chore(deps): bump the npm_and_yarn group across 7 directories with 9 updates by dependabot[bot] · Pull Request #98 · zapabob/codex

dependabot · 2026-02-27T12:53:06Z

Bumps the npm_and_yarn group with 1 update in the /codex-rs/tauri-gui directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /extensions directory: ajv.
Bumps the npm_and_yarn group with 2 updates in the /gui-tests directory: systeminformation and qs.
Bumps the npm_and_yarn group with 2 updates in the /packages/protocol-client directory: ajv and rollup.
Bumps the npm_and_yarn group with 4 updates in the /prism-mcp-server directory: ajv, qs, @modelcontextprotocol/sdk and hono.
Bumps the npm_and_yarn group with 5 updates in the /prism-web directory:

Package	From	To
ajv	`6.12.6`	`6.14.0`
minimatch	`9.0.5`	`9.0.9`
minimatch	`3.1.2`	`3.1.5`
rollup	`4.52.5`	`4.59.0`
next	`14.2.35`	`15.5.10`
tar	`7.4.3`	`7.5.9`

Bumps the npm_and_yarn group with 1 update in the /sdk directory: minimatch.

Updates rollup from 4.53.2 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

#6252: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6253: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6254: Fully include dynamic imports in a try-catch (@lukastaegert)

... (truncated)

Commits

ae84695 4.59.0
b39616e Update audit-resolve
c60770d Validate bundle stays within output dir (#6275)
33f39c1 4.58.0
b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
7f00689 Extend agent instructions
e7b2b85 chore(deps): lock file maintenance (#6270)
2aa5da9 fix(deps): update minor/patch updates (#6267)
4319837 chore(deps): update dependency lru-cache to v11 (#6269)
c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates systeminformation from 5.27.14 to 5.30.8

Release notes

Sourced from systeminformation's releases.

v5.30.8

Full Changelog: sebhildebrandt/systeminformation@v5.30.7...v5.30.8

v5.30.7

Full Changelog: sebhildebrandt/systeminformation@v5.30.6...v5.30.7

v5.30.6

Full Changelog: sebhildebrandt/systeminformation@v5.30.5...v5.30.6

v5.30.5

Full Changelog: sebhildebrandt/systeminformation@v5.30.4...v5.30.5

v5.30.4

Full Changelog: sebhildebrandt/systeminformation@v5.30.3...v5.30.4

v5.30.3

Full Changelog: sebhildebrandt/systeminformation@v5.30.2...v5.30.3

v5.30.2

Full Changelog: sebhildebrandt/systeminformation@v5.30.1...v5.30.2

v5.30.1

Full Changelog: sebhildebrandt/systeminformation@v5.30.0...v5.30.1

v5.30.0

Full Changelog: sebhildebrandt/systeminformation@v5.29.1...v5.30.0

v5.29.1

Full Changelog: sebhildebrandt/systeminformation@v5.29.0...v5.29.1

v5.29.0

Full Changelog: sebhildebrandt/systeminformation@v5.28.10...v5.29.0

Changelog

Sourced from systeminformation's changelog.

Changelog

Major Changes - Version 5

New Functions

audio() detailed audio information

bluetoothDevices() detailed information detected bluetooth devices

dockerImages() detailed information docker images

dockerVolumes() detailed information docker volumes

printers() detailed printer information

usb() detailed USB information

wifiInterfaces() detected Wi-Fi interfaces

wifiConnections() active Wi-Fi connections

Breaking Changes

Be aware, that the new version 5.x is NOT fully backward compatible to version 4.x ...

We had to make several interface changes to keep systeminformation as consistent as possible. We highly recommend to go through the complete list and adapt your own code to be again compatible to the new version 5.

Function Old New (V5) Comments

unsupported values -1 null values which are unknown orunsupported on platform

battery() hasbatterycyclecountischargingdesignedcapacitymaxcapacityacconnectedtimeremaining hasBatterycycleCountisChargingdesignedCapacitymaxCapacityacConnectedtimeRemaining pascalCase conformity

blockDevices() fstype fsType pascalCase conformity

cpu() speedminspeedmax speedMinspeedMax pascalCase conformity

cpu().speedcpu().speedMincpu().speedMax string values now returningnumerical values better value handling

cpuCurrentspeed() cpuCurrentSpeed() function name changedpascalCase conformity

currentLoad() avgloadcurrentloadcurrentload_usercurrentload_systemcurrentload_nicecurrentload_idlecurrentload_irqraw_currentload avgLoadcurrentLoadcurrentLoadUsercurrentLoadSystemcurrentLoadNicecurrentLoadIdlecurrentLoadIrqrawCurrentLoad pascalCase conformity

dockerContainerStats() mem_usagemem_limitmem_percentcpu_percentcpu_statsprecpu_statsmemory_stats memUsagememLimitmemPercentcpuPercentcpuStatsprecpuStatsmemoryStats pascalCase conformity

dockerContainerProcesses() pid_host pidHost pascalCase conformity

graphics().display pixeldepthresolutionxresolutionysizexsizey pixelDepthresolutionXresolutionYsizeXsizeY pascalCase conformity

networkConnections() localaddresslocalportpeeraddresspeerport localAddresslocalPortpeerAddresspeerPort pascalCase conformity

networkInterfaces() carrier_changes carrierChanges pascalCase conformity

processes() mem_vszmem_rsspcpupcpuupcpuspmem memVszmemRsscpucpuucpusmem pascalCase conformityrenamed attributes

processLoad() result as object result as array of objects function now allows to provide more thanone process (as a comma separated list)

services() pcpupmem cpumem renamed attributes

vbox() HPETPAEAPICX2APICACPIIOAPICbiosAPICmodeTRC hpetpaeapicx2ApicacpiioApicbiosApicModertc pascalCase conformity

Other Improvements and Changes

baseboard(): added memMax, memSlots

bios(): added language and features (linux)

blockDevices() added raid group member (linux)

cpu(): extended AMD processor list

... (truncated)

Commits

612d97e 5.30.8
22242aa wifiNetworks() fixed CWE-78 command injection issue (linux)
41c7ea4 5.30.7
f4ff1d9 networkInterfaces() fixed getWindowsIEEE8021x issue (windows)
ea02021 5.30.6
53cca2f graphics() improved nvidia-smi detection (windows)
5231c64 fix nvidia-smi folder search (windows)
42bc5a7 5.30.5
505d327 networkInterfaces() fix uppercase iface names (linux)
06e47be 5.30.4
Additional commits viewable in compare view

Updates qs from 6.14.1 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

Commits

bdcf0c7 v6.14.2
294db90 [readme] document that addQueryPrefix does not add ? to empty output
5c308e5 [readme] clarify parseArrays and arrayLimit documentation
6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
1b9a8b4 [actions] fix rebase workflow permissions
2a35775 [meta] fix changelog typo (arrayLength → arrayLimit)
Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates rollup from 4.52.5 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

#6252: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6253: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6254: Fully include dynamic imports in a try-catch (@lukastaegert)

... (truncated)

Commits

ae84695 4.59.0
b39616e Update audit-resolve
c60770d Validate bundle stays within output dir (#6275)
33f39c1 4.58.0
b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
7f00689 Extend agent instructions
e7b2b85 chore(deps): lock file maintenance (#6270)
2aa5da9 fix(deps): update minor/patch updates (#6267)
4319837 chore(deps): update dependency lru-cache to v11 (#6269)
c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates ajv from 8.17.1 to 8.18.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates qs from 6.14.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

Commits

bdcf0c7 v6.14.2
294db90 [readme] document that addQueryPrefix does not add ? to empty output
5c308e5 [readme] clarify parseArrays and arrayLimit documentation
6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
1b9a8b4 [actions] fix rebase workflow permissions
2a35775 [meta] fix changelog typo (arrayLength → arrayLimit)
Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.25.3 to 1.26.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcarleton in modelcontextprotocol/typescript-sdk#1412

fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @samuv in modelcontextprotocol/typescript-sdk#1382

Fix #1430: Client Credentials providers scopes support (backported) by @NSeydoux in modelcontextprotocol/typescript-sdk#1442

chore: bump version to 1.26.0 by @pcarleton in modelcontextprotocol/typescript-sdk#1479

New Contributors

@samuv made their first contribution in modelcontextprotocol/typescript-sdk#1382

@NSeydoux made their first contribution in modelcontextprotocol/typescript-sdk#1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

Commits

fe9c07b chore: bump version to 1.26.0 (#1479)
4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
a05be17 Merge commit from fork
50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
6aba065 chore: bump v1.25.3 for backport fixes (#1412)
See full diff in compare view

Updates hono from 4.11.5 to 4.12.3

Release notes

Sourced from hono's releases.

v4.12.3

What's Changed

fix(validator): prevent type diff bug in form data parsing by @EdamAme-x in honojs/hono#4753

fix(jwt): use Math.floor instead of bitwise OR for safe timestamp by @EdamAme-x in honojs/hono#4754

fix(jwt): fix JwtVariables for ContextVariableMap by @yusukebe in honojs/hono#4764

fix(types): remove DOM type dependencies from ClientResponse and request method by @YevheniiKotyrlo in honojs/hono#4768

fix(types): correct middleware types by @hmnd in honojs/hono#4774

fix(jwt): prevent memory leak by avoiding mutation of options object by @EdamAme-x in honojs/hono#4759

New Contributors

@YevheniiKotyrlo made their first contribution in honojs/hono#4768

@hmnd made their first contribution in honojs/hono#4774

Full Changelog: honojs/hono@v4.12.2...v4.12.3

v4.12.2

Security fix

Fixed incorrect handling of X-Forwarded-For in the AWS Lambda adapter behind ALB that could allow IP-based access control bypass. The detail: GHSA-xh87-mx6m-69f3

Thanks @EdamAme-x

What's Changed

fix(context): revert PR #4707 by @yusukebe in honojs/hono#4757

Full Changelog: honojs/hono@v4.12.1...v4.12.2

v4.12.1

What's Changed

fix(client): export ApplyGlobalResponse from hono/client by @sushichan044 in honojs/hono#4743

Full Changelog: honojs/hono@v4.12.0...v4.12.1

v4.12.0

Release Notes

Hono v4.12.0 is now available!

This release includes new features for the Hono client, middleware improvements, adapter enhancements, and significant performance improvements to the router and context.

$path for Hono Client

The Hono client now has a $path() method that returns the path string instead of a full URL. This is useful when you need just the path portion for routing or key-based operations:
const client = hc<typeof app>('http://localhost:8787')
// Get the path string
</tr></table>

... (truncated)

Commits

790c57b 4.12.3
bda46ac fix(jwt): prevent memory leak by avoiding mutation of options object (#4759)
0f505f4 fix(types): correct middleware types (#4774)
eb9c112 fix(types): remove DOM type dependencies from ClientResponse and request meth...
b1df304 fix(jwt): fix JwtVariables for ContextVariableMap (#4764)
e4602ad fix(jwt): use Math.floor instead of bitwise OR for safe timestamp (#4754)
4bb70fa fix(validator): prevent type diff bug in form data parsing (#4753)
df97e5f 4.12.2
212c64f fix(context): revert PR #4707 (#4757)
5cc8f8f ci: apply automated fixes
Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates minimatch from 9.0.5 to 9.0.9

Commits

8a10e47 9.0.9
c6f1806 brace-expansion@2
446cfa3 9.0.8
8fa151a docs: add warning about ReDoS
71b78a2 fix partial matching of globstar patterns
2de496f 9.0.7
0d4616d limit nested extglob recursion, flatten extglobs
7117ef3 9.0.6
2418458 update deps, do not checkin dist
1d1f531 update deps
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

8a10e47 9.0.9
c6f1806 brace-expansion@2
446cfa3 9.0.8
8fa151a docs: add warning about ReDoS

vercel · 2026-02-27T12:53:09Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
codex	Error		Feb 27, 2026 6:41pm

…updates Bumps the npm_and_yarn group with 1 update in the /codex-rs/tauri-gui directory: [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 1 update in the /extensions directory: [ajv](https://github.com/ajv-validator/ajv). Bumps the npm_and_yarn group with 2 updates in the /gui-tests directory: [systeminformation](https://github.com/sebhildebrandt/systeminformation) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 2 updates in the /packages/protocol-client directory: [ajv](https://github.com/ajv-validator/ajv) and [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 4 updates in the /prism-mcp-server directory: [ajv](https://github.com/ajv-validator/ajv), [qs](https://github.com/ljharb/qs), [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) and [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 5 updates in the /prism-web directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [rollup](https://github.com/rollup/rollup) | `4.52.5` | `4.59.0` | | [next](https://github.com/vercel/next.js) | `14.2.35` | `15.5.10` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.9` | Bumps the npm_and_yarn group with 1 update in the /sdk directory: [minimatch](https://github.com/isaacs/minimatch). Updates `rollup` from 4.53.2 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.2...v4.59.0) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `systeminformation` from 5.27.14 to 5.30.8 - [Release notes](https://github.com/sebhildebrandt/systeminformation/releases) - [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md) - [Commits](sebhildebrandt/systeminformation@v5.27.14...v5.30.8) Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.14.2) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `rollup` from 4.52.5 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.2...v4.59.0) Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.14.2) Updates `@modelcontextprotocol/sdk` from 1.25.3 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0) Updates `hono` from 4.11.5 to 4.12.3 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.11.5...v4.12.3) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `minimatch` from 9.0.5 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) Updates `rollup` from 4.52.5 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.2...v4.59.0) Updates `next` from 14.2.35 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v15.5.10) Updates `tar` from 7.4.3 to 7.5.9 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.9) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: systeminformation dependency-version: 5.30.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-04T20:28:30Z

Superseded by #100.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 27, 2026

dependabot bot requested a review from zapabob as a code owner February 27, 2026 12:53

dependabot bot mentioned this pull request Feb 27, 2026

chore(deps): bump the npm_and_yarn group across 6 directories with 9 updates #97

Closed

vercel bot had a problem deploying to Preview February 27, 2026 12:53 Failure

dependabot bot force-pushed the dependabot/npm_and_yarn/codex-rs/tauri-gui/npm_and_yarn-552ddba21f branch from ac7c7eb to 0d3a06d Compare February 27, 2026 18:41

vercel bot had a problem deploying to Preview February 27, 2026 18:41 Failure

dependabot bot closed this Mar 4, 2026

dependabot bot deleted the dependabot/npm_and_yarn/codex-rs/tauri-gui/npm_and_yarn-552ddba21f branch March 4, 2026 20:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 7 directories with 9 updates#98

chore(deps): bump the npm_and_yarn group across 7 directories with 9 updates#98
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/codex-rs/tauri-gui/npm_and_yarn-552ddba21f

dependabot bot commented on behalf of github Feb 27, 2026 •

edited

Loading

Uh oh!

vercel bot commented Feb 27, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Mar 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Function	Old	New (V5)	Comments
unsupported values	-1	null	values which are unknown orunsupported on platform
`battery()`	hasbatterycyclecountischargingdesignedcapacitymaxcapacityacconnectedtimeremaining	hasBatterycycleCountisChargingdesignedCapacitymaxCapacityacConnectedtimeRemaining	pascalCase conformity
`blockDevices()`	fstype	fsType	pascalCase conformity
`cpu()`	speedminspeedmax	speedMinspeedMax	pascalCase conformity
`cpu().speedcpu().speedMincpu().speedMax`	string values	now returningnumerical values	better value handling
`cpuCurrentspeed()`		cpuCurrentSpeed()	function name changedpascalCase conformity
`currentLoad()`	avgloadcurrentloadcurrentload_usercurrentload_systemcurrentload_nicecurrentload_idlecurrentload_irqraw_currentload	avgLoadcurrentLoadcurrentLoadUsercurrentLoadSystemcurrentLoadNicecurrentLoadIdlecurrentLoadIrqrawCurrentLoad	pascalCase conformity
`dockerContainerStats()`	mem_usagemem_limitmem_percentcpu_percentcpu_statsprecpu_statsmemory_stats	memUsagememLimitmemPercentcpuPercentcpuStatsprecpuStatsmemoryStats	pascalCase conformity
`dockerContainerProcesses()`	pid_host	pidHost	pascalCase conformity
`graphics().display`	pixeldepthresolutionxresolutionysizexsizey	pixelDepthresolutionXresolutionYsizeXsizeY	pascalCase conformity
`networkConnections()`	localaddresslocalportpeeraddresspeerport	localAddresslocalPortpeerAddresspeerPort	pascalCase conformity
`networkInterfaces()`	carrier_changes	carrierChanges	pascalCase conformity
`processes()`	mem_vszmem_rsspcpupcpuupcpuspmem	memVszmemRsscpucpuucpusmem	pascalCase conformityrenamed attributes
`processLoad()`	result as object	result as array of objects	function now allows to provide more thanone process (as a comma separated list)
`services()`	pcpupmem	cpumem	renamed attributes
`vbox()`	HPETPAEAPICX2APICACPIIOAPICbiosAPICmodeTRC	hpetpaeapicx2ApicacpiioApicbiosApicModertc	pascalCase conformity

Conversation

dependabot bot commented on behalf of github Feb 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.59.0

4.59.0

Features

Pull Requests

v4.58.0

4.58.0

Features

Pull Requests

v4.57.1

4.57.1

Bug Fixes

Pull Requests

4.59.0

Features

Pull Requests

4.58.0

Features

Pull Requests

4.57.1

Bug Fixes

Pull Requests

v5.30.8

v5.30.7

v5.30.6

v5.30.5

v5.30.4

v5.30.3

v5.30.2

v5.30.1

v5.30.0

v5.29.1

v5.29.0

Changelog

Major Changes - Version 5

New Functions

Breaking Changes

Other Improvements and Changes

6.14.2

v4.59.0

4.59.0

Features

Pull Requests

v4.58.0

4.58.0

Features

Pull Requests

v4.57.1

4.57.1

Bug Fixes

Pull Requests

4.59.0

Features

Pull Requests

4.58.0

Features

Pull Requests

4.57.1

Bug Fixes

Pull Requests

6.14.2

v1.26.0

What's Changed

New Contributors

v4.12.3

What's Changed

New Contributors

v4.12.2

Security fix

What's Changed

v4.12.1

What's Changed

v4.12.0

Release Notes

$path for Hono Client

Uh oh!

vercel bot commented Feb 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

dependabot bot commented on behalf of github Feb 27, 2026 •

edited

Loading

`$path` for Hono Client

vercel bot commented Feb 27, 2026 •

edited

Loading