Skip to content

chore(deps): bump the npm_and_yarn group across 12 directories with 9 updates#3074

Closed
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/npm_and_yarn-c2918a91c3
Closed

chore(deps): bump the npm_and_yarn group across 12 directories with 9 updates#3074
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/npm_and_yarn-c2918a91c3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 3 updates in the / directory: ws, qs and shell-quote.
Bumps the npm_and_yarn group with 7 updates in the /examples/angular/sample-app directory:

Package From To
ws 8.18.3 8.21.0
qs 6.14.2 6.15.2
tmp 0.2.5 0.2.7
@angular/common 21.2.14 21.2.17
@angular/compiler 21.2.14 21.2.17
@angular/core 21.2.14 21.2.17
hono 4.12.18 4.12.25

Bumps the npm_and_yarn group with 3 updates in the /examples/gatsby/sample-gatsby-plugin-usage directory: ws, qs and shell-quote.
Bumps the npm_and_yarn group with 3 updates in the /examples/gatsby/sample-gatsby-site directory: ws, qs and shell-quote.
Bumps the npm_and_yarn group with 3 updates in the /examples/integrations/Ninetailed/sample-apps/app-using-npm directory: ws, qs and shell-quote.
Bumps the npm_and_yarn group with 3 updates in the /examples/integrations/Ninetailed/sample-apps/app-using-v1.1-cdn directory: ws, qs and shell-quote.
Bumps the npm_and_yarn group with 3 updates in the /examples/integrations/Ninetailed/sample-apps/app-using-v3-cdn directory: ws, qs and shell-quote.
Bumps the npm_and_yarn group with 3 updates in the /examples/reactjs/hooks/sample-app directory: ws, qs and shell-quote.
Bumps the npm_and_yarn group with 3 updates in the /examples/reactjs/js/sample-app directory: ws, qs and shell-quote.
Bumps the npm_and_yarn group with 3 updates in the /examples/reactjs/ts/sample-app directory: ws, qs and shell-quote.
Bumps the npm_and_yarn group with 1 update in the /examples/reactjs/vite/sample-app directory: vite.
Bumps the npm_and_yarn group with 4 updates in the /examples/symfony/sample directory: ws, qs, shell-quote and tmp.

Updates ws from 7.5.10 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates qs from 6.15.1 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text
Commits
  • 9aca407 v6.15.2
  • 5e33d33 [Dev Deps] update @ljharb/eslint-config
  • 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
  • a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
  • e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
  • 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
  • 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
  • 96755ab [readme] fix grammar
  • a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
  • See full diff in compare view

Updates shell-quote from 1.8.3 to 1.8.4

Changelog

Sourced from shell-quote's changelog.

v1.8.4 - 2026-05-22

Commits

  • [Fix] quote: validate object-token shapes 4378a6e
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, npmignore 22ebec0
  • [Tests] increase coverage 9f3caa3
  • [readme] replace runkit CI badge with shields.io check-runs badge 3344a04
  • [Dev Deps] update @ljharb/eslint-config 699c511
Commits
  • ff166e2 v1.8.4
  • 4378a6e [Fix] quote: validate object-token shapes
  • 22ebec0 [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, `npmig...
  • 9f3caa3 [Tests] increase coverage
  • 3344a04 [readme] replace runkit CI badge with shields.io check-runs badge
  • 699c511 [Dev Deps] update @ljharb/eslint-config
  • See full diff in compare view

Updates ws from 8.18.3 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates qs from 6.14.2 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text
Commits
  • 9aca407 v6.15.2
  • 5e33d33 [Dev Deps] update @ljharb/eslint-config
  • 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
  • a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
  • e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
  • 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
  • 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
  • 96755ab [readme] fix grammar
  • a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
  • See full diff in compare view

Updates tmp from 0.2.5 to 0.2.7

Commits

Updates @angular/common from 21.2.14 to 21.2.17

Release notes

Sourced from @​angular/common's releases.

21.2.17

common

Commit Description
fix - 86a56dc279 Limits date format string length
fix - d846326b07 skip transfer cache for uncacheable HTTP traffic
fix - bc55749698 use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - dc9c99636d sanitize two-way properties

core

Commit Description
fix - 1523061137 harden TransferState restoration against DOM clobbering
fix - 88832c84f8 validate lowercase SVG animation attribute names (#69269)

http

Commit Description
fix - bcb1b7ea25 preserve empty referrer option in HttpRequest
fix - a810a319d1 Rejects non-HTTP(S) URLs in JSONP requests
fix - e245d40c4d skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 35510746b7 harden platform location origin validation during SSR
refactor - 13fb0afe93 deprecate ServerXhr (#69255)

service-worker

Commit Description
fix - b9d29381bb Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

21.2.16

common

Commit Description
fix - f6d8e642b0 only strip a literal /index.html suffix from URLs

compiler

Commit Description
fix - ae1c8a1f7a move projection attributes into constants

core

Commit Description
fix - 3fd6897a67 harden inherit definition feature against polluted prototypes
fix - 7e38336dc7 use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.2.17 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
86a56dc279 fix Limits date format string length
d846326b07 fix skip transfer cache for uncacheable HTTP traffic
bc55749698 fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
dc9c99636d fix sanitize two-way properties

core

Commit Type Description
1523061137 fix harden TransferState restoration against DOM clobbering
88832c84f8 fix validate lowercase SVG animation attribute names (#69269)

http

Commit Type Description
bcb1b7ea25 fix preserve empty referrer option in HttpRequest
a810a319d1 fix Rejects non-HTTP(S) URLs in JSONP requests
e245d40c4d fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
35510746b7 fix harden platform location origin validation during SSR
13fb0afe93 refactor deprecate ServerXhr (#69255)

service-worker

Commit Type Description
b9d29381bb fix Strips sensitive headers on cross-origin redirects

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • 86a56dc fix(common): Limits date format string length
  • bcb1b7e fix(http): preserve empty referrer option in HttpRequest
  • a810a31 fix(http): Rejects non-HTTP(S) URLs in JSONP requests
  • bc55749 fix(common): use cryptographically secure SHA-256 for transfer cache key gene...
  • d846326 fix(common): skip transfer cache for uncacheable HTTP traffic
  • e245d40 fix(http): skip transfer cache for fetch credentialed requests
  • f6d8e64 fix(common): only strip a literal /index.html suffix from URLs
  • 582a417 fix(http): exclude withCredentials requests from transfer cache
  • 5c6d6df fix(http): skip TransferCache for cookie-bearing requests by default
  • 300f61f fix(common): sanitize placeholder
  • Additional commits viewable in compare view

Updates @angular/compiler from 21.2.14 to 21.2.17

Release notes

Sourced from @​angular/compiler's releases.

21.2.17

common

Commit Description
fix - 86a56dc279 Limits date format string length
fix - d846326b07 skip transfer cache for uncacheable HTTP traffic
fix - bc55749698 use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - dc9c99636d sanitize two-way properties

core

Commit Description
fix - 1523061137 harden TransferState restoration against DOM clobbering
fix - 88832c84f8 validate lowercase SVG animation attribute names (#69269)

http

Commit Description
fix - bcb1b7ea25 preserve empty referrer option in HttpRequest
fix - a810a319d1 Rejects non-HTTP(S) URLs in JSONP requests
fix - e245d40c4d skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 35510746b7 harden platform location origin validation during SSR
refactor - 13fb0afe93 deprecate ServerXhr (#69255)

service-worker

Commit Description
fix - b9d29381bb Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

21.2.16

common

Commit Description
fix - f6d8e642b0 only strip a literal /index.html suffix from URLs

compiler

Commit Description
fix - ae1c8a1f7a move projection attributes into constants

core

Commit Description
fix - 3fd6897a67 harden inherit definition feature against polluted prototypes
fix - 7e38336dc7 use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.2.17 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
86a56dc279 fix Limits date format string length
d846326b07 fix skip transfer cache for uncacheable HTTP traffic
bc55749698 fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
dc9c99636d fix sanitize two-way properties

core

Commit Type Description
1523061137 fix harden TransferState restoration against DOM clobbering
88832c84f8 fix validate lowercase SVG animation attribute names (#69269)

http

Commit Type Description
bcb1b7ea25 fix preserve empty referrer option in HttpRequest
a810a319d1 fix Rejects non-HTTP(S) URLs in JSONP requests
e245d40c4d fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
35510746b7 fix harden platform location origin validation during SSR
13fb0afe93 refactor deprecate ServerXhr (#69255)

service-worker

Commit Type Description
b9d29381bb fix Strips sensitive headers on cross-origin redirects

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • dc9c996 fix(compiler): sanitize two-way properties
  • ae1c8a1 fix(compiler): move projection attributes into constants
  • eb1cbbf fix(compiler): prevent namespaced SVG <style> elements from being stripped
  • 29ceeff docs: fix typos in source code comments
  • 782e015 fix(compiler): strip namespaced SVG script elements during template compilati...
  • ff12fe5 fix(core): normalize tag names in runtime i18n attribute security context loo...
  • 0b07f47 fix(compiler): normalize tag names with custom namespaces in DomElementSchema...
  • cc1378d fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...
  • daaf329 fix(core): support prefix-insensitive DOM schema lookups and compile-time i18...
  • See full diff in compare view

Updates @angular/core from 21.2.14 to 21.2.17

Release notes

Sourced from @​angular/core's releases.

21.2.17

common

Commit Description
fix - 86a56dc279 Limits date format string length
fix - d846326b07 skip transfer cache for uncacheable HTTP traffic
fix - bc55749698 use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - dc9c99636d sanitize two-way properties

core

Commit Description
fix - 1523061137 harden TransferState restoration against DOM clobbering
fix - 88832c84f8 validate lowercase SVG animation attribute names (#69269)

http

Commit Description
fix - bcb1b7ea25 preserve empty referrer option in HttpRequest
fix - a810a319d1 Rejects non-HTTP(S) URLs in JSONP requests
fix - e245d40c4d skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 35510746b7 harden platform location origin validation during SSR
refactor - 13fb0afe93 deprecate ServerXhr (#69255)

service-worker

Commit Description
fix - b9d29381bb Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

21.2.16

common

Commit Description
fix - f6d8e642b0 only strip a literal /index.html suffix from URLs

compiler

Commit Description
fix - ae1c8a1f7a move projection attributes into constants

core

Commit Description
fix - 3fd6897a67 harden inherit definition feature against polluted prototypes
fix - 7e38336dc7 use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.2.17 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
86a56dc279 fix Limits date format string length
d846326b07 fix skip transfer cache for uncacheable HTTP traffic
bc55749698 fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
dc9c99636d fix sanitize two-way properties

core

Commit Type Description
1523061137 fix harden TransferState restoration against DOM clobbering
88832c84f8 fix validate lowercase SVG animation attribute names (#69269)

http

Commit Type Description
bcb1b7ea25 fix preserve empty referrer option in HttpRequest
a810a319d1 fix Rejects non-HTTP(S) URLs in JSONP requests
e245d40c4d fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
35510746b7 fix harden platform location origin validation during SSR
13fb0afe93 refactor deprecate ServerXhr (#69255)

service-worker

Commit Type Description
b9d29381bb fix Strips sensitive headers on cross-origin redirects

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • 88832c8 fix(core): validate lowercase SVG animation attribute names (#69269)
  • 3551074 fix(platform-server): harden platform location origin validation during SSR
  • bc55749 fix(common): use cryptographically secure SHA-256 for transfer cache key gene...
  • d846326 fix(common): skip transfer cache for uncacheable HTTP traffic
  • e245d40 fix(http): skip transfer cache for fetch credentialed requests
  • 1523061 fix(core): harden TransferState restoration against DOM clobbering
  • 736c4ab refactor(core): fix broken unit test.
  • 3fd6897 fix(core): harden inherit definition feature against polluted prototypes
  • 7e38336 fix(core): use Object.create(null) for LOCALE_DATA as a hardening measure
  • 29ceeff docs: fix typos in source code comments
  • Additional commits viewable in compare view

Updates hono from 4.12.18 to 4.12.25

Release notes

Sourced from hono's releases.

v4.12.25

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

Affects: hono/aws-lambda. Fixes multiple Set-Cookie response headers being joined into one comma-separated value for ALB single-header responses and VPC Lattice v2, where the value could not be split back into individual cookies and clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf

Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Affects: hono/lambda-edge. Fixes repeated request headers being written with overwrite instead of append, where only the last value of a header such as X-Forwarded-For reached the application and the remaining values were silently dropped. GHSA-wgpf-jwqj-8h8p

v4.12.24

What's Changed

Full Changelog: honojs/hono@v4.12.23...v4.12.24

v4.12.23

What's Changed

Full Changelog: honojs/hono@v4.12.22...v4.12.23

v4.12.22

What's Changed

... (truncated)

Commits

Updates ws from 8.17.1 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates qs from 6.14.2 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text
Commits
  • 9aca407 v6.15.2
  • 5e33d33 [Dev Deps] update @ljharb/eslint-config
  • Description has been truncated

… updates

Bumps the npm_and_yarn group with 3 updates in the / directory: [ws](https://github.com/websockets/ws), [qs](https://github.com/ljharb/qs) and [shell-quote](https://github.com/ljharb/shell-quote).
Bumps the npm_and_yarn group with 7 updates in the /examples/angular/sample-app directory:

| Package | From | To |
| --- | --- | --- |
| [ws](https://github.com/websockets/ws) | `8.18.3` | `8.21.0` |
| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.2` |
| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |
| [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `21.2.14` | `21.2.17` |
| [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `21.2.14` | `21.2.17` |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `21.2.14` | `21.2.17` |
| [hono](https://github.com/honojs/hono) | `4.12.18` | `4.12.25` |

Bumps the npm_and_yarn group with 3 updates in the /examples/gatsby/sample-gatsby-plugin-usage directory: [ws](https://github.com/websockets/ws), [qs](https://github.com/ljharb/qs) and [shell-quote](https://github.com/ljharb/shell-quote).
Bumps the npm_and_yarn group with 3 updates in the /examples/gatsby/sample-gatsby-site directory: [ws](https://github.com/websockets/ws), [qs](https://github.com/ljharb/qs) and [shell-quote](https://github.com/ljharb/shell-quote).
Bumps the npm_and_yarn group with 3 updates in the /examples/integrations/Ninetailed/sample-apps/app-using-npm directory: [ws](https://github.com/websockets/ws), [qs](https://github.com/ljharb/qs) and [shell-quote](https://github.com/ljharb/shell-quote).
Bumps the npm_and_yarn group with 3 updates in the /examples/integrations/Ninetailed/sample-apps/app-using-v1.1-cdn directory: [ws](https://github.com/websockets/ws), [qs](https://github.com/ljharb/qs) and [shell-quote](https://github.com/ljharb/shell-quote).
Bumps the npm_and_yarn group with 3 updates in the /examples/integrations/Ninetailed/sample-apps/app-using-v3-cdn directory: [ws](https://github.com/websockets/ws), [qs](https://github.com/ljharb/qs) and [shell-quote](https://github.com/ljharb/shell-quote).
Bumps the npm_and_yarn group with 3 updates in the /examples/reactjs/hooks/sample-app directory: [ws](https://github.com/websockets/ws), [qs](https://github.com/ljharb/qs) and [shell-quote](https://github.com/ljharb/shell-quote).
Bumps the npm_and_yarn group with 3 updates in the /examples/reactjs/js/sample-app directory: [ws](https://github.com/websockets/ws), [qs](https://github.com/ljharb/qs) and [shell-quote](https://github.com/ljharb/shell-quote).
Bumps the npm_and_yarn group with 3 updates in the /examples/reactjs/ts/sample-app directory: [ws](https://github.com/websockets/ws), [qs](https://github.com/ljharb/qs) and [shell-quote](https://github.com/ljharb/shell-quote).
Bumps the npm_and_yarn group with 1 update in the /examples/reactjs/vite/sample-app directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 4 updates in the /examples/symfony/sample directory: [ws](https://github.com/websockets/ws), [qs](https://github.com/ljharb/qs), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).


Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `qs` from 6.15.1 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `shell-quote` from 1.8.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `qs` from 6.14.2 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `tmp` from 0.2.5 to 0.2.7
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.5...v0.2.7)

Updates `@angular/common` from 21.2.14 to 21.2.17
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/common)

Updates `@angular/compiler` from 21.2.14 to 21.2.17
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/compiler)

Updates `@angular/core` from 21.2.14 to 21.2.17
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/core)

Updates `hono` from 4.12.18 to 4.12.25
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.18...v4.12.25)

Updates `ws` from 8.17.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `qs` from 6.14.2 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `shell-quote` from 1.8.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

Updates `ws` from 8.17.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `qs` from 6.14.2 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `shell-quote` from 1.8.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `qs` from 6.14.2 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `shell-quote` from 1.8.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `qs` from 6.14.2 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `shell-quote` from 1.8.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `qs` from 6.14.2 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `shell-quote` from 1.8.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `qs` from 6.13.0 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `shell-quote` from 1.8.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `qs` from 6.13.0 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `shell-quote` from 1.8.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `qs` from 6.13.0 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `shell-quote` from 1.8.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

Updates `vite` from 8.0.14 to 8.0.16
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `qs` from 6.14.2 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `shell-quote` from 1.8.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

Updates `tmp` from 0.2.5 to 0.2.7
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.5...v0.2.7)

---
updated-dependencies:
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 0.2.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@angular/common"
  dependency-version: 21.2.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/compiler"
  dependency-version: 21.2.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/core"
  dependency-version: 21.2.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.25
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.0.16
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 0.2.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Copilot AI review requested due to automatic review settings June 17, 2026 02:58
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 17, 2026
@dependabot dependabot Bot requested review from a team as code owners June 17, 2026 02:58
@dependabot dependabot Bot requested review from achettyiitr and krishna2020 June 17, 2026 02:58
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 17, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@sonarqubecloud

Copy link
Copy Markdown

@github-actions

Copy link
Copy Markdown

size-limit report 📦

Name Size Delta Limit check
Common - No bundling 5.78 KB 0 B (0% 🟢) 6 KB (✅)
Legacy Utils - No bundling 11.11 KB 0 B (0% 🟢) 12 KB (✅)
Cookies Utils - Legacy - NPM (ESM) 1.54 KB 0 B (0% 🟢) 2 KB (✅)
Cookies Utils - Legacy - NPM (CJS) 1.74 KB 0 B (0% 🟢) 2 KB (✅)
Cookies Utils - Legacy - NPM (UMD) 1.52 KB 0 B (0% 🟢) 2 KB (✅)
Cookies Utils - Modern - NPM (ESM) 1.16 KB 0 B (0% 🟢) 1.5 KB (✅)
Cookies Utils - Modern - NPM (CJS) 1.39 KB 0 B (0% 🟢) 1.5 KB (✅)
Cookies Utils - Modern - NPM (UMD) 1.15 KB 0 B (0% 🟢) 1.5 KB (✅)
Plugins Module Federation Mapping - Legacy - CDN 330 B 0 B (0% 🟢) 512 B (✅)
Plugins Module Federation Mapping - Modern - CDN 330 B 0 B (0% 🟢) 512 B (✅)
Plugins - Legacy - CDN 13.6 KB 0 B (0% 🟢) 15 KB (✅)
Plugins - Modern - CDN 5.52 KB 0 B (0% 🟢) 6 KB (✅)
Core (v1.1) - NPM (ESM) 29.77 KB 0 B (0% 🟢) 32 KB (✅)
Core (v1.1) - NPM (CJS) 29.99 KB 0 B (0% 🟢) 32 KB (✅)
Core (v1.1) - NPM (UMD) 29.8 KB 0 B (0% 🟢) 32 KB (✅)
Core (Content Script - v1.1) - NPM (ESM) 29.39 KB 0 B (0% 🟢) 30.5 KB (✅)
Core (Content Script - v1.1) - NPM (CJS) 29.47 KB 0 B (0% 🟢) 30.5 KB (✅)
Core (Content Script - v1.1) - NPM (UMD) 29.37 KB 0 B (0% 🟢) 30.5 KB (✅)
Core (v1.1) - Legacy - CDN 31.24 KB 0 B (0% 🟢) 32.5 KB (✅)
Core (v1.1) - Modern - CDN 29.68 KB 0 B (0% 🟢) 32 KB (✅)
Core - Legacy - NPM (ESM) 47.77 KB 0 B (0% 🟢) 50 KB (✅)
Core - Legacy - NPM (CJS) 47.94 KB 0 B (0% 🟢) 50 KB (✅)
Core - Legacy - NPM (UMD) 47.83 KB 0 B (0% 🟢) 50 KB (✅)
Core - Legacy - CDN 47.88 KB 0 B (0% 🟢) 50 KB (✅)
Core - Modern - NPM (ESM) 27.09 KB 0 B (0% 🟢) 28.5 KB (✅)
Core - Modern - NPM (CJS) 27.33 KB 0 B (0% 🟢) 28.5 KB (✅)
Core - Modern - NPM (UMD) 27.14 KB 0 B (0% 🟢) 28.5 KB (✅)
Core - Modern - CDN 27.36 KB 0 B (0% 🟢) 28.5 KB (✅)
Core (Bundled) - Legacy - NPM (ESM) 47.81 KB 0 B (0% 🟢) 50 KB (✅)
Core (Bundled) - Legacy - NPM (CJS) 47.97 KB 0 B (0% 🟢) 50 KB (✅)
Core (Bundled) - Legacy - NPM (UMD) 47.78 KB 0 B (0% 🟢) 50 KB (✅)
Core (Bundled) - Modern - NPM (ESM) 40.35 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Bundled) - Modern - NPM (CJS) 40.59 KB 0 B (0% 🟢) 42 KB (✅)
Core (Bundled) - Modern - NPM (UMD) 40.42 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Content Script) - Legacy - NPM (ESM) 47.72 KB 0 B (0% 🟢) 50 KB (✅)
Core (Content Script) - Legacy - NPM (CJS) 47.82 KB 0 B (0% 🟢) 50 KB (✅)
Core (Content Script) - Legacy - NPM (UMD) 47.74 KB 0 B (0% 🟢) 50 KB (✅)
Core (Content Script) - Modern - NPM (ESM) 40.38 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Content Script) - Modern - NPM (CJS) 40.52 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Content Script) - Modern - NPM (UMD) 40.32 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Lite) - Legacy - NPM (ESM) 36.48 KB 0 B (0% 🟢) 39 KB (✅)
Core (Lite) - Legacy - NPM (CJS) 36.69 KB 0 B (0% 🟢) 39 KB (✅)
Core (Lite) - Legacy - NPM (UMD) 36.47 KB 0 B (0% 🟢) 39 KB (✅)
Core (Lite) - Modern - NPM (ESM) 31.8 KB 0 B (0% 🟢) 34 KB (✅)
Core (Lite) - Modern - NPM (CJS) 32.01 KB 0 B (0% 🟢) 34 KB (✅)
Core (Lite) - Modern - NPM (UMD) 31.84 KB 0 B (0% 🟢) 34 KB (✅)
Service Worker - Legacy - NPM (ESM) 31.92 KB 245 B (+0.76% 🔺) 32 KB (✅)
Service Worker - Legacy - NPM (CJS) 32.13 KB 292 B (+0.9% 🔺) 32 KB (134 B ❌)
Service Worker - Legacy - NPM (UMD) 31.96 KB 288 B (+0.89% 🔺) 32 KB (✅)
Service Worker - Modern - NPM (ESM) 27.81 KB 265 B (+0.94% 🔺) 28 KB (✅)
Service Worker - Modern - NPM (CJS) 28.04 KB 306 B (+1.08% 🔺) 28 KB (37 B ❌)
Service Worker - Modern - NPM (UMD) 27.8 KB 245 B (+0.87% 🔺) 28 KB (✅)
All Integrations - Legacy - CDN 96.25 KB 0 B (0% 🟢) 97 KB (✅)
All Integrations - Modern - CDN 88.5 KB 0 B (0% 🟢) 93.5 KB (✅)
Load Snippet 780 B 0 B (0% 🟢) 1 KB (✅)

@dependabot @github

dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #3075.

@dependabot dependabot Bot closed this Jun 19, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-c2918a91c3 branch June 19, 2026 10:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant