Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates#266

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-b785e7f0ec
Closed

chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates#266
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-b785e7f0ec

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Sep 9, 2025
edited
Loading

Bumps the npm_and_yarn group with 3 updates in the / directory: vite, @angular-devkit/build-angular and axios.

Removes vite

Updates @angular-devkit/build-angular from 19.1.3 to 20.2.2

Release notes

Sourced from @​angular-devkit/build-angular's releases.

20.2.2

@​angular/cli

Commit Description
fix - a793bbc47 don't set a default for array options when length is 0
fix - 2736599e2 set process title when running architect commands

@​angular/build

Commit Description
fix - 5c2abffea avoid extra tick in SSR dev-server builds
fix - f3c826853 maintain media output hashing with vitest unit-testing

20.2.1

@​angular-devkit/schematics-cli

Commit Description
fix - e93919dea correctly set default array values

@​schematics/angular

Commit Description
fix - 6937123a3 directly resolve karma config template in migration
fix - 5d6dd4425 prevent AI config schematic from failing when 'none' and other AI tools are selected

@​angular/cli

Commit Description
fix - 3b693e09e correctly set default array values

@​angular/build

Commit Description
fix - 06a6ddc10 correct JS/TS file paths when running under Bazel
fix - b6816b0cb ensure karma polyfills reporter factory returns a value

20.2.0

@​schematics/angular

Commit Description
feat - 2e3cfd598 add migration to remove default Karma configurations
feat - d80dae276 add schematics to generate ai context files.
fix - ffe6fb916 allow AI config prompt to be skipped without selecting a value
fix - ae2802b7d improve AI config prompt wording
fix - b017f84fd improve coverage directory handling for Karma configuration comparisons
fix - 6a79f9a75 zoneless is now stable

@​angular/cli

Commit Description
feat - b4de9a1bf add --experimental-tool option to mcp command
feat - 755ba70fd add --local-only option to mcp command
feat - 59d7ef343 add --read-only option to mcp command
feat - 4e92eb6f1 add modernize tool to the MCP server
fix - a3b25f675 add choices to command line parser when type is array and has an enum

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

20.2.2 (2025-09-03)

@​angular/cli

Commit Type Description
a793bbc47 fix don't set a default for array options when length is 0
2736599e2 fix set process title when running architect commands

@​angular/build

Commit Type Description
5c2abffea fix avoid extra tick in SSR dev-server builds
f3c826853 fix maintain media output hashing with vitest unit-testing

21.0.0-next.1 (2025-08-27)

Breaking Changes

@​angular/cli

  • The ng commands will no longer automatically detect and use cnpm as the package manager. As an alternative use the .npmrc file to ensure npm uses the cnpm registry.

@​angular-devkit/schematics-cli

Commit Type Description
aed26c388 fix correctly set default array values

@​schematics/angular

Commit Type Description
4912f3990 feat add Tailwind CSS option to application schematic and ng new
6c7b79833 fix directly resolve karma config template in migration
0f86cf878 fix prevent AI config schematic from failing when 'none' and other AI tools are selected

@​angular/cli

Commit Type Description
0d53e82d5 feat provide detailed peer dependency conflict errors in ng add
f513089e2 feat remove direct support for cnpm
47d77a3ed fix correctly set default array values
e5aed6d65 fix show planned actions in ng add dry run

... (truncated)

Commits
  • 8ffc449 release: cut the v20.2.2 release
  • 425bfe4 refactor(@​angular/cli): update MCP example tool format for if example
  • 2736599 fix(@​angular/cli): set process title when running architect commands
  • f3c8268 fix(@​angular/build): maintain media output hashing with vitest unit-testing
  • 99526bd refactor(@​angular/cli): Improve zoneless migration prompts based on observed ...
  • b2d5e6e refactor(@​angular/cli): add logging and HTML removal to doc search tool
  • 5c2abff fix(@​angular/build): avoid extra tick in SSR dev-server builds
  • 0eaec23 build: update github/codeql-action action to v3.30.0
  • 269fd99 build: lock file maintenance
  • 2d8b6f6 build: update pnpm to v10.15.1
  • Additional commits viewable in compare view

Updates axios from 1.7.7 to 1.11.0

Release notes

Sourced from axios's releases.

Release v1.11.0

Release notes:

Bug Fixes

  • form-data npm pakcage (#6970) (e72c193)
  • prevent RangeError when using large Buffers (#6961) (a2214ca)
  • types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

Release v1.10.0

Release notes:

Bug Fixes

  • adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
  • form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
  • package: add module entry point for React Native; (#6933) (3d343b8)

Features

Contributors to this release

Release v1.9.0

Release notes:

Bug Fixes

  • core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
  • fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
  • headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
  • headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)
  • headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)
  • http: send minimal end multipart boundary (#6661) (987d2e2)
  • types: fix autocomplete for adapter config (#6855) (e61a893)

... (truncated)

Changelog

Sourced from axios's changelog.

1.11.0 (2025-07-22)

Bug Fixes

  • form-data npm pakcage (#6970) (e72c193)
  • prevent RangeError when using large Buffers (#6961) (a2214ca)
  • types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

1.10.0 (2025-06-14)

Bug Fixes

  • adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
  • form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
  • package: add module entry point for React Native; (#6933) (3d343b8)

Features

Contributors to this release

1.9.0 (2025-04-24)

Bug Fixes

  • core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
  • fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
  • headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
  • headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)

... (truncated)

Commits
  • b76c4ac chore(release): v1.11.0 (#6974)
  • e72c193 fix: form-data npm pakcage (#6970)
  • 8517aa1 fix(types): resolve type discrepancies between ESM and CJS TypeScript declara...
  • a2214ca fix: prevent RangeError when using large Buffers (#6961)
  • 6161947 refactor: use spread operator instead of '.apply()' (#6938)
  • a1d16dd refactor: use an object spread instead of Object.assign (#6939)
  • 07183cd chore(sponsor): update sponsor block (#6952)
  • ef36347 docs(CONTRIBUTING): update docs link for accuracy (#6894)
  • b29bd6a chore(sponsor): update sponsor block (#6948)
  • a406a93 chore(sponsor): update sponsor block (#6937)
  • Additional commits viewable in compare view

Updates esbuild from 0.24.2 to 0.25.9

Release notes

Sourced from esbuild's releases.

v0.25.9

  • Better support building projects that use Yarn on Windows (#3131, #3663)

    With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the C: drive. The problem was as follows:

    1. Yarn in Plug'n'Play mode on Windows stores its global module cache on the C: drive
    2. Some developers put their projects on the D: drive
    3. Yarn generates relative paths that use ../.. to get from the project directory to the cache directory
    4. Windows-style paths don't support directory traversal between drives via .. (so D:\.. is just D:)
    5. I didn't have access to a Windows machine for testing this edge case

    Yarn works around this edge case by pretending Windows-style paths beginning with C:\ are actually Unix-style paths beginning with /C:/, so the ../.. path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.

  • Preserve parentheses around function expressions (#4252)

    The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read V8's blog post about this for more details.

    Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:

    // Original code
const fn0 = () => 0
const fn1 = (() => 1)
console.log(fn0, function() { return fn1() }())
// Old output
const fn0 = () => 0;
const fn1 = () => 1;
console.log(fn0, function() {
return fn1();
}());
// New output
const fn0 = () => 0;
const fn1 = (() => 1);
console.log(fn0, (function() {
return fn1();
})());

    Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.

  • Update Go from 1.23.10 to 1.23.12 (#4257, #4258)

    This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.

v0.25.8

  • Fix another TypeScript parsing edge case (#4248)

    This fixes a regression with a change in the previous release that tries to more accurately parse TypeScript arrow functions inside the ?: operator. The regression specifically involves parsing an arrow function containing a #private identifier inside the middle of a ?: ternary operator inside a class body. This was fixed by propagating private identifier state into the parser clone used to speculatively parse the arrow function body. Here is an example of some affected code:

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

Commits

Updates form-data from 4.0.0 to 4.0.4

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

Fixed

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

Fixed

Commits

  • Merge tags v2.5.3 and v3.0.3 92613b9
  • [Tests] migrate from travis to GHA 806eda7
  • [Tests] migrate from travis to GHA 8fdb3bc

... (truncated)

Commits
  • 41996f5 v4.0.4
  • 316c82b [meta] actually ensure the readme backup isn’t published
  • 2300ca1 [meta] fix readme capitalization
  • 811f682 [meta] add auto-changelog
  • 5e34080 [Tests] fix linting errors
  • 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
  • 58c25d7 [Dev Deps] update @ljharb/eslint-config
  • 3d17230 [Fix] Switch to using crypto random for boundary values
  • d8d67dc v4.0.3
  • e6e83cc [meta] remove local commit hooks
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.


Updates http-proxy-middleware from 2.0.7 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

  • fix(fixRequestBody): check readableLength

v2.0.8

  • fix(fixRequestBody): prevent multiple .write() calls
  • fix(fixRequestBody): handle invalid request
Commits

Updates on-headers from 1.0.2 to 1.1.0

Release notes

Sourced from on-headers's releases.

1.1.0

Important

What's Changed

New Contributors

Full Changelog: jshttp/on-headers@v1.0.2...v1.1.0

Changelog

Sourced from on-headers's changelog.

1.1.0 / 2025-07-17

Commits
  • 4b017af 1.1.0
  • b636f2d ♻️ refactor header array code
  • 3e2c2d4 ✨ ignore falsy header keys, matching node behavior
  • 172eb41 ✨ support duplicate headers
  • c6e3849 🔒️ fix array handling
  • 6893518 💚 update CI - add newer node versions
  • 56a345d ✨ add script to update known hashes
  • 175ab21 👷 add upstream change detection (#31)
  • ce0b2c8 ci: apply OSSF Scorecard security best practices (#20)
  • 1a38c54 fix: use ubuntu-latest as ci runner (#19)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for on-headers since your current version.


Updates webpack-dev-server from 5.2.0 to 5.2.2

Release notes

Sourced from webpack-dev-server's releases.

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

v5.2.1

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)
Changelog

Sourced from webpack-dev-server's changelog.

5.2.2 (2025-06-03)

Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)
Commits
  • 195a7e6 chore(release): 5.2.2
  • 620bef1 chore(deps): update (#5511)
  • 03d1214 fix: respect the allowedHosts option for cross-origin header check (#5510)
  • 5ba862e chore(deps-dev): bump the dependencies group across 1 directory with 7 update...
  • f7fec94 chore: fix typo (#5508)

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 8 up…
c0b0112 
…dates

Bumps the npm_and_yarn group with 3 updates in the / directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [@angular-devkit/build-angular](https://github.com/angular/angular-cli) and [axios](https://github.com/axios/axios).


Removes `vite`

Updates `@angular-devkit/build-angular` from 19.1.3 to 20.2.2
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@19.1.3...20.2.2)

Updates `axios` from 1.7.7 to 1.11.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.7.7...v1.11.0)

Updates `esbuild` from 0.24.2 to 0.25.9
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](evanw/esbuild@v0.24.2...v0.25.9)

Updates `form-data` from 4.0.0 to 4.0.4
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.0...v4.0.4)

Updates `http-proxy-middleware` from 2.0.7 to 2.0.9
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v2.0.7...v2.0.9)

Updates `on-headers` from 1.0.2 to 1.1.0
- [Release notes](https://github.com/jshttp/on-headers/releases)
- [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md)
- [Commits](jshttp/on-headers@v1.0.2...v1.1.0)

Updates `webpack-dev-server` from 5.2.0 to 5.2.2
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.0...v5.2.2)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@angular-devkit/build-angular"
  dependency-version: 20.2.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.11.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.25.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-proxy-middleware
  dependency-version: 2.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: on-headers
  dependency-version: 1.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-server
  dependency-version: 5.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 9, 2025
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Oct 5, 2025

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot Bot closed this Oct 5, 2025
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-b785e7f0ec branch October 5, 2025 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants