Bump the npm_and_yarn group across 1 directory with 11 updates#20
Open
dependabot[bot] wants to merge 1 commit into
Open
Bump the npm_and_yarn group across 1 directory with 11 updates#20dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm_and_yarn group with 9 updates in the /assets directory: | Package | From | To | | --- | --- | --- | | [node-sass](https://github.com/sass/node-sass) | `6.0.1` | `9.0.0` | | [webpack](https://github.com/webpack/webpack) | `5.45.1` | `5.105.4` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.2.6` | `removed` | | [flatted](https://github.com/WebReflection/flatted) | `2.0.1` | `3.4.2` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.0` | `7.0.5` | Updates `node-sass` from 6.0.1 to 9.0.0 - [Release notes](https://github.com/sass/node-sass/releases) - [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md) - [Commits](sass/node-sass@v6.0.1...v9.0.0) Updates `webpack` from 5.45.1 to 5.105.4 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.45.1...v5.105.4) Removes `fast-xml-parser` Updates `flatted` from 2.0.1 to 3.4.2 - [Commits](WebReflection/flatted@v2.0.1...v3.4.2) Updates `js-yaml` from 3.13.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.13.1...3.14.2) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `tar` from 6.1.11 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.11...v6.2.1) Updates `serialize-javascript` from 6.0.0 to 7.0.5 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v7.0.5) Updates `svgo` from 2.3.1 to 4.0.1 - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v2.3.1...v4.0.1) --- updated-dependencies: - dependency-name: node-sass dependency-version: 9.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.105.4 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 1.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 6.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 7.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svgo dependency-version: 4.0.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This was referenced Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 9 updates in the /assets directory:
6.0.19.0.05.45.15.105.44.2.6removed2.0.13.4.23.13.13.14.21.0.11.0.24.17.214.18.11.2.51.2.86.0.07.0.5Updates
node-sassfrom 6.0.1 to 9.0.0Release notes
Sourced from node-sass's releases.
... (truncated)
Commits
87f3899feat: Node 20 support (#3355)06ae4c7build(deps): bump coverallsapp/github-action from 2.0.0 to 2.1.0 (#3350)e069f73build(deps): bump coverallsapp/github-action from 1.2.0 to 2.0.0c34837dbuild(deps): bump coverallsapp/github-action from 1.1.3 to 1.2.0ee13eb98.0.098e75b3feat: Node 18 and 19 support and drop Node 17 (#3257)e9bb866Bump node-gyp and nan for node 19 support (#3314)ab7840bFix binaries being partially downloaded (#3313)d595abf7.0.33b556c17.0.2Updates
webpackfrom 5.45.1 to 5.105.4Release notes
Sourced from webpack's releases.
... (truncated)
Changelog
Sourced from webpack's changelog.
... (truncated)
Commits
27c13b4chore(release): new release (#20550)9b2f41echore: bump terser plugin (#20569)eafe060fix: narrow the export presence guard detection (#20561)75d605crefactor: add AppendOnlyStackedSet iteration support and tests (#20560)afa607drefactor: remove unused code (#20562)4098902test: add source files for web-webworker and web-webworker-auto-public-path (...f97be67refactor: fix duplicated word in Compilation JSDoc (#20547)9d76fffrefactor: add Module.getSourceBasicTypes for basic JS type detection (#20546)a3d7839fix: types for multi stats (#20556)b8e9b05fix: updateenhanced-resolveto support new features fortsconfig.json(#...Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack since your current version.
Install script changes
This version modifies
preparescript that runs during installation. Review the package contents before updating.Removes
fast-xml-parserUpdates
flattedfrom 2.0.1 to 3.4.2Commits
3bf09093.4.2885ddccfix CWE-13210bdba70added flatted-view to the benchmark2a02dce3.4.1fba4e8fMerge pull request #89 from WebReflection/python-fix5fe8648added "when in Rome" also a test for PHP53517adsome minor improvementb3e2a0cFixing recursion issue in Python tooc4b46dbAdd SECURITY.md for security policy and reportingf86d071Create dependabot.yml for version updatesUpdates
js-yamlfrom 3.13.1 to 3.14.2Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
9963d363.14.2 released10d3c8edist rebuild5278870fix prototype pollution in merge (<<) (#731)37caaad3.14.1 released094c0f7dist rebuild9586ebeAvoid calling hasOwnProperty of user-controlled objects34e50723.14.0 released7b25c83Browser files rebuild6f73473Dev deps bump0c29349Travis-CI: drop old nodejs versionsUpdates
json5from 1.0.1 to 1.0.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
... (truncated)
Commits
a62db1e1.0.2e0c23fedocs: update CHANGELOG for v1.0.262a6540fix: add proto to objects and arraysUpdates
lodashfrom 4.17.21 to 4.18.1Release notes
Sourced from lodash's releases.
Commits
cb0b9b9release(patch): bump main to 4.18.1 (#6177)75535f5chore: prune stale advisory refs (#6170)62e91bcdocs: remove n_ Node.js < 6 REPL note from README (#6165)59be2derelease(minor): bump to 4.18.0 (#6161)af63457fix: broken tests for _.template 879aaa91073a76fix: linting issues879aaa9fix: validate imports keys in _.templatefe8d32efix: block prototype pollution in baseUnset via constructor/prototype traversal18ba0a3refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)b819080ci: add dist sync validation workflow (#6137)Updates
minimistfrom 1.2.5 to 1.2.8Changelog
Sourced from minimist's changelog.
... (truncated)
Commits
6901ee2v1.2.8a026794Merge tag 'v0.2.3'c0b2661v0.2.363b8fee[Fix] Fix long option followed by single dash (#17)72239e6[Tests] Remove duplicate test (#12)34b0f1c[eslint] fix indentation3226afa[Dev Deps] add missingnpmignoredev dep098873c[Dev Deps] update@ljharb/eslint-config,aud9ec4d27[Fix] Fix long option followed by single dashba92fe6[actions] Avoid 0.6 tests due to build failuresMaintainer changes
This version was pushed to npm by ljharb, a new releaser for minimist since your current version.
Install script changes
This version adds
prepublishscript that runs during installation. Review the package contents before updating.Updates
tarfrom 6.1.11 to 6.2.1Release notes
Sourced from tar's releases.
Changelog
Sourced from tar's changelog.
... (truncated)
Commits
bef7b1e6.2.1fe8cd57prevent extraction in excessively deep subfoldersfe7ebfdremove security.md5bc9d406.2.0fe1ef5echangelog 6.2e483220get rid of npm lint stuff689928aci that works outside of npm orgdb6f539file inference improvements for .tbr and .tgz336fa8frefactor: dry and other pr commentseeba222chore: lint fixesUpdates
serialize-javascriptfrom 6.0.0 to 7.0.5Release notes
Sourced from serialize-javascript's releases.
... (truncated)
Commits
df3f1c1release: v7.0.5f147e90Merge commit from forkeec32e0release: v7.0.4d5057157.0.32e609d0fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207)42b7cdbbuild(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206)44f544brelease: v7.0.2 (#205)bba0dddci: setup trusted publishing workflow (#204)235f6eaci: bump GitHub Actions to latest versions (#203)f7fff15release: v7.0.1 (#202)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for serialize-javascript since your current version.
Updates
svgofrom 2.3.1 to 4.0.1Release notes
Sourced from svgo's releases.