Bump the npm_and_yarn group across 7 directories with 18 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
lodash	4.17.20	4.17.23
minimatch	3.0.4	3.1.4
semver	7.3.2	7.5.2
tar	7.5.7	7.5.11
devalue	2.0.1	5.6.4
storybook	8.6.0	8.6.17

Bumps the npm_and_yarn group with 1 update in the /examples/cms-payload directory: payload.
Bumps the npm_and_yarn group with 1 update in the /examples/cms-tina directory: tinacms.
Bumps the npm_and_yarn group with 1 update in the /packages/create-next-app directory: tar.
Bumps the npm_and_yarn group with 4 updates in the /packages/next directory: semver, tar, devalue and storybook.
Bumps the npm_and_yarn group with 1 update in the /turbopack/benchmark-apps directory: ajv.
Bumps the npm_and_yarn group with 14 updates in the /turbopack/crates/turbopack-tracing/tests/node-file-trace directory:

Package	From	To
lodash	4.17.21	4.17.23
minimatch	3.1.2	3.1.5
semver	7.3.8	7.5.2
tar	6.1.11	6.2.1
ajv	6.12.6	6.14.0
axios	0.21.4	0.30.3
bn.js	4.12.0	4.12.3
pbkdf2	3.1.2	3.1.5
qs	6.5.3	6.5.5
koa	2.13.4	3.1.2
mongoose	5.13.15	6.13.6
underscore	1.13.6	1.13.8
vm2	3.9.11	3.10.2
basic-ftp	5.0.5	5.2.0

Updates lodash from 4.17.20 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates minimatch from 3.0.4 to 3.1.4

Commits

• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• 9c31b2d update test expectations for coalesced consecutive stars
• 46fe687 coalesce consecutive non-globstar * characters
• 5a9ccbd [meta] update publishConfig.tag to legacy-v3
• Additional commits viewable in compare view

Updates semver from 7.3.2 to 7.5.2

Release notes

Sourced from semver's releases.

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@​wraithgar)
• aa516b5 #535 faster parse options (#535) (@​H4ad)
• 61e6ea1 #536 faster cache key factory for range (#536) (@​H4ad)
• f8b8b61 #541 optimistic parse (#541) (@​H4ad)
• 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #537 reuse comparators on subset (#537) (@​H4ad)
• f66cc45 #539 faster diff (#539) (@​H4ad)

Documentation

• c5d29df #530 Add "Constants" section to README (@​hcharley)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@​wraithgar)
• aa516b5 #535 faster parse options (#535) (@​H4ad)
• 61e6ea1 #536 faster cache key factory for range (#536) (@​H4ad)
• f8b8b61 #541 optimistic parse (#541) (@​H4ad)
• 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #537 reuse comparators on subset (#537) (@​H4ad)
• f66cc45 #539 faster diff (#539) (@​H4ad)

Documentation

• c5d29df #530 Add "Constants" section to README (@​hcharley)

7.3.8 (2022-10-04)

Bug Fixes

... (truncated)

Commits

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (#566)
• 5c8efbc fix: preserve build in raw after inc (#565)
• 717534e fix: better handling of whitespace (#564)
• 2f738e9 chore: bump @​npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (#559)
• 09c69e2 chore: bump @​npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (#552)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates tar from 7.5.7 to 7.5.11

Commits

• bf776f6 7.5.11
• f48b5fa prevent escaping symlinks with drive-relative paths
• 97cff15 docs: more security info
• 2b72abc 7.5.10
• 7bc755d parse root off paths before sanitizing .. parts
• c8cb846 update deps
• 1f0c2c9 7.5.9
• fbb0851 build minified version as default export
• 6b8eba0 7.5.8
• 2cb1120 fix(unpack): improve UnpackSync symlink error "into" path accuracy
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates devalue from 2.0.1 to 5.6.4

Release notes

Sourced from devalue's releases.

v5.6.4

Patch Changes

• 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

  This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

• 40f1db1: fix: ensure sparse array indices are integers

• 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

  This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

v5.6.3

Patch Changes

• 0f04d4d: fix: Properly handle __proto__
• 819f1ac: fix: better encoding for sparse arrays

v5.6.2

Patch Changes

• 1175584: fix: validate input for ArrayBuffer parsing
• e46afa6: fix: validate input for typed arrays
• 1175584: fix: more helpful errors for inputs causing stack overflows

v5.6.1

Patch Changes

• 2161d44: fix: add hasOwn check before calling reviver

v5.6.0

Minor Changes

• a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
• a3d09d4: feat: add value and root properties in DevalueError instances

v5.5.0

Minor Changes

• 828fa1c: Enable support for custom reducer/reviver for "function" values

v5.4.2

Patch Changes

• 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

v5.4.1

Patch Changes

... (truncated)

Changelog

Sourced from devalue's changelog.

5.6.4

Patch Changes

• 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

  This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

• 40f1db1: fix: ensure sparse array indices are integers

• 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

  This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

5.6.3

Patch Changes

• 0f04d4d: fix: Properly handle __proto__
• 819f1ac: fix: better encoding for sparse arrays

5.6.2

Patch Changes

• 1175584: fix: validate input for ArrayBuffer parsing
• e46afa6: fix: validate input for typed arrays
• 1175584: fix: more helpful errors for inputs causing stack overflows

5.6.1

Patch Changes

• 2161d44: fix: add hasOwn check before calling reviver

5.6.0

Minor Changes

• a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
• a3d09d4: feat: add value and root properties in DevalueError instances

5.5.0

Minor Changes

• 828fa1c: Enable support for custom reducer/reviver for "function" values

5.4.2

Patch Changes

... (truncated)

Commits

• 6cbb3f5 Version Packages (#133)
• 40f1db1 Merge commit from fork
• 87c1f3c Merge commit from fork
• a4a37d2 Version Packages (#132)
• 819f1ac Merge commit from fork
• 0f04d4d Merge commit from fork
• fcf4e88 fix tests
• 1d8a5ea Version Packages (#131)
• 1175584 Merge commit from fork
• e46afa6 Merge commit from fork
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for devalue since your current version.

Updates storybook from 8.6.0 to 8.6.17

Release notes

Sourced from storybook's releases.

v8.6.17

8.6.17

• Harden websocket connection

v8.6.16

8.6.16

• No-op release. No changes.

v8.6.15

8.6.15

• Core: Fix .env-file parsing, thanks @​jreinhold!

Changelog

Sourced from storybook's changelog.

8.6.17

• Harden websocket connection

8.6.16

• No-op release. No changes.

8.6.14

• CLI: Add skip onboarding, recommended/minimal config - #30930, thanks @​shilman!
• Core: Fix using dates in expect statements - #28413, thanks @​yann-combarnous!
• React Native Web: Fix expo router by setting JSX to automatic - #31484, thanks @​dannyhw!
• Test: Make sure that lit arrays are not cloned - #31435, thanks @​kasperpeulen!

8.6.13

• Controls: Fix boxShadow on empty controls - #27193, thanks @​H0onnn!
• React Native Web: Update react-native-web - #31324, thanks @​ndelangen!

8.6.12

• CLI: Only install Visual Test Addon if test feature is selected - #30966, thanks @​ghengeveld!
• Core: Fix telemetry error on Storybook UI - #30953, thanks @​yannbf!
• Ember: Fix ember-template-compiler import for ember 6+ - #30682, thanks @​leoeuclids!
• Next: Update vite-plugin-storybook-nextjs to 2.0.0--canary.33.17a2310.0 - #30997, thanks @​kasperpeulen!
• Svelte: Exclude node_modules from docgen - #30981, thanks @​JReinhold!

8.6.11

• Angular: Fix zone.js support for Angular libraries - #30941, thanks @​valentinpalkovic!

8.6.10

• Addon-docs: Fix non-string handling in Stories block - #30913, thanks @​JamesIves!
• Nextjs: Fix styled-jsx optimize vite warnings - #30932, thanks @​kasperpeulen!
• React: Fix actImplementation is not a function - #30929, thanks @​kasperpeulen!

8.6.9

• Next: Fix react aliases in next vite plugin - #30914, thanks @​kasperpeulen!

8.6.8

• Angular: Export all files in Angular package.json - #30849, thanks @​kasperpeulen!
• CLI: Don't add packageManager entry to package.json automatically - #30855, thanks @​kasperpeulen!
• React: Allow portable stories to be used in SSR - #30847, thanks @​kasperpeulen!
• Svelte: Adjust Svelte typings to include Svelte 5 function components - #30852, thanks @​dummdidumm!
• Telemetry: Make sure that telemetry doesn't fail on init - #30857, thanks @​kasperpeulen!
• Vite: Update HMR filter to target specific story file types - #30845, thanks @​kasperpeulen!

... (truncated)

Commits

• c6e550a Bump version from "8.6.16" to "8.6.17" [skip ci]
• 9cf9d89 Core: Require token for websocket connections
• 7e51515 Bump version from "8.6.15" to "8.6.16" [skip ci]
• 3812b43 Bump version from 8.6.14 to 8.6.15 MANUALLY
• 4a04cb2 filter env vars from .env files
• ab87178 Bump version from "8.6.13" to "8.6.14" [skip ci]
• b210eed Update frameworks.ts
• fe5ea89 Fix lint
• 8c12257 Merge branch 'latest-release'
• 8fa9049 Bump version from "8.6.12" to "8.6.13" [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for storybook since your current version.

Updates payload from 1.9.2 to 3.75.0

Release notes

Sourced from payload's releases.

v3.75.0

v3.75.0 (2026-02-05)

🚀 Features

• adds beforeNav and afterNav component slots (#15493) (f23a1df)
• next: pass full initReq context to server functions and dashboard widgets (#15427) (ce13e97)

🐛 Bug Fixes

• handle absolute paths correctly with tempFileDir upload option (#14436) (5ca9bd4)
• ungenerated image sizes should not store original URL (#15454) (fa1cd62)
• add safety check to redirects from external file URL uploads (#15458) (1041bb6)
• sass warning not hidden during webpack build (#15442) (dec0ea7)
• add collection property to auth documents, fixing multi tenancy access control issue (#15404) (d6aa6cc)
• graphql: blocks return null with select: true (#15464) (c2baef4)
• next: versions diff error when swapping blocks with relationship fields (#15478) (5ba0055)
• next: export SlugField from the client dir not rsc (#15461) (6c07f3b)
• next: sync modular dashboard widgets when server component re-renders (#15439) (5495b47)
• plugin-ecommerce: variant creation blocked by variants in trash (#15449) (3f01682)
• plugin-mcp: create and update resource tools now support point fields (#15381) (a28261d)
• ui: extra padding rendering in list view when no description exists (#15507) (3ff6be4)
• ui: remove slug field from rsc exports (#15480) (8f66035)

⚡ Performance

• next: avoid re-calculating permissions in some server functions, pass missing args (#15428) (9c8be5c)

📚 Documentation

• jobs queue improvements (#15318) (3d357b3)

🎨 Styles

• run lint-staged commands in correct order (#15446) (731037e)

🧪 Tests

• trash e2e URL regex too strict and blocks query parameters (#15498) (57e759c)
• additional admin e2e coverage for templates (#15477) (63d63be)
• reorganize helpers into shared/e2e/int subdirectories (#15479) (b901231)
• enable figma adapter testing (#15467) (f4920d8)
• improve script to reset tests (#15328) (399b579)
• richText fields serialization (#15465) (fc99048)
• update suites selected by default in runTestsWithSummary (#15463) (603897d)
• trash auth e2e tests have race condition on navigation (#15468) (9bd5123)

⚙️ CI

... (truncated)

Commits

• 00e2ffb chore(release): v3.75.0 [skip ci]
• 5ca9bd4 fix: handle absolute paths correctly with tempFileDir upload option (#14436)
• fa1cd62 fix: ungenerated image sizes should not store original URL (#15454)
• f23a1df feat: adds beforeNav and afterNav component slots (#15493)
• 8422668 chore: replace magic strings with centralized constants (#15475)
• 1041bb6 fix: add safety check to redirects from external file URL uploads (#15458)
• 6c07f3b fix(next): export SlugField from the client dir not rsc (#15461)
• 9c8be5c perf(next): avoid re-calculating permissions in some server functions, pass m...
• d6aa6cc fix: add collection property to auth documents, fixing multi tenancy access c...
• ce13e97 feat(next): pass full initReq context to server functions and dashboard widge...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by elliotpayload, a new releaser for payload since your current version.

Updates tinacms from 0.68.15 to 3.6.1

Release notes

Sourced from tinacms's releases.

tinacms@3.6.1

Patch Changes

• Updated dependencies []:
  • @​tinacms/search@​1.2.6

tinacms@3.6.0

Minor Changes

• #6447 60510bb Thanks @​joshbermanssw! - ✨ Object Schema - Add openFormOnCreate flag. Allowing users to opt-in to automatically going inside an object form when the field is true

Patch Changes

• #6451 f23c2a6 Thanks @​joshbermanssw! - Fix inconsistent branch selection modal size between Side Editor and Admin Editor by using tailwind-merge for proper CSS class merging in PopupModal

• #6458 d782ca2 Thanks @​joshbermanssw! - 🤖 Fix previewBranch button from opening a tab with an empty string, instead using correct previewUrl variable

• Updated dependencies [56d533e, 60510bb]:

  • @​tinacms/schema-tools@​2.7.0
  • @​tinacms/mdx@​2.0.7
  • @​tinacms/search@​1.2.5

tinacms@3.5.1

Patch Changes

• #6446 2738749 Thanks @​joshbermanssw! - 🐖 PostHog - Add Telemetry around the branch selector to see which elements users are interacting with on the modal

• #6443 dfb4ce8 Thanks @​joshbermanssw! - 📊 Telemetry - Add telemetry to CollectionListPage to identify how users are interacting with the page (button clicks, filtering etc)

• Updated dependencies []:

  • @​tinacms/search@​1.2.4

tinacms@3.5.0

Minor Changes

• #6438 f90d47b Thanks @​joshbermanssw! - Telemetry - We’ve added anonymous telemetry to help us understand how Tina is used and prioritize improvements in areas where it matters. No personal or sensitive data is collected, and the information cannot be used to identify individual users. Telemetry is used solely to improve performance, stability, and the overall user experience. You can opt-out at any time by disabling telemetry in your Tina config.

  Read more at https://tina.io/telemetry

• #5957 89aee8a Thanks @​isaaclombardssw! - The referenced files menu is being revamped to improve the UX and increase clarity.

Patch Changes

• #6373 da837f7 Thanks @​joshbermanssw! - 🔌 Modernisze Branch Switcher by adding @tanstack/react-table 💄 Replace old BranchSelector with a new BranchSelectorTable component using react-table 🧹 Cleanup duplicate cn references + add alias' for tsconfig and vite config

• #6436 c806e41 Thanks @​joshbermanssw! - 💄 UI - Remove cursor-pointer from alert

• Updated dependencies [f90d47b]:

... (truncated)

Changelog

Sourced from tinacms's changelog.

3.6.1

Patch Changes

• Updated dependencies []:
  • @​tinacms/search@​1.2.6

3.6.0

Minor Changes

• #6447 60510bb Thanks @​joshbermanssw! - ✨ Object Schema - Add openFormOnCreate flag. Allowing users to opt-in to automatically going inside an object form when the field is true

Patch Changes

• #6451 f23c2a6 Thanks @​joshbermanssw! - Fix inconsistent branch selection modal size between Side Editor and Admin Editor by using tailwind-merge for proper CSS class merging in PopupModal

• #6458 d782ca2 Thanks @​joshbermanssw! - 🤖 Fix previewBranch button from opening a tab with an empty string, instead using correct previewUrl variable

• Updated dependencies [56d533e, 60510bb]:

  • @​tinacms/schema-tools@​2.7.0
  • @​tinacms/mdx@​2.0.7
  • @​tinacms/search@​1.2.5

3.5.1

Patch Changes

• #6446 2738749 Thanks @​joshbermanssw! - 🐖 PostHog - Add Telemetry around the branch selector to see which elements users are interacting with on the modal

• #6443 dfb4ce8 Thanks @​joshbermanssw! - 📊 Telemetry - Add telemetry to CollectionListPage to identify how users are interacting with the page (button clicks, filtering etc)

• Updated dependencies []:

  • @​tinacms/search@​1.2.4

3.5.0

Minor Changes

• #6438 f90d47b Thanks @​joshbermanssw! - Telemetry - We’ve added anonymous telemetry to help us understand how Tina is used and prioritize improvements in areas where it matters. No personal or sensitive data is collected, and the information cannot be used to identify individual users. Telemetry is used solely to improve performance, stability, and the overall user experience. You can opt-out at any time by disabling telemetry in your Tina config.

  Read more at https://tina.io/telemetry

• #5957 89aee8a Thanks @​isaaclombardssw! - The referenced files menu is being revamped to improve the UX and increase clarity.

Patch Changes

• #6373 da837f7 Thanks @​joshbermanssw! - 🔌 Modernisze Branch Switcher by adding @tanstack/react-table 💄 Replace old BranchSelector with a new BranchSelectorTable component using react-table 🧹 Cleanup duplicate cn references + add alias' for tsconfig and vite config

... (truncated)

Commits

• e0a65b8 Version Packages (#6479)
• 661102d Version Packages (#6452)
• d7cbe22 Fix modal title not wrapping on mobile (#6461)
• 77cf3f5 Update tina-login.png (#6448)
• d782ca2 Fix BranchPreviewButton opening about:blank instead of configured URL (#6458)
• 60510bb ✨ Object Schema - add openFormOnCreate boolean (#6447)
• f23c2a6 Fix inconsistent branch selection modal size between Side Editor and Admin Ed...
• 2b04d1d Version Packages (#6445)
• 2738749 🐖 PostHog - Add Telemetry around Branch Selector Modal (#6446)
• dfb4ce8 🐖 PostHog - Add Telemetry to CollectionList Page (#6443)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for tinacms since your current version.

Updates tar from 7.5.7 to 7.5.11...

Description has been truncated