Skip to content

build(deps): bump the npm_and_yarn group across 1 directory with 6 updates #594

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Bashamega merged 1 commit into from
Dec 12, 2025
Merged

build(deps): bump the npm_and_yarn group across 1 directory with 6 updates #594

Bashamega merged 1 commit into from
Dec 12, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 12, 2025

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package From To
next 15.2.4 15.5.9
sweetalert2 11.22.0 11.22.4
@eslint/plugin-kit 0.3.3 0.3.5
js-yaml 3.14.1 3.14.2
brace-expansion 1.1.11 1.1.12
mdast-util-to-hast 13.2.0 13.2.1

Updates next from 15.2.4 to 15.5.9

Release notes

Sourced from next's releases.

v15.5.9

Please see the Next.js Security Update for information about this security patch.

v15.5.7

Please see CVE-2025-66478 for additional details about this release.

v15.5.6

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Turbopack: don't define process.cwd() in node_modules #83452

Credits

Huge thanks to @​mischnic for helping!

v15.5.5

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Split code-frame into separate compiled package (#84238)
  • Add deprecation warning to Runtime config (#84650)
  • fix: unstable_cache should perform blocking revalidation during ISR revalidation (#84716)
  • feat: experimental.middlewareClientMaxBodySize body cloning limit (#84722)
  • fix: missing next/link types with typedRoutes (#84779)

Misc Changes

  • docs: early October improvements and fixes (#84334)

Credits

Huge thanks to @​devjiwonchoi, @​ztanner, and @​icyJoseph for helping!

v15.4.10

Please see the Next.js Security Update for information about this security patch.

v15.4.8

Please see CVE-2025-66478 for additional details about this release.

v15.3.8

Please see the Next.js Security Update for information about this security patch.

v15.3.6

Please see CVE-2025-66478 for additional details about this release.

v15.2.8

Please see the Next.js Security Update for information about this security patch.

... (truncated)

Commits

Updates sweetalert2 from 11.22.0 to 11.22.4

Release notes

Sourced from sweetalert2's releases.

v11.22.4

11.22.4 (2025-08-14)

Bug Fixes

v11.22.3

11.22.3 (2025-08-08)

Bug Fixes

v11.22.2

11.22.2 (2025-06-29)

Bug Fixes

  • simplify success icon when animation: false (#2836) (affbbf5)

v11.22.1

11.22.1 (2025-06-23)

Bug Fixes

  • always prevent default esc when swal is shown (#2834) (4782601)
Changelog

Sourced from sweetalert2's changelog.

11.22.4 (2025-08-14)

Bug Fixes

11.22.3 (2025-08-08)

Bug Fixes

11.22.2 (2025-06-29)

Bug Fixes

  • simplify success icon when animation: false (#2836) (affbbf5)

11.22.1 (2025-06-23)

Bug Fixes

  • always prevent default esc when swal is shown (#2834) (4782601)
Commits

Updates @eslint/plugin-kit from 0.3.3 to 0.3.5

Release notes

Sourced from @​eslint/plugin-kit's releases.

plugin-kit: v0.3.5

0.3.5 (2025-08-05)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.1 to ^0.15.2

plugin-kit: v0.3.4

0.3.4 (2025-07-21)

Bug Fixes

  • potential quadratic runtime in regular expression (#240) (b283f64)
Changelog

Sourced from @​eslint/plugin-kit's changelog.

0.3.5 (2025-08-05)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.1 to ^0.15.2

0.3.4 (2025-07-21)

Bug Fixes

  • potential quadratic runtime in regular expression (#240) (b283f64)
Commits

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates mdast-util-to-hast from 13.2.0 to 13.2.1

Release notes

Sourced from mdast-util-to-hast's releases.

13.2.1

Fix

  • ab3a795 Fix support for spaces in class names

Types

  • efb5312 Refactor to use @imports
  • a5bc210 Add declaration maps

Full Changelog: syntax-tree/mdast-util-to-hast@13.2.0...13.2.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 6 up…
2613c33 
…dates

Bumps the npm_and_yarn group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [next](https://github.com/vercel/next.js) | `15.2.4` | `15.5.9` |
| [sweetalert2](https://github.com/sweetalert2/sweetalert2) | `11.22.0` | `11.22.4` |
| [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit) | `0.3.3` | `0.3.5` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` |



Updates `next` from 15.2.4 to 15.5.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.2.4...v15.5.9)

Updates `sweetalert2` from 11.22.0 to 11.22.4
- [Release notes](https://github.com/sweetalert2/sweetalert2/releases)
- [Changelog](https://github.com/sweetalert2/sweetalert2/blob/main/CHANGELOG.md)
- [Commits](sweetalert2/sweetalert2@v11.22.0...v11.22.4)

Updates `@eslint/plugin-kit` from 0.3.3 to 0.3.5
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.3.5/packages/plugin-kit)

Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1
- [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases)
- [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.9
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: sweetalert2
  dependency-version: 11.22.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@eslint/plugin-kit"
  dependency-version: 0.3.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mdast-util-to-hast
  dependency-version: 13.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 12, 2025
@dependabot dependabot bot requested a review from Bashamega as a code owner December 12, 2025 05:31
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 12, 2025
@vercel
Copy link

vercel bot commented Dec 12, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
web-dev-tools Ready Ready Preview Comment Dec 12, 2025 5:41am

@dependabot dependabot bot added the javascript Pull requests that update javascript code label Dec 12, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 12, 2025

Hey there! 👋 Thanks for taking the time to send in this pull request. We are happy to have your contribution! If you have any questions or need any help, feel free to ask.

@coderabbitai
Copy link

coderabbitai bot commented Dec 12, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@Bashamega Bashamega merged commit a7b00eb into main Dec 12, 2025
8 of 9 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-eecf4c2701 branch December 12, 2025 05:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Bashamega Bashamega Bashamega approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Bashamega