Skip to content

build(deps): bump the npm_and_yarn group across 4 directories with 7 updates#9

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/src/packages/npm_and_yarn-8b3cc9d394
Open

build(deps): bump the npm_and_yarn group across 4 directories with 7 updates#9
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/src/packages/npm_and_yarn-8b3cc9d394

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 10, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 7 updates in the /src/packages directory:

Package From To
lodash 4.17.23 4.18.1
node-forge 1.3.3 1.4.0
next 15.5.10 15.5.15
nodemailer 7.0.11 8.0.5
bootbox 4.4.0 6.0.1
bootstrap 3.4.1 5.0.0
handlebars 4.7.8 4.7.9

Bumps the npm_and_yarn group with 1 update in the /src/packages/next directory: next.
Bumps the npm_and_yarn group with 1 update in the /src/packages/server directory: nodemailer.
Bumps the npm_and_yarn group with 2 updates in the /src/packages/static directory: bootbox and bootstrap.

Updates lodash from 4.17.23 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

  • Add security notice for _.template in threat model and API docs (#6099)
  • Document lower > upper behavior in _.random (#6115)
  • Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

Commits
  • cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
  • 75535f5 chore: prune stale advisory refs (#6170)
  • 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
  • 59be2de release(minor): bump to 4.18.0 (#6161)
  • af63457 fix: broken tests for _.template 879aaa9
  • 1073a76 fix: linting issues
  • 879aaa9 fix: validate imports keys in _.template
  • fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
  • 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
  • b819080 ci: add dist sync validation workflow (#6137)
  • Additional commits viewable in compare view

Updates node-forge from 1.3.3 to 1.4.0

Changelog

Sourced from node-forge's changelog.

1.4.0 - 2026-03-24

Security

  • HIGH: Denial of Service in BigInteger.modInverse()
    • A Denial of Service (DoS) vulnerability exists due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.
    • Reported by Kr0emer.
    • CVE ID: CVE-2026-33891
    • GHSA ID: GHSA-5gfm-wpxj-wjgq
  • HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.
    • RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing "garbage" bytes within the ASN.1 structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN.1 structure, rather than outside of it.
    • Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries.
    • Reported as part of a U.C. Berkeley security research project by:
      • Austin Chu, Sohee Kim, and Corban Villa.
    • CVE ID: CVE-2026-33894
    • GHSA ID: GHSA-ppp5-5v6c-4jwp
  • HIGH: Signature forgery in Ed25519 due to missing S < L check.
    • Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed.
    • Reported as part of a U.C. Berkeley security research project by:
      • Austin Chu, Sohee Kim, and Corban Villa.
    • CVE ID: CVE-2026-33895
    • GHSA ID: GHSA-q67f-28xg-22rw
  • HIGH: basicConstraints bypass in certificate chain verification.
    • pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid.
    • Reported by Doruk Tan Ozturk (@​peaktwilight) - doruk.ch
    • CVE ID: CVE-2026-33896
    • GHSA ID: GHSA-2328-f5f3-gj25

... (truncated)

Commits

Updates next from 15.5.10 to 15.5.15

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
  • Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

Commits
  • 412eb90 v15.5.15
  • cb90de9 [15.x] Avoid consuming cyclic models multiple times (#74)
  • fffef9e Fix CI for glibc linux builds
  • d7b012d v15.5.14
  • 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
  • f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
  • cfd5f53 v15.5.13
  • 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
  • d23f41c v15.5.12
  • 8e75765 fix unlock in publish-native
  • Additional commits viewable in compare view

Updates nodemailer from 7.0.11 to 8.0.5

Release notes

Sourced from nodemailer's releases.

v8.0.5

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

v8.0.4

8.0.4 (2026-03-25)

Bug Fixes

  • sanitize envelope size to prevent SMTP command injection (2d7b971)

v8.0.3

8.0.3 (2026-03-18)

Bug Fixes

  • clean up addressparser and fix group name fallback producing undefined (9d55877)
  • fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
  • refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
  • remove familySupportCache that broke DNS resolution tests (c803d90)

v8.0.2

8.0.2 (2026-03-09)

Bug Fixes

  • merge fragmented display names with unquoted commas in addressparser (fe27f7f)

v8.0.1

8.0.1 (2026-02-07)

Bug Fixes

  • absorb TLS errors during socket teardown (7f8dde4)
  • absorb TLS errors during socket teardown (381f628)
  • Add Gmail Workspace service configuration (#1787) (dc97ede)

v8.0.0

8.0.0 (2026-02-04)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

8.0.4 (2026-03-25)

Bug Fixes

  • sanitize envelope size to prevent SMTP command injection (2d7b971)

8.0.3 (2026-03-18)

Bug Fixes

  • clean up addressparser and fix group name fallback producing undefined (9d55877)
  • fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
  • refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
  • remove familySupportCache that broke DNS resolution tests (c803d90)

8.0.2 (2026-03-09)

Bug Fixes

  • merge fragmented display names with unquoted commas in addressparser (fe27f7f)

8.0.1 (2026-02-07)

Bug Fixes

  • absorb TLS errors during socket teardown (7f8dde4)
  • absorb TLS errors during socket teardown (381f628)
  • Add Gmail Workspace service configuration (#1787) (dc97ede)

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

  • Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

... (truncated)

Commits
  • 202cfb3 chore(master): release 8.0.5 (#1809)
  • b634abf docs: add CLAUDE.md with project conventions and release process
  • 95876b1 fix: decode SMTP server responses as UTF-8 at line boundary
  • 0a43876 fix: sanitize CRLF in transport name option to prevent SMTP command injection...
  • 08e59e6 chore: update dev dependencies
  • 2d31975 chore(master): release 8.0.4 (#1806)
  • 2d7b971 fix: sanitize envelope size to prevent SMTP command injection
  • 4e702e9 chore(master): release 8.0.3 (#1804)
  • c803d90 fix: remove familySupportCache that broke DNS resolution tests
  • e8c8b92 fix: fix cookie bugs, remove dead code, and improve hot-path efficiency
  • Additional commits viewable in compare view

Updates bootbox from 4.4.0 to 6.0.1

Release notes

Sourced from bootbox's releases.

v6.0.1

  • Updates prompt callback to return false from callback if inputType is 'checkbox', required option is true, and no checkbox has been checked
  • Updates unit tests
    • Adds tests for required option
    • Cleanup up pattern tests
    • Adds HTML output runner

v6.0.0

  • Adds Bootstrap 5 support. Note: jQuery is still required
  • Removes various IE polyfills
  • Replaces var with let
  • Normalizes locale strings to IANA standard format (see CHANGLOG).
    • bg_BG -> bg-BG
    • pt-br -> pt-BR
    • zh_CN -> zh-CN
    • zh_TW -> zh-CW

Adds relatedTarget option

  • Adds relatedTarget option. Allows the caller to determine which element, if any, triggered the modal
  • Various bugfixes and package updates

Adds Vietnamese locale

  • Adds Vietnamese locale

Adds reusable option

  • Adds new option, reusable. When set to true, the modal generated by Bootbox is not destroyed when dismissed.
  • Updates bootbox.all.js to include fix for clickable backdrop

Updates to backdrop option

Adds hooks for Bootstrap's modal events

No release notes provided.

Removes :first selector

No release notes provided.

Fixes invalid value parsing for step attribute

No release notes provided.

Adds Georgian locale

  • Adds Georgian locale

Button callbacks are only fired if defined

Modifies dialog to only process button callback if it has been defined. Closes #705

Adds Swahili locale

  • Adds Swahili locale

Adds rows as an option for prompt

... (truncated)

Changelog

Sourced from bootbox's changelog.

6.0.1

  • Updates prompt callback to return false from callback if inputType is 'checkbox', required option is true, and no checkbox has been checked
  • Updates unit tests
    • Adds tests for required option
    • Cleanup up pattern tests
    • Adds HTML output runner

6.0.0

  • Removes various IE polyfills
  • Replaces var with let
  • JSDoc cleanup
  • Adds code to handle cases when click starts on the modal body and ends on the backdrop and backdrop is set to true
  • bootbox.locale.js and bootbox.all.js are now generated files and will be found in the /dist directory
  • Simplify locale file structure
  • Changed a few locale identifiers to match IANA specifications:
    • bg_BG -> bg-BG
    • pt-br -> pt-BR
    • zh_CN -> zh-CN
    • zh_TW -> zh-CW

5.5.2

  • Adds Vietnamese locale

5.5.0

  • Adds reusable option, which allows an instance of a Bootbox modal to be reused.

5.4.1

  • Updates to how backdrop is handled. Fixes #766.

5.4.0

  • Adds function hooks for onShow, onShown, onHide, and onHidden events, which map to their Bootstrap modal equivalents.

5.3.4

  • Removes ':first' selector from default button binding

5.3.3

  • Fixes incorrect value validation for the step option when setting inputType to number for a prompt.

5.3.2

  • Adds Georgian (ka) locale.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by tiesont, a new releaser for bootbox since your current version.


Updates bootstrap from 3.4.1 to 5.0.0

Release notes

Sourced from bootstrap's releases.

v5.0.0

Highlights

#32155: Updated make-col() mixin to generate equal columns when no size is specified #32763: Added new color-scheme() mixin #33389: Dropdown menus now have option become clickable #33453: Added new docs footer #33548: Offcanvas header components are now vertically aligned #33549: Added offcanvas-top modifier #33634: Added support for .dropdown-items wrapped in <li>s #33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

  • #32763: Add color-scheme mixin
  • #33389: Dropdown — Add option to make the dropdown menu clickable
  • #33549: Add offcanvas-top modifier

🎨 CSS

  • #32155: Add equal column mixin
  • #32763: Add color-scheme mixin
  • #33292: Make accordion icon rotation more natural
  • #33411: Fix validation feedback icon in select multiple
  • #33478: Make .nav-link color consistent when using buttons
  • #33482: Dropdown — Apply positioning only when Popper is not used
  • #33548: Vertically align offcanvas header components
  • #33549: Add offcanvas-top modifier
  • #33550: Spinner alignment changes
  • #33598: Hide validation icons from multiple selects
  • #33600: Have $form-check-input-border's default derive from $black
  • #33607: Reduce color-scheme complexity
  • #33642: use :read-only css selector instead [readonly] for consistency
  • #33658: fix: use list-group variable instead of alert
  • #33736: accordion: fix border-top on Firefox

☕️ JavaScript

  • #32439: Decouple BackDrop from modal
  • #33245: Decouple Modal's scrollbar functionality
  • #33249: Simplify Modal Config
  • #33250: Simplify ScrollSpy config
  • #33310: fix: make EventHandler better handle mouseenter/mouseleave events
  • #33389: Dropdown — Add option to make the dropdown menu clickable
  • #33429: Remove element event listeners through base component
  • #33451: Add missing things in hide method of dropdown
  • #33456: Use our isDisabled util on dropdown
  • #33466: Refactor dropdown's hide functionality
  • #33479: Fix dropdown escape propagation
  • #33496: Use cached noop function

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by mdo, a new releaser for bootstrap since your current version.


Updates handlebars from 4.7.8 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

  • fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
  • fix type "RuntimeOptions" also accepting string partials - eab1d14
  • feat(types): set hash to be a Record<string, any> - de4414d
  • fix non-contiguous program indices - 4512766
  • refactor: rename i to startPartIndex - e497a35
  • security: fix security issues - 68d8df5

Commits

Commits
  • dce542c v4.7.9
  • 8a41389 Update release notes
  • 68d8df5 Fix security issues
  • b2a0831 Fix browser tests
  • 9f98c16 Fix release script
  • 45443b4 Revert "Improve partial indenting performance"
  • 8841a5f Fix CI errors with linting
  • e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
  • e914d60 Improve rendering performance
  • 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
  • Additional commits viewable in compare view

Updates next from 15.5.10 to 15.5.15

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
  • Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

Commits
  • 412eb90 v15.5.15
  • cb90de9 [15.x] Avoid consuming cyclic models multiple times (#74)
  • fffef9e Fix CI for glibc linux builds
  • d7b012d v15.5.14
  • 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
  • f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
  • cfd5f53 v15.5.13
  • 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
  • d23f41c v15.5.12
  • 8e75765 fix unlock in publish-native
  • Additional commits viewable in compare view

Updates nodemailer from 7.0.11 to 8.0.5

Release notes

Sourced from nodemailer's releases.

v8.0.5

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

v8.0.4

8.0.4 (2026-03-25)

Bug Fixes

  • sanitize envelope size to prevent SMTP command injection (2d7b971)

v8.0.3

8.0.3 (2026-03-18)

Bug Fixes

  • clean up addressparser and fix group name fallback producing undefined (9d55877)
  • fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
  • refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
  • remove familySupportCache that broke DNS resolution tests (c803d90)

v8.0.2

8.0.2 (2026-03-09)

Bug Fixes

  • merge fragmented display names with unquoted commas in addressparser (fe27f7f)

v8.0.1

8.0.1 (2026-02-07)

Bug Fixes

  • absorb TLS errors during socket teardown (7f8dde4)
  • absorb TLS errors during socket teardown (381f628)
  • Add Gmail Workspace service configuration (#1787) (dc97ede)

v8.0.0

8.0.0 (2026-02-04)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

8.0.4 (2026-03-25)

Bug Fixes

  • sanitize envelope size to prevent SMTP command injection (2d7b971)

8.0.3 (2026-03-18)

Bug Fixes

  • clean up addressparser and fix group name fallback producing undefined (9d55877)
  • fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
  • refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
  • remove familySupportCache that broke DNS resolution tests (c803d90)

8.0.2 (2026-03-09)

Bug Fixes

  • merge fragmented display names with unquoted commas in addressparser (fe27f7f)

8.0.1 (2026-02-07)

Bug Fixes

  • absorb TLS errors during socket teardown (7f8dde4)
  • absorb TLS errors during socket teardown (381f628)
  • Add Gmail Workspace service configuration (#1787) (dc97ede)

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

  • Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

... (truncated)

Commits
  • 202cfb3 chore(master): release 8.0.5 (#1809)
  • b634abf docs: add CLAUDE.md with project conventions and release process
  • 95876b1 fix: decode SMTP server responses as UTF-8 at line boundary
  • 0a43876 fix: sanitize CRLF in transport name option to prevent SMTP command injection...
  • 08e59e6 chore: update dev dependencies
  • 2d31975 chore(master): release 8.0.4 (#1806)
  • 2d7b971 fix: sanitize envelope size to prevent SMTP command injection
  • 4e702e9 chore(master): release 8.0.3 (#1804)
  • c803d90 fix: remove familySupportCache that broke DNS resolution tests
  • e8c8b92 fix: fix cookie bugs, remove dead code, and improve hot-path efficiency
  • Additional commits viewable in compare view

Updates bootbox from 4.4.0 to 6.0.1

Release notes

Sourced from bootbox's releases.

v6.0.1

  • Updates prompt callback to return false from callback if inputType is 'checkbox', required option is true, and no checkbox has been checked
  • Updates unit tests
    • Adds tests for required option
    • Cleanup up pattern tests
    • Adds HTML output runner

v6.0.0

  • Adds Bootstrap 5 support. Note: jQuery is still required
  • Removes various IE polyfills
  • Replaces var with let
  • Normalizes locale strings to IANA standard format (see CHANGLOG).
    • bg_BG -> bg-BG
    • pt-br -> pt-BR
    • zh_CN -> zh-CN
    • zh_TW -> zh-CW

Adds relatedTarget option

  • Adds relatedTarget option. Allows the caller to determine which element, if any, triggered the modal
  • Various bugfixes and package updates

Adds Vietnamese locale

  • Adds Vietnamese locale

Adds reusable option

  • Adds new option, reusable. When set to true, the modal generated by Bootbox is not destroyed when dismissed.
  • Updates bootbox.all.js to include fix for clickable backdrop

Updates to backdrop option

Adds hooks for Bootstrap's modal events

No release notes provided.

Removes :first selector

No release notes provided.

Fixes invalid value parsing for step attribute

No release notes provided.

Adds Georgian locale

  • Adds Georgian locale

Button callbacks are only fired if defined

Modifies dialog to only process button callback if it has been defined. Closes #705

Adds Swahili locale

  • Adds Swahili locale

Adds rows as an option for prompt

... (truncated)

Changelog

Sourced from bootbox's changelog.

6.0.1

  • Updates prompt callback to return false from callback if inputType is 'checkbox', required option is true, and no checkbox has been checked
  • Updates unit tests
    • Adds tests for required option
    • Cleanup up pattern tests
    • Adds HTML output runner

6.0.0

  • Removes various IE polyfills
  • Replaces var with let
  • JSDoc cleanup
  • Adds code to handle cases when click starts on the modal body and ends on the backdrop and backdrop is set to true
  • bootbox.locale.js and bootbox.all.js are now generated files and will be found in the /dist directory
  • Simplify locale file structure
  • Changed a few locale identifiers to match IANA specifications:
    • bg_BG -> bg-BG
    • pt-br -> pt-BR
    • zh_CN -> zh-CN
    • zh_TW -> zh-CW

5.5.2

  • Adds Vietnamese locale

5.5.0

  • Adds reusable option, which allows an instance of a Bootbox modal to be reused.

5.4.1

  • Updates to how backdrop is handled. Fixes #766.

5.4.0

  • Adds function hooks for onShow, onShown, onHide, and onHidden events, which map to their Bootstrap modal equivalents.

5.3.4

  • Removes ':first' selector from default button binding

5.3.3

  • Fixes incorrect value validation for the step option when setting inputType to number for a prompt.

5.3.2

  • Adds Georgian (ka) locale.

... (truncated)

Commits
  • 227f396 Updated built files
  • 9816284 Merge pull request #864 from bootboxjs/fix-required-option
  • 2e3f1b9 Another attempt to fix CI
  • c94e2fb Attempting to fix CI build

@dependabot
build(deps): bump the npm_and_yarn group across 4 directories with 7 …
b6e825d 
…updates

Bumps the npm_and_yarn group with 7 updates in the /src/packages directory:

| Package | From | To |
| --- | --- | --- |
| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |
| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.3` | `1.4.0` |
| [next](https://github.com/vercel/next.js) | `15.5.10` | `15.5.15` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `7.0.11` | `8.0.5` |
| [bootbox](https://github.com/bootboxjs/bootbox) | `4.4.0` | `6.0.1` |
| [bootstrap](https://github.com/twbs/bootstrap) | `3.4.1` | `5.0.0` |
| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |

Bumps the npm_and_yarn group with 1 update in the /src/packages/next directory: [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 1 update in the /src/packages/server directory: [nodemailer](https://github.com/nodemailer/nodemailer).
Bumps the npm_and_yarn group with 2 updates in the /src/packages/static directory: [bootbox](https://github.com/bootboxjs/bootbox) and [bootstrap](https://github.com/twbs/bootstrap).


Updates `lodash` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

Updates `node-forge` from 1.3.3 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.3...v1.4.0)

Updates `next` from 15.5.10 to 15.5.15
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.10...v15.5.15)

Updates `nodemailer` from 7.0.11 to 8.0.5
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v7.0.11...v8.0.5)

Updates `bootbox` from 4.4.0 to 6.0.1
- [Release notes](https://github.com/bootboxjs/bootbox/releases)
- [Changelog](https://github.com/bootboxjs/bootbox/blob/master/CHANGELOG.md)
- [Commits](bootboxjs/bootbox@v4.4.0...v6.0.1)

Updates `bootstrap` from 3.4.1 to 5.0.0
- [Release notes](https://github.com/twbs/bootstrap/releases)
- [Commits](twbs/bootstrap@v3.4.1...v5.0.0)

Updates `handlebars` from 4.7.8 to 4.7.9
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.7.8...v4.7.9)

Updates `next` from 15.5.10 to 15.5.15
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.10...v15.5.15)

Updates `nodemailer` from 7.0.11 to 8.0.5
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v7.0.11...v8.0.5)

Updates `bootbox` from 4.4.0 to 6.0.1
- [Release notes](https://github.com/bootboxjs/bootbox/releases)
- [Changelog](https://github.com/bootboxjs/bootbox/blob/master/CHANGELOG.md)
- [Commits](bootboxjs/bootbox@v4.4.0...v6.0.1)

Updates `bootstrap` from 3.4.1 to 5.0.0
- [Release notes](https://github.com/twbs/bootstrap/releases)
- [Commits](twbs/bootstrap@v3.4.1...v5.0.0)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.15
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: nodemailer
  dependency-version: 8.0.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: bootbox
  dependency-version: 6.0.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: bootstrap
  dependency-version: 5.0.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.15
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: nodemailer
  dependency-version: 8.0.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: bootbox
  dependency-version: 6.0.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: bootstrap
  dependency-version: 5.0.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 10, 2026
@dependabot dependabot Bot mentioned this pull request Apr 10, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants