bump the npm group with 12 updates

[dependabot]

Bumps the npm group with 12 updates:

Package	From	To
@codemirror/search	6.5.11	6.6.0
@codemirror/state	6.5.3	6.5.4
@codemirror/view	6.39.8	6.39.12
datatables.net	2.3.6	2.3.7
datatables.net-bs5	2.3.6	2.3.7
jquery	3.7.1	4.0.0
katex	0.16.27	0.16.28
prosemirror-markdown	1.13.2	1.13.3
prosemirror-view	1.41.4	1.41.5
autoprefixer	10.4.23	10.4.24
rollup	4.54.0	4.57.1
sass	1.97.1	1.97.3

Updates @codemirror/search from 6.5.11 to 6.6.0

Changelog

Sourced from @​codemirror/search's changelog.

6.6.0 (2026-01-13)

New features

Search queries now support a generic test field that can be used to implement custom tests on matches.

Commits

• 502b2e4 Mark version 6.6.0
• 9b9e121 Allocate less closures in test function implementation
• d554699 Add a test field to search query objects
• 9a54e64 Use git+https format for package.json repository field
• 3fd68b9 Simplify gotoLine using the new showDialog utility
• See full diff in compare view

Updates @codemirror/state from 6.5.3 to 6.5.4

Changelog

Sourced from @​codemirror/state's changelog.

6.5.4 (2026-01-14)

Bug fixes

Make SelectionRange.eq return false when the ranges have different goal columns.

Commits

• 8897323 Mark version 6.5.4
• 75518c0 Include goal column when comparing selection ranges
• a0889f8 Use git+https format for package.json repository field
• See full diff in compare view

Updates @codemirror/view from 6.39.8 to 6.39.12

Changelog

Sourced from @​codemirror/view's changelog.

6.39.12 (2026-01-30)

Bug fixes

Fix a bug where the visual selection drawn by drawSelection could fail to update properly in some circumstances.

Fix a bug where PageUp/PageDown near the edge of the viewport might completely skip to the start/end of the document.

Fix a regression that caused mark decorations to be split on text node chunk boundaries again.

6.39.11 (2026-01-14)

Bug fixes

Avoid handling copy events for parent editors.

6.39.10 (2026-01-13)

Bug fixes

Fix a regression in the way widget are reused when content next to them changes.

Make sure font metrics get recomputed on fonts.ready even if the line height doesn't change.

Fix an issue where compositions next to a widget that create a new text node could get needlessly interrupted during an editor update.

6.39.9 (2026-01-06)

Bug fixes

Fix a bug where EditorSelection.cursor() with a non-zero assoc value would not be visually respected at soft-wrap boundaries on initial view creation.

Fix error caused by hover tooltips running a scheduled timeout after their editor has been destroyed.

Fix a bug that caused EditorView.outerDecorations to not affect the content height map.

Fix an issue where composition near a widget could get unnecessarily interrupted.

Commits

• f14dcd5 Mark version 6.39.12
• 16a0c29 Fix another issue around chunked large text nodes
• 4b908ab Fix poor handling of vertical motion exiting the viewport
• e147626 Fix negative computed width in RectangleMarker.forRange
• 6fcf2e1 Mark version 6.39.11
• 95fd570 Use a custom selection comparison when only the position should be compared
• 4c56500 Remove a loop that never loops anymore
• 01fbc42 Avoid handling copy events for parent elements
• 74c9e9b Mark version 6.39.10
• 9656641 Fix another way widgets could be reused across a composition
• Additional commits viewable in compare view

Updates datatables.net from 2.3.6 to 2.3.7

Release notes

Sourced from datatables.net's releases.

2.3.7

DataTables 2.3.7

Commits

• 8372073 Sync tag release - 2.3.7
• 7b7cd74 f44b4cd038bcea7370ae08c2858bfaf4e878dea1 Release 2.3.7
• 08d4de0 dc059e94f5d8c679149dda517009402c3073f816 Dev: Update browser mapping
• f2f3898 bef31e92a24adf1bf698c7fb359703dcaf38c9f5 Fix: :visible selector will no lon...
• 2c3b55b f8181845f754e5e79dd9b6f142c2887e8215f98d Fix: tfoot should be the last elem...
• See full diff in compare view

Updates datatables.net-bs5 from 2.3.6 to 2.3.7

Release notes

Sourced from datatables.net-bs5's releases.

2.3.7

DataTables Bootstrap5 2.3.7

Commits

• 449af85 Sync tag release - 2.3.7
• 3d5abf1 f44b4cd038bcea7370ae08c2858bfaf4e878dea1 Release 2.3.7
• ab236b5 dc059e94f5d8c679149dda517009402c3073f816 Dev: Update browser mapping
• 810ba16 bef31e92a24adf1bf698c7fb359703dcaf38c9f5 Fix: :visible selector will no lon...
• 44659b9 f8181845f754e5e79dd9b6f142c2887e8215f98d Fix: tfoot should be the last elem...
• See full diff in compare view

Updates jquery from 3.7.1 to 4.0.0

Release notes

Sourced from jquery's releases.

Release 4.0.0

Changelog

https://blog.jquery.com/2026/01/17/jquery-4-0-0/

Ajax

• Don't treat array data as binary (992a1911)
• Allow processData: true even for binary data (ce264e07)
• Support binary data (including FormData) (a7ed9a7b)
• Support headers for script transport even when cross-domain (#5142, 6d136443)
• Support null as success functions in jQuery.get (#4989, 74978b7e)
• Don't auto-execute scripts unless dataType provided (#4822, 025da4dd)
• Make responseJSON work for erroneous same-domain JSONP requests (68b4ec59)
• Execute JSONP error script responses (#4771, a1e619b0)
• Avoid CSP errors in the script transport for async requests (#3969, 07a8e4a1)
• Drop the json to jsonp auto-promotion logic (#1799, #3376, e7b3bc48)
• Overwrite s.contentType with content-type header value, if any (#4119, 7fb90a6b)
• Deprecate AJAX event aliases, inline event/alias into deprecated (23d53928)
• Do not execute scripts for unsuccessful HTTP responses (#4250, 50871a5a)
• Simplify jQuery.ajaxSettings.xhr (#1967, abdc89ac)

Attributes

• Make .attr( name, false ) remove for all non-ARIA attrs (#5388, 063831b6)
• Shave off a couple of bytes (b40a4807)
• Don't stringify attributes in the setter (#4948, 4250b628)
• Drop the toggleClass(boolean|undefined) signature (#3388, a4421101)
• Refactor val(): don't strip carriage return, isolate IE workarounds (ff281991)
• Don't set the type attr hook at all outside of IE (9e66fe9a)

CSS

• Fix dimensions of table <col> elements (#5628, eca2a564)
• Drop the cache in finalPropName (640d5825)
• Tests: Fix tests & support tests under CSS Zoom (#5489, 071f6dba)
• Fix reliableTrDimensions support test for initially hidden iframes (b1e66a5f)
• Selector: Align with 3.x, remove the outer selector.js wrapper (53cf7244)
• Make the reliableTrDimensions support test work with Bootstrap CSS (#5270, 65b85031)
• Make offsetHeight( true ), etc. include negative margins (#3982, bce13b72)
• Return undefined for whitespace-only CSS variable values (#5120) (7eb00196)
• Don’t trim whitespace of undefined custom property (#5105, ed306c02)
• Skip falsy values in addClass( array ), compress code (#4998, a338b407)
• Justify use of rtrim on CSS property values (655c0ed5)
• Trim whitespace surrounding CSS Custom Properties values (#4926, efadfe99)
• Include show, hide & toggle methods in the jQuery slim build (297d18dd)
• Remove the opacity CSS hook (865469f5)
• Workaround buggy getComputedStyle on table rows in IE/Edge (#4490, 26415e08)
• Don't automatically add "px" to properties with a few exceptions (#2795, 00a9c2e5)

... (truncated)

Commits

• 4f2fae0 Release: 4.0.0
• c838cfb Release: remove dist files from main branch
• 9752519 Release: 4.0.0-rc.2
• c128d5d Release: Update AUTHORS.txt
• 5fe9c29 Build: De-dupe three authors via mailmap
• afdd032 Build: Post beta browser tests errors to jquery/dev on Matrix
• 546a1eb Build: Bump the github-actions group with 4 updates
• ec738b3 Build: Fix Chrome beta tests
• c28c26a Build: Add periodic tests on beta versions of browsers
• f513413 Build: Bump the github-actions group with 2 updates
• Additional commits viewable in compare view

Updates katex from 0.16.27 to 0.16.28

Release notes

Sourced from katex's releases.

v0.16.28

0.16.28 (2026-01-25)

Bug Fixes

• type: add missing types definition path to package.json (#4125) (0ef8921)

Changelog

Sourced from katex's changelog.

0.16.28 (2026-01-25)

Bug Fixes

• type: add missing types definition path to package.json (#4125) (0ef8921)

Commits

• dd50cde chore(release): 0.16.28 [ci skip]
• 0ef8921 fix(type): add missing types definition path to package.json (#4125)
• a2fcfe3 docs: add MintApps to list of users (#4066)
• d37328c docs: fix typo in comment about infix precedence (#4095)
• dd2e2fb docs(supported.md): fix typo in \textquoteleft example
• b73f941 docs: add Educase as user, fix user icon links (#4104)
• See full diff in compare view

Updates prosemirror-markdown from 1.13.2 to 1.13.3

Changelog

Sourced from prosemirror-markdown's changelog.

1.13.3 (2026-01-20)

Bug fixes

Properly move trailing whitespace out of marks when they end in a hard break node.

Commits

• 3e8fcc5 Mark version 1.13.3
• 7c42a17 Fix a bug with serializing whitespace-expelling marks
• See full diff in compare view

Updates prosemirror-view from 1.41.4 to 1.41.5

Changelog

Sourced from prosemirror-view's changelog.

1.41.5 (2026-01-14)

Bug fixes

Work around an issue where, after some kinds of changes, Chrome misreports the cursor position and breaks composition.

Improve DOM update behavior when deleting three or more nodes right before a mark, which would unnecessarily re-render the entire mark.

Work around a newly introduced bug in Safari where composition in an empty table cell causes it to move the text out of the cell into the row element.

Commits

• 07ca167 Mark version 1.41.5
• 1773eac Kludge around IME behavior regression in Safari
• ba24690 Use a style sheet to prevent images from having zero height in the tests
• e381b1c Avoid recreating marks around unchanged nodes
• 76c7c47 Adjust workaround for Chrome selection misreporting bug
• See full diff in compare view

Updates autoprefixer from 10.4.23 to 10.4.24

Release notes

Sourced from autoprefixer's releases.

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

Changelog

Sourced from autoprefixer's changelog.

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

Commits

• 36692c2 Release 10.4.24 version
• 67df014 Update dependencies
• 032440e perf: reduce array allocations (#1542)
• See full diff in compare view

Updates rollup from 4.54.0 to 4.57.1

Release notes

Sourced from rollup's releases.

v4.57.1

4.57.1

2026-01-30

Bug Fixes

• Fix heap corruption issue in Windows (#6251)
• Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

• #6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@​alan-agius4, @​lukastaegert)
• #6252: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6253: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6254: Fully include dynamic imports in a try-catch (@​lukastaegert)
• #6255: chore(deps): lock file maintenance (@​renovate[bot])

v4.57.0

4.57.0

2026-01-27

Features

• Add import attributes to all plugin hooks that did not provide them yet (#5700)
• Deprecate returning import attributes from load or transform hooks as that will no longer be supported with rollup 5 (#5700)

Pull Requests

• #5700: extend more hooks to include import attributes and add warnings (@​TrickyPi, @​lukastaegert)
• #6243: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #6244: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6245: chore(deps): lock file maintenance (@​renovate[bot])
• #6246: Refactor to reduce Rollup 5 upgrade diff (@​lukastaegert)

v4.56.0

4.56.0

2026-01-22

Features

• Track object property inclusions of dynamic namespace members (#6230)

Bug Fixes

• Handle methods that access dynamically imported namespace members via this (#6230)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.57.1

2026-01-30

Bug Fixes

• Fix heap corruption issue in Windows (#6251)
• Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

• #6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@​alan-agius4, @​lukastaegert)
• #6252: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6253: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6254: Fully include dynamic imports in a try-catch (@​lukastaegert)
• #6255: chore(deps): lock file maintenance (@​renovate[bot])

4.57.0

2026-01-27

Features

• Add import attributes to all plugin hooks that did not provide them yet (#5700)
• Deprecate returning import attributes from load or transform hooks as that will no longer be supported with rollup 5 (#5700)

Pull Requests

• #5700: extend more hooks to include import attributes and add warnings (@​TrickyPi, @​lukastaegert)
• #6243: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #6244: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6245: chore(deps): lock file maintenance (@​renovate[bot])
• #6246: Refactor to reduce Rollup 5 upgrade diff (@​lukastaegert)

4.56.0

2026-01-22

Features

• Track object property inclusions of dynamic namespace members (#6230)

Bug Fixes

• Handle methods that access dynamically imported namespace members via this (#6230)

Pull Requests

• #6230: Refine namespace handling (@​lukastaegert)

... (truncated)

Commits

• d37675f 4.57.1
• eafac0b chore(deps): lock file maintenance (#6255)
• 47fa568 chore(deps): update dependency lru-cache to v11 (#6252)
• 416f476 Fully include dynamic imports in a try-catch (#6254)
• 5e393e3 fix: Isolate and cache process.report.getReport() calls in a child process ...
• c931d23 chore(deps): lock file maintenance minor/patch updates (#6253)
• c79e6c2 Mitigate vulnerability that would allow to steal credentials
• 743d054 4.57.0
• 74121c7 extend more hooks to include import attributes and add warnings (#5700)
• c519d82 Refactor to reduce Rollup 5 upgrade diff (#6246)
• Additional commits viewable in compare view

Updates sass from 1.97.1 to 1.97.3

Release notes

Sourced from sass's releases.

Dart Sass 1.97.3

To install Sass 1.97.3, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Fix a bug where nesting an at-rule within multiple style rules in plain CSS could cause outer style rules to be omitted.

See the full changelog for changes in earlier releases.

Dart Sass 1.97.2

To install Sass 1.97.2, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Additional fixes for implicit configuration when nested imports are involved.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.97.3

• Fix a bug where nesting an at-rule within multiple style rules in plain CSS could cause outer style rules to be omitted.

1.97.2

• Additional fixes for implicit configuration when nested imports are involved.

Commits

• 080eaef Fix at-rules combined with plain CSS nesting (#2725)
• f6f73f8 Bump gts from 6.0.2 to 7.0.0 in /pkg/sass-parser (#2711)
• 0b87dd7 Bump protobuf and protoc_plugin (#2723)
• d12cc7d Fix bug with implicit configuration for nested imports (#2658)
• 340bfd2 Bump actions/download-artifact from 6 to 7 (#2706)
• a795ab3 Bump actions/upload-artifact from 5 to 6 (#2705)
• add7e6f Bump protoc_plugin from 23.0.0 to 24.0.0 (#2696)
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
sass	[>= 1.81.a, < 1.82]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions