Chore(deps): Bump the npm_and_yarn group across 1 directory with 3 updates#1146
Conversation
…dates Bumps the npm_and_yarn group with 3 updates in the /internal/serve/sep24frontend/app directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) and [js-yaml](https://github.com/nodeca/js-yaml). Updates `vite` from 7.3.2 to 7.3.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.3.5/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.5/packages/vite) Updates `@babel/core` from 7.28.0 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core) Updates `js-yaml` from 4.1.1 to 4.2.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/commits) --- updated-dependencies: - dependency-name: vite dependency-version: 7.3.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/core" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
|
Same review applies to the socket-security warning for In response to the socket-security warning: we only use this dep indirectly through build/lint tooling. Not in our src/, not in the shipped bundle, so it never runs in production.
|
Bumps the npm_and_yarn group with 3 updates in the /internal/serve/sep24frontend/app directory: vite, @babel/core and js-yaml.
Updates
vitefrom 7.3.2 to 7.3.5Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
Commits
077945crelease: v7.3.58a6a0c9chore: skip v7.3.4 release8c18556fix: backport #22572, reject windows alternate paths (#22574)f20d64bfix(deps): backport #22571, reject UNC paths for launch-editor-middleware (#2...ca31424release: v7.3.35ab51c0fix: avoid destructure lowering for newer safari (#22346)Updates
@babel/corefrom 7.28.0 to 7.29.7Release notes
Sourced from @babel/core's releases.
... (truncated)
Commits
4fba754v7.29.704ea6b2v7.29.699f498a[7.x packport]Improve input source map handling (#18001)feba0a3Preserve original identifier names from input sourcemaps (#17992) (#17998)aa8394ev7.29.0ad0d03f[7.x backport] feat: Allow specifying startLine in code frame (#17739)d7f4008v7.28.6e130225Polish(standalone): improve message on invalid preset/plugin (#17606)99dcba5chore: enable some ts-eslint rules (#17592)c92c491Improve Unicode handling in code-frame tokenizer (#17589)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@babel/coresince your current version.Updates
js-yamlfrom 4.1.1 to 4.2.0Changelog
Sourced from js-yaml's changelog.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.