Skip to content

Bump the "app-dependencies" group with 2 updates across multiple ecosystems#168

Merged
github-actions[bot] merged 3 commits intomainfrom
dependabot/app_dependencies-26660def99
Mar 5, 2026
Merged

Bump the "app-dependencies" group with 2 updates across multiple ecosystems#168
github-actions[bot] merged 3 commits intomainfrom
dependabot/app_dependencies-26660def99

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Bumps the app-dependencies group with 1 update: esbuild.

Updates esbuild from 0.27.2 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

  • Preserve URL fragments in data URLs (#4370)

    Consider the following HTML, CSS, and SVG:

    • index.html:

      <!DOCTYPE html>
<html>
  <head><link rel="stylesheet" href="icons.css"></head>
  <body><div class="triangle"></div></body>
</html>

    • icons.css:

      .triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}

    • triangle.svg:

      <svg xmlns="http://www.w3.org/2000/svg">
  <defs>
    <clipPath id="x">
      <path d="M0 0H10V10Z"/>
    </clipPath>
  </defs>
</svg>

    The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

    /* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
}

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.3

  • Preserve URL fragments in data URLs (#4370)

    Consider the following HTML, CSS, and SVG:

    • index.html:

      <!DOCTYPE html>
<html>
  <head><link rel="stylesheet" href="icons.css"></head>
  <body><div class="triangle"></div></body>
</html>

    • icons.css:

      .triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}

    • triangle.svg:

      <svg xmlns="http://www.w3.org/2000/svg">
  <defs>
    <clipPath id="x">
      <path d="M0 0H10V10Z"/>
    </clipPath>
  </defs>
</svg>

    The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

    /* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
}

... (truncated)

Commits
  • 9129e00 publish 0.27.3 to npm
  • e20e411 small fix to release notes
  • 0dc0f2d fix #4322: parse and print CSS @scope rules
  • 55fe391 update firefox css gradient support
  • 2c35297 update gradient lowering transform
  • 9209e44 Update Go to 1.25.7 (#4388)
  • e8d861b close #4374: compat table for the using feature
  • 19b8887 no longer need williamkapke/node-compat-table
  • 7e44218 the kangax/compat-table repo moved to a new url
  • 23b9338 run make update-compat-table
  • Additional commits viewable in compare view

Bumps the app-dependencies group with 2 updates: faraday and standard.

Updates faraday from 2.14.0 to 2.14.1

Release notes

Sourced from faraday's releases.

v2.14.1

Security Note

This release contains a security fix, we recommend all users to upgrade as soon as possible. A Security Advisory with more details will be posted shortly.

What's Changed

New Contributors

Full Changelog: lostisland/faraday@v2.14.0...v2.14.1

Commits
  • 16cbd38 Version bump to 2.14.1
  • a6d3a3a Merge commit from fork
  • b23f710 Explicit top-level namespace reference (#1657)
  • 49ba4ac Bump actions/checkout from 5 to 6 (#1655)
  • 51a49bc Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...
  • 894f65c Add RFC document for Options architecture refactoring plan (#1644)
  • 397e3de Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...
  • d98c65c Update Faraday-specific AI agent guidelines
  • 56c18ec Add AI agent guidelines specific to Faraday repository
  • See full diff in compare view

Updates standard from 1.53.0 to 1.54.0

Changelog

Sourced from standard's changelog.

1.54.0

Commits
  • d8f9776 🍩 v1.54.0
  • 11f7712 Merge pull request #789 from standardrb/updates-2026-02-12
  • 1e14e5c Adds the changelog
  • 5a7c15f Updates Rubocop to v1.84
  • abc2bec Merge pull request #784 from standardrb/depbot-cooldown
  • c80e6b7 Merge pull request #783 from standardrb/dependabot/github_actions/step-securi...
  • a98a527 Decrease depbot frequency for GHA
  • 779ac18 Bump step-security/harden-runner from 2.14.0 to 2.14.1
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Monthly dependency updates: Bump esbuild in the app-dependencies group
12b4c60 
Bumps the app-dependencies group with 1 update: [esbuild](https://github.com/evanw/esbuild).


Updates `esbuild` from 0.27.2 to 0.27.3
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.2...v0.27.3)
Monthly dependency updates: Bump the app-dependencies group with 2 updates

Bumps the app-dependencies group with 2 updates: [faraday](https://github.com/lostisland/faraday) and [standard](https://github.com/standardrb/standard).


Updates `faraday` from 2.14.0 to 2.14.1
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](lostisland/faraday@v2.14.0...v2.14.1)

Updates `standard` from 1.53.0 to 1.54.0
- [Release notes](https://github.com/standardrb/standard/releases)
- [Changelog](https://github.com/standardrb/standard/blob/main/CHANGELOG.md)
- [Commits](standardrb/standard@v1.53.0...v1.54.0)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.27.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: app-dependencies
- dependency-name: faraday
  dependency-version: 2.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: app-dependencies
- dependency-name: standard
  dependency-version: 1.54.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Changes to packages or gems. javascript Pull requests that update Javascript code labels Mar 1, 2026
@dependabot dependabot bot requested a review from erinesullivan as a code owner March 1, 2026 11:09
@dependabot dependabot bot added the dependencies Changes to packages or gems. label Mar 1, 2026
@dependabot dependabot bot requested a review from niquerio as a code owner March 1, 2026 11:09
@dependabot dependabot bot added the javascript Pull requests that update Javascript code label Mar 1, 2026
@github-actions github-actions bot enabled auto-merge (squash) March 1, 2026 11:09
@github-actions github-actions bot merged commit c51cf4f into main Mar 5, 2026
2 checks passed
@github-actions github-actions bot deleted the dependabot/app_dependencies-26660def99 branch March 5, 2026 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@erinesullivan erinesullivan Awaiting requested review from erinesullivan erinesullivan is a code owner

@niquerio niquerio Awaiting requested review from niquerio niquerio is a code owner

Assignees

No one assigned

Labels

dependencies Changes to packages or gems. javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@erinesullivan