Skip to content

build(deps): bump the npm_and_yarn group across 2 directories with 6 updates#15

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-eeb9136c55
Open

build(deps): bump the npm_and_yarn group across 2 directories with 6 updates#15
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-eeb9136c55

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 29, 2026
edited
Loading

Bumps the npm_and_yarn group with 3 updates in the / directory: next, hono and valibot.
Bumps the npm_and_yarn group with 2 updates in the /examples/ai-e2e-next directory: next and valibot.

Updates next from 15.0.7 to 15.5.14

Release notes

Sourced from next's releases.

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
  • Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

v15.5.12

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

  • fix unlock in publish-native

This is a re-release of v15.5.11 applying the turbopack changes.

Commits
  • d7b012d v15.5.14
  • 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
  • f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
  • cfd5f53 v15.5.13
  • 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
  • d23f41c v15.5.12
  • 8e75765 fix unlock in publish-native
  • 6cef992 [backport] normalize CRLF line endings in jscodeshift tests on Windows (#8800...
  • 7a94645 Apply needs for publishRelease
  • bbfd4e3 v15.5.11
  • Additional commits viewable in compare view

Updates hono from 4.6.9 to 4.12.7

Release notes

Sourced from hono's releases.

v4.12.7

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.5...v4.12.6

v4.12.5

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.4...v4.12.5

v4.12.4

Security fixes

This release includes fixes for the following security issues:

SSE Control Field Injection

Affects: streamSSE() in Streaming Helper. Fixes injection of unintended SSE fields by rejecting CR/LF characters in event, id, and retry. GHSA-p6xx-57qc-3wxr

Cookie Attribute Injection in setCookie()

Affects: setCookie() from hono/cookie. Fixes cookie attribute manipulation by rejecting ;, \r, and \n in domain and path options. GHSA-5pq2-9x2x-5p6w

... (truncated)

Commits

Updates valibot from 1.1.0 to 1.2.0

Release notes

Sourced from valibot's releases.

v1.2.0

Many thanks to @​EskiMojo14, @​makenowjust, @​ysknsid25 and @​jacekwilczynski for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

  • Add toBigint, toBoolean, toDate, toNumber and toString transformation actions (pull request #1212)
  • Add examples action to add example values to a schema (pull request #1199)
  • Add getExamples method to extract example values from a schema (pull request #1199)
  • Add isbn validation action to validate ISBN-10 and ISBN-13 strings (pull request #1097)
  • Add exports for RawCheckAddIssue, RawCheckContext, RawCheckIssueInfo, RawTransformAddIssue, RawTransformContext and RawTransformIssueInfo types for better developer experience with rawCheck and rawTransform actions (pull request #1359)
  • Change build step to tsdown
  • Fix ReDoS vulnerability in EMOJI_REGEX used by emoji action

v1.2.0 (to-json-schema)

Many thanks to @​cruzdanilo and @​Xiot for contributing to this release.

  • Add support for title, description and examples in metadata action (pull request #1189)
  • Add new override configurations to override default behaviour of JSON Schema conversion (pull request #1197)
  • Add storage for global definitions with addGlobalDefs and getGlobalDefs (pull request #1197)
  • Add new toJsonSchemaDefs function to convert Valibot schema definitions to JSON Schema definitions (pull request #1197)
Commits
  • 053ae97 Bump version to 1.2.0 and update changelog
  • de76d7c Merge pull request #1361 from open-circle/v1.2-blog-post
  • c14f092 Add security fix for ReDoS vulnerability in emoji action and update release n...
  • cfb799d Merge commit from fork
  • 36fafd0 Add release notes blog post for Valibot v1.2 to website
  • 83c07ca Merge pull request #1097 from ysknsid25/feat/add-isbn-validation
  • 6957e0d Add beta annotation to JSDoc comment of isbn action
  • 6c7f9c0 Add docs for new isbn action to website
  • ca902e6 Refactor ISBN regex constants and update validation logic
  • e7a4f17 Refactor and improve new isbn action and update changelog
  • Additional commits viewable in compare view

Updates undici from 7.22.0 to 7.24.6

Release notes

Sourced from undici's releases.

v7.24.6

What's Changed

New Contributors

Full Changelog: nodejs/undici@v7.24.5...v7.24.6

v7.24.5

What's Changed

New Contributors

Full Changelog: nodejs/undici@v7.24.4...v7.24.5

v7.24.4

What's Changed

Full Changelog: nodejs/undici@v7.24.3...v7.24.4

v7.24.3

What's Changed

Full Changelog: nodejs/undici@v7.24.2...v7.24.3

v7.24.2

What's Changed

... (truncated)

Commits
  • 38eab36 Bumped v7.24.6 (#4931)
  • 993609d test: auto-init WPT submodule (#4930)
  • 1eacc49 build(deps-dev): bump typescript from 5.9.3 to 6.0.2 (#4926)
  • b64e7e4 fix: avoid prototype collisions in parseHeaders (#4923)
  • deba679 Revert "fix: assume http/https scheme for scheme-less proxy env vars (#4914)"
  • feef62b fix: support Connection header with connection-specific header names per RFC ...
  • a613d9a docs: clarify fetch and FormData pairing (#4922)
  • 2ba99a3 fix: wrap kConnector call in try/catch to prevent client hang (#4834)
  • a7398c0 fix(cache): check Authorization on request headers per RFC 9111 §3.5 (#4911)
  • 2b2afbc fix: assume http/https scheme for scheme-less proxy env vars (#4914)
  • Additional commits viewable in compare view

Updates @angular/core from 20.3.17 to 20.3.18

Release notes

Sourced from @​angular/core's releases.

20.3.18

compiler

Commit Description
fix - 02fbf08890 disallow translations of iframe src

core

Commit Description
fix - 72126f9a08 sanitize translated attribute bindings with interpolations
fix - 626bc8bc20 sanitize translated form attributes
Changelog

Sourced from @​angular/core's changelog.

20.3.18 (2026-03-12)

compiler

Commit Type Description
02fbf08890 fix disallow translations of iframe src

core

Commit Type Description
72126f9a08 fix sanitize translated attribute bindings with interpolations
626bc8bc20 fix sanitize translated form attributes

22.0.0-next.3 (2026-03-12)

compiler

Commit Type Description
78dea55351 fix disallow translations of iframe src

core

Commit Type Description
999c14eaab fix reverts "feat(core): add support for nested animations"
de0eb4c656 fix sanitize translated form attributes

21.2.4 (2026-03-12)

compiler

Commit Type Description
ed2d324f9c fix disallow translations of iframe src

core

Commit Type Description
abbd8797bb fix reverts "feat(core): add support for nested animations"
d1dcd16c5b fix sanitize translated form attributes

22.0.0-next.2 (2026-03-11)

Breaking Changes

core

  • createNgModuleRef was removed, use createNgModule instead

core

Commit Type Description
b918beda32 feat allow debouncing signals

... (truncated)

Commits
  • 626bc8b fix(core): sanitize translated form attributes
  • 72126f9 fix(core): sanitize translated attribute bindings with interpolations
  • See full diff in compare view

Updates yaml from 2.5.0 to 2.7.0

Release notes

Sourced from yaml's releases.

v2.7.0

The library is now available on JSR as @​eemeli/yaml and on deno.land/x as yaml. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.

  • Use .ts extension in all relative imports (#591)
  • Ignore newline after block seq indicator as space before value (#590)
  • Require Node.js 14.18 or later (was 14.6) (#598)

v2.6.1

  • Do not strip :00 seconds from !!timestamp values (#578, with thanks to @​qraynaud)
  • Tighten regexp for JSON !!bool (#587, with thanks to @​vra5107)
  • Default to literal block scalar if folded would overflow (#585)

v2.6.0

  • Use a proper tag for !!merge << keys (#580)
  • Add stringKeys parse option (#581)
  • Stringify a Document as a Document (#576)
  • Add sponsorship by Manifest

v2.5.1

  • Include range in flow sequence pair maps (#573)
Commits
  • 8f512b5 2.7.0
  • 8a7569a ci: Add jsr.jsonc & jsr-publish workflow
  • 8ef085f docs: Fix API docs links
  • 374c19c style: Really use explicit imports for process.env and Buffer
  • 1ab037d style: Include explicit type declarations on all public APIs
  • 4354c42 style: Use explicit imports for process.env and Buffer
  • 2c55723 Merge pull request #591 from eemeli/import-ts
  • ab240c1 fix: Drop .ts extension from import & export paths in .d.ts files
  • c4c49f9 fix: Use separate rather than inline type keyword for TS compatibility
  • 3bec004 ci: Add deno smoke test
  • Additional commits viewable in compare view

Updates next from 15.0.7 to 15.5.14

Release notes

Sourced from next's releases.

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
  • Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

v15.5.12

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

  • fix unlock in publish-native

This is a re-release of v15.5.11 applying the turbopack changes.

Commits
  • d7b012d v15.5.14
  • 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
  • f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
  • cfd5f53 v15.5.13
  • 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
  • d23f41c v15.5.12
  • 8e75765 fix unlock in publish-native
  • 6cef992 [backport] normalize CRLF line endings in jscodeshift tests on Windows (#8800...
  • 7a94645 Apply needs for publishRelease
  • bbfd4e3 v15.5.11
  • Additional commits viewable in compare view

Updates valibot from 1.1.0 to 1.2.0

Release notes

Sourced from valibot's releases.

v1.2.0

Many thanks to @​EskiMojo14, @​makenowjust, @​ysknsid25 and @​jacekwilczynski for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

  • Add toBigint, toBoolean, toDate, toNumber and toString transformation actions (pull request #1212)
  • Add examples action to add example values to a schema (pull request #1199)
  • Add getExamples method to extract example values from a schema (pull request #1199)
  • Add isbn validation action to validate ISBN-10 and ISBN-13 strings (pull request #1097)
  • Add exports for RawCheckAddIssue, RawCheckContext, RawCheckIssueInfo, RawTransformAddIssue, RawTransformContext and RawTransformIssueInfo types for better developer experience with rawCheck and rawTransform actions (pull request #1359)
  • Change build step to tsdown
  • Fix ReDoS vulnerability in EMOJI_REGEX used by emoji action

v1.2.0 (to-json-schema)

Many thanks to @​cruzdanilo and @​Xiot for contributing to this release.

  • Add support for title, description and examples in metadata action (pull request #1189)
  • Add new override configurations to override default behaviour of JSON Schema conversion (pull request #1197)
  • Add storage for global definitions with addGlobalDefs and getGlobalDefs (pull request #1197)
  • Add new toJsonSchemaDefs function to convert Valibot schema definitions to JSON Schema definitions (pull request #1197)
Commits
  • 053ae97 Bump version to 1.2.0 and update changelog
  • de76d7c Merge pull request #1361 from open-circle/v1.2-blog-post
  • c14f092 Add security fix for ReDoS vulnerability in emoji action and update release n...
  • cfb799d Merge commit from fork
  • 36fafd0 Add release notes blog post for Valibot v1.2 to website
  • 83c07ca Merge pull request #1097 from ysknsid25/feat/add-isbn-validation
  • 6957e0d Add beta annotation to JSDoc comment of isbn action
  • 6c7f9c0 Add docs for new isbn action to website
  • ca902e6 Refactor ISBN regex constants and update validation logic
  • e7a4f17 Refactor and improve new isbn action and update changelog
  • Additional commits viewable in compare view

Updates @angular/core from 20.3.17 to 20.3.18

Release notes

Sourced from @​angular/core's releases.

20.3.18

compiler

Commit Description
fix - 02fbf08890 disallow translations of iframe src

core

Commit Description
fix - 72126f9a08 sanitize translated attribute bindings with interpolations
fix - 626bc8bc20 sanitize translated form attributes
Changelog

Sourced from @​angular/core's changelog.

20.3.18 (2026-03-12)

compiler

Commit Type Description
02fbf08890 fix disallow translations of iframe src

core

Commit Type Description
72126f9a08 fix sanitize translated attribute bindings with interpolations
626bc8bc20 fix sanitize translated form attributes

22.0.0-next.3 (2026-03-12)

compiler

Commit Type Description
78dea55351 fix disallow translations of iframe src

core

Commit Type Description
999c14eaab fix reverts "feat(core): add support for nested animations"
de0eb4c656 fix sanitize translated form attributes

21.2.4 (2026-03-12)

compiler

Commit Type Description
ed2d324f9c fix disallow translations of iframe src

core

Commit Type Description
abbd8797bb fix reverts "feat(core): add support for nested animations"
d1dcd16c5b fix sanitize translated form attributes

22.0.0-next.2 (2026-03-11)

Breaking Changes

core

  • createNgModuleRef was removed, use createNgModule instead

core

Commit Type Description
b918beda32 feat allow debouncing signals

... (truncated)

Commits
  • 626bc8b fix(core): sanitize translated form attributes
  • 72126f9 fix(core): sanitize translated attribute bindings with interpolations
  • See full diff in compare view

Updates hono from 4.6.9 to 4.12.7

Release notes

Sourced from hono's releases.

v4.12.7

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.5...v4.12.6

v4.12.5

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.4...v4.12.5

v4.12.4

Security fixes

This release includes fixes for the following security issues:

SSE Control Field Injection

Affects: streamSSE() in Streaming Helper. Fixes injection of unintended SSE fields by rejecting CR/LF characters in event, id, and retry. GHSA-p6xx-57qc-3wxr

Cookie Attribute Injection in setCookie()

Affects: setCookie() from hono/cookie. Fixes cookie attribute manipulation by rejecting ;, \r, and \n in domain and path options. GHSA-5pq2-9x2x-5p6w

... (truncated)

Commits

Updates undici from 7.22.0 to 7.24.6

Release notes

Sourced from undici's releases.

v7.24.6

What's Changed

New Contributors

Full Changelog: nodejs/undici@v7.24.5...v7.24.6

v7.24.5

What's Changed

New Contributors

Full Changelog: nodejs/undici@v7.24.4...v7.24.5

v7.24.4

What's Changed

Full Changelog: nodejs/undici@v7.24.3...v7.24.4

v7.24.3

What's Changed

Full Changelog: nodejs/undici@v7.24.2...v7.24.3

v7.24.2

What's Changed

... (truncated)

Commits
  • 38eab36 Bumped v7.24.6 (#4931)
  • 993609d test: auto-init WPT submodule (#4930)
  • 1eacc49 build(deps-dev): bump typescript from 5.9.3 to 6.0.2 (#4926)
  • b64e7e4 fix: avoid prototype collisions in parseHeaders (#4923)
  • deba679 Revert "fix: assume http/https scheme for scheme-less proxy env vars (#4914)"
  • feef62b fix: support Connection header with connection-specific header names per RFC ...
  • a613d9a docs: clarify fetch and FormData pairing (#4922)
  • 2ba99a3 fix: wrap kConnector call in try/catch to prevent client hang (#4834)
  • a7398c0 fix(cache): check Authorization on request headers per RFC 9111 §3.5 (#4911)
  • 2b2afbc fix: assume http/https scheme for scheme-less proxy env vars (#4914)
  • Additional commits viewable in compare view

Updates yaml from 2.5.0 to 2.7.0

Release notes

Sourced from ...

Description has been truncated

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 29, 2026
@vercel
Copy link
Copy Markdown
Contributor

vercel bot commented Mar 29, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
ai-toolkit Error Error Apr 1, 2026 4:14am
v0-project Error Error Apr 1, 2026 4:14am

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-eeb9136c55 branch from 40b6815 to c958728 Compare March 31, 2026 05:53
@dependabot
build(deps): bump the npm_and_yarn group across 2 directories with 6 …
95d069a 
…updates

Bumps the npm_and_yarn group with 3 updates in the / directory: [next](https://github.com/vercel/next.js), [hono](https://github.com/honojs/hono) and [valibot](https://github.com/open-circle/valibot).
Bumps the npm_and_yarn group with 2 updates in the /examples/ai-e2e-next directory: [next](https://github.com/vercel/next.js) and [valibot](https://github.com/open-circle/valibot).


Updates `next` from 15.0.7 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.0.7...v15.5.14)

Updates `hono` from 4.6.9 to 4.12.7
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.6.9...v4.12.7)

Updates `valibot` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/open-circle/valibot/releases)
- [Commits](open-circle/valibot@v1.1.0...v1.2.0)

Updates `undici` from 7.22.0 to 7.24.6
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.22.0...v7.24.6)

Updates `@angular/core` from 20.3.17 to 20.3.18
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.18/packages/core)

Updates `yaml` from 2.5.0 to 2.7.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.0...v2.7.0)

Updates `next` from 15.0.7 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.0.7...v15.5.14)

Updates `valibot` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/open-circle/valibot/releases)
- [Commits](open-circle/valibot@v1.1.0...v1.2.0)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.7
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: valibot
  dependency-version: 1.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 7.24.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/core"
  dependency-version: 20.3.18
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: valibot
  dependency-version: 1.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-eeb9136c55 branch from c958728 to 95d069a Compare April 1, 2026 03:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants