Skip to content

chore(deps): bump the npm_and_yarn group across 15 directories with 12 updates#3085

Closed
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/npm_and_yarn-6f09c92c37
Closed

chore(deps): bump the npm_and_yarn group across 15 directories with 12 updates#3085
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/npm_and_yarn-6f09c92c37

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 2 updates in the / directory: @babel/core and ws.
Bumps the npm_and_yarn group with 6 updates in the /examples/angular/sample-app directory:

Package From To
js-yaml 4.1.1 4.3.0
ws 8.18.3 8.21.0
tar 7.5.11 7.5.19
@sigstore/core 3.1.0 3.2.1
hono 4.12.18 4.12.27
piscina 5.1.4 5.2.0

Bumps the npm_and_yarn group with 2 updates in the /examples/gatsby/sample-gatsby-plugin-usage directory: ws and multer.
Bumps the npm_and_yarn group with 2 updates in the /examples/gatsby/sample-gatsby-site directory: ws and multer.
Bumps the npm_and_yarn group with 1 update in the /examples/integrations/Ninetailed/sample-apps/app-using-npm directory: ws.
Bumps the npm_and_yarn group with 1 update in the /examples/integrations/Ninetailed/sample-apps/app-using-v1.1-cdn directory: ws.
Bumps the npm_and_yarn group with 1 update in the /examples/integrations/Ninetailed/sample-apps/app-using-v3-cdn directory: ws.
Bumps the npm_and_yarn group with 1 update in the /examples/reactjs/hooks/sample-app directory: ws.
Bumps the npm_and_yarn group with 1 update in the /examples/reactjs/js/sample-app directory: ws.
Bumps the npm_and_yarn group with 1 update in the /examples/reactjs/ts/sample-app directory: ws.
Bumps the npm_and_yarn group with 2 updates in the /examples/reactjs/vite/sample-app directory: js-yaml and vite.
Bumps the npm_and_yarn group with 2 updates in the /examples/serverless/cloudflare-worker directory: form-data and ws.
Bumps the npm_and_yarn group with 3 updates in the /examples/symfony/sample directory: @babel/core, ws and webpack-dev-server.
Bumps the npm_and_yarn group with 1 update in the /packages/analytics-js-integrations directory: @babel/core.
Bumps the npm_and_yarn group with 1 update in the /packages/analytics-js-plugins directory: @babel/core.

Updates @babel/core from 7.29.0 to 7.29.6

Release notes

Sourced from @​babel/core's releases.

v7.29.6 (2026-05-25)

🐛 Bug Fix

Committers: 3

v7.29.5 (2026-05-05)

🏠 Internal

  • babel-preset-env
    • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

  • babel-plugin-transform-modules-systemjs
    • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

📝 Documentation

... (truncated)

Commits

Updates ws from 7.5.10 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates js-yaml from 4.1.1 to 4.3.0

Changelog

Sourced from js-yaml's changelog.

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.

... (truncated)

Commits
  • 33d05b5 4.3.0 released
  • 663bfab Drop demo publish, to not override new v5 one.
  • 1cb8c7b Add v4-legacy tag for publish
  • 02f27af Restore umd builds back to es5
  • 8be84ed Fix es5 compatibility
  • 59423c6 Replace maxMergeSeqLength option with maxTotalMergeKeys (more robust). Ba...
  • 6842ef6 doc polish
  • 590dbab 4.2.0 released
  • f944dc5 Add package.json funding field
  • f692719 Changelog update
  • Additional commits viewable in compare view

Updates ws from 8.18.3 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates tar from 7.5.11 to 7.5.19

Commits

Updates @sigstore/core from 3.1.0 to 3.2.1

Release notes

Sourced from @​sigstore/core's releases.

@​sigstore/core@​3.2.1

Patch Changes

  • b5aa4f1: Apply UTF-8 encoding to payload type during PAE calculation

@​sigstore/core@​3.2.0

Minor Changes

  • 8f736ef: Update the createPublicKey function to support base64-encoded keys
Commits

Updates hono from 4.12.18 to 4.12.27

Release notes

Sourced from hono's releases.

v4.12.27

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc


Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

v4.12.26

What's Changed

Full Changelog: honojs/hono@v4.12.25...v4.12.26

v4.12.25

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

... (truncated)

Commits
  • 97c6fe1 4.12.27
  • aa92177 Merge commit from fork
  • cd3f6f7 Merge commit from fork
  • d4853a8 fix(jsx): make merged context-isolation tests pass tsc type check (#5037)
  • 6735fea fix(jsx): cast awaitedFallback through unknown to fix Deno type check (#5036)
  • fab3b13 Merge commit from fork
  • 9f0dadf ci: use npm Staged publishing (#5035)
  • 27b7992 4.12.26
  • d29982c chore: replace arg and glob with Bun native APIs in build script
  • 16215d5 chore: remove unused devcontainer and gitpod configs (#5029)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for hono since your current version.


Updates piscina from 5.1.4 to 5.2.0

Changelog

Sourced from piscina's changelog.

5.2.0 (2026-06-12)

Features

Bug Fixes

  • eagerly spawn workers up to maxThreads on cold-pool burst (#1043) (779c640)
  • include skipQueue in queueSize calculation (#1030) (b7d4d61)
  • interface name and add missing curly brace (#951) (8cd51f2)
  • onWorkerMessage gets skipped in Jest environment (#968) (54de192)
Commits
  • 8baaa1b chore(release): 5.2.0
  • 107b09a Merge commit from fork
  • 3eeaa37 docs: correct typo 'maintanance' in CONTRIBUTING.md (#1071)
  • b7d4d61 fix: include skipQueue in queueSize calculation (#1030)
  • 6beabe0 feat: Add idleThreads getter (#1059)
  • e104a89 chore(deps): Bump fast-uri from 3.0.6 to 3.1.2 in /docs in the npm_and_yarn g...
  • 779c640 fix: eagerly spawn workers up to maxThreads on cold-pool burst (#1043)
  • 469cb93 docs: Update Fastify listen() calls to use { port: 3000 } in docs and example...
  • d752afd [Backport v5] chore(deps): docs: Bump lodash from 4.17.23 to 4.18.1 in /docs ...
  • 6ed6284 chores: gh actions least privilege (#1013) (#1015)
  • Additional commits viewable in compare view

Updates webpack-dev-server from 5.2.3 to 5.2.5

Release notes

Sourced from webpack-dev-server's releases.

v5.2.5

Patch Changes

  • Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)
Changelog

Sourced from webpack-dev-server's changelog.

5.2.5

Patch Changes

  • Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

Commits
  • c3ee325 chore(release): new release (#5682)
  • 60173be feat: add changeset validation and release workflow (#5680)
  • 948d5e6 fix(proxy): match the HMR upgrade path exactly like the ws server (#5678)
  • 93e8996 fix: skip HMR websocket path when forwarding upgrades to user-defined proxies...
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-server since your current version.


Updates ws from 8.17.1 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates multer from 2.1.1 to 2.2.0

Release notes

Sourced from multer's releases.

v2.2.0

Important

What's Changed

New Contributors

Full Changelog: expressjs/multer@v2.1.1...v2.2.0

Changelog

Sourced from multer's changelog.

2.2.0

Commits
  • 2e2af08 2.2.0 (#1412)
  • a192b52 feat: add fieldNestingDepth limit option
  • 9c801c7 fix: clean up in-progress disk writes on abort
  • 0adb21d ci: add Node 26 to test matrix (#1404)
  • f5e17c3 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#1410)
  • de1fefd chore(deps): bump github/codeql-action from 4.32.4 to 4.36.1 (#1409)
  • 67abfc8 chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#1397)
  • See full diff in compare view

Updates ws from 8.17.1 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates multer from 2.1.1 to 2.2.0

Release notes

Sourced from multer's releases.

v2.2.0

Important

What's Changed

New Contributors

Full Changelog: expressjs/multer@v2.1.1...v2.2.0

Changelog

Sourced from multer's changelog.

2.2.0

Commits
  • 2e2af08 2.2.0 (#1412)
  • a192b52 feat: add fieldNestingDepth limit option
  • 9c801c7 fix: clean up in-progress disk writes on abort
  • 0adb21d ci: add Node 26 to test matrix (#1404)
  • f5e17c3 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#1410)
  • de1fefd chore(deps): bump github/codeql-action from 4.32.4 to 4.36.1 (#1409)
  • 67abfc8 chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#1397)
  • See full diff in compare view

Updates ws from 8.18.3 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 7.5.10 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 8.18.3 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 7.5.10 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 8.18.3 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 7.5.10 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 8.18.3 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 7.5.10 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 8.18.3 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 7.5.10 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 8.18.3 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 7.5.10 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates js-yaml from 4.1.1 to 4.3.0

Changelog

Sourced from js-yaml's changelog.

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.

... (truncated)

Commits
  • 33d05b5 4.3.0 released
  • 663bfab Drop demo publish, to not override new v5 one.
  • 1cb8c7b Add v4-legacy tag for publish
  • 02f27af Restore umd builds back to es5
  • 8be84ed Fix es5 compatibility
  • 59423c6 Replace maxMergeSeqLength option with maxTotalMergeKeys (more robust). Ba...
  • 6842ef6 doc polish
  • 590dbab 4.2.0 released
  • f944dc5 Add package.json funding field
  • f692719 Changelog update
  • Additional commits viewable in compare view

Updates vite from 8.0.14 to 8.1.1

Release notes

Sourced from vite's releases.

v8.1.1

Please refer to CHANGELOG.md for details.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.1 (2026-06-30)

Features

  • update dynamic import warning to link to Vite docs (#22823) (62bd7af)

Bug Fixes

  • bundled-dev: avoid stack overflow on import.meta.hot.invalidate() (#22797) (709eb8e)
  • bundled-dev: serve assets emitted during HMR/lazy compile (#22745) (5876b2c)
  • bundledDev: skip plugin transform hooks for rolldown-lazy stub modules (#22778) (8f925e2)
  • css: preserve dollar signs in external @import urls with lightningcss (#22718) (9fa7ab4)
  • css: resolve tsconfig paths in CSS and Sass @​import (#22775) (ef0b891)
  • deps: update all non-major dependencies (#22734) (e635f49)
  • deps: update all non-major dependencies (#22804) (8837400)
  • deps: update rolldown-related dependencies (#22591) (2ce6677)
  • escape ids with multiple null bytes (#22687) (833fc30)
  • hide console window when running 'net use' on Windows (#22698) (92b63f2)
  • ignore bundled config temp dir (#22800) (043a810)
  • invert esbuild.jsxSideEffects when converting to oxc.jsx.pure (#22809) (33895ba)
  • optimize-deps: ignore ERR_CLOSED_SERVER in scanner (#22784) (085a0ab)
  • optimizer: scanner should resolve input from root (#22769) (9722b07)
  • resolve pnpm .modules.yaml from workspace root instead of cwd (#22757) (2531ac7)
  • return sourcemap field from some plugins th...

    Description has been truncated

…2 updates

Bumps the npm_and_yarn group with 2 updates in the / directory: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) and [ws](https://github.com/websockets/ws).
Bumps the npm_and_yarn group with 6 updates in the /examples/angular/sample-app directory:

| Package | From | To |
| --- | --- | --- |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.3.0` |
| [ws](https://github.com/websockets/ws) | `8.18.3` | `8.21.0` |
| [tar](https://github.com/isaacs/node-tar) | `7.5.11` | `7.5.19` |
| [@sigstore/core](https://github.com/sigstore/sigstore-js) | `3.1.0` | `3.2.1` |
| [hono](https://github.com/honojs/hono) | `4.12.18` | `4.12.27` |
| [piscina](https://github.com/piscinajs/piscina) | `5.1.4` | `5.2.0` |

Bumps the npm_and_yarn group with 2 updates in the /examples/gatsby/sample-gatsby-plugin-usage directory: [ws](https://github.com/websockets/ws) and [multer](https://github.com/expressjs/multer).
Bumps the npm_and_yarn group with 2 updates in the /examples/gatsby/sample-gatsby-site directory: [ws](https://github.com/websockets/ws) and [multer](https://github.com/expressjs/multer).
Bumps the npm_and_yarn group with 1 update in the /examples/integrations/Ninetailed/sample-apps/app-using-npm directory: [ws](https://github.com/websockets/ws).
Bumps the npm_and_yarn group with 1 update in the /examples/integrations/Ninetailed/sample-apps/app-using-v1.1-cdn directory: [ws](https://github.com/websockets/ws).
Bumps the npm_and_yarn group with 1 update in the /examples/integrations/Ninetailed/sample-apps/app-using-v3-cdn directory: [ws](https://github.com/websockets/ws).
Bumps the npm_and_yarn group with 1 update in the /examples/reactjs/hooks/sample-app directory: [ws](https://github.com/websockets/ws).
Bumps the npm_and_yarn group with 1 update in the /examples/reactjs/js/sample-app directory: [ws](https://github.com/websockets/ws).
Bumps the npm_and_yarn group with 1 update in the /examples/reactjs/ts/sample-app directory: [ws](https://github.com/websockets/ws).
Bumps the npm_and_yarn group with 2 updates in the /examples/reactjs/vite/sample-app directory: [js-yaml](https://github.com/nodeca/js-yaml) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 2 updates in the /examples/serverless/cloudflare-worker directory: [form-data](https://github.com/form-data/form-data) and [ws](https://github.com/websockets/ws).
Bumps the npm_and_yarn group with 3 updates in the /examples/symfony/sample directory: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core), [ws](https://github.com/websockets/ws) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).
Bumps the npm_and_yarn group with 1 update in the /packages/analytics-js-integrations directory: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core).
Bumps the npm_and_yarn group with 1 update in the /packages/analytics-js-plugins directory: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core).


Updates `@babel/core` from 7.29.0 to 7.29.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.6/packages/babel-core)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `tar` from 7.5.11 to 7.5.19
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.11...v7.5.19)

Updates `@sigstore/core` from 3.1.0 to 3.2.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/core@3.2.1)

Updates `hono` from 4.12.18 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.18...v4.12.27)

Updates `piscina` from 5.1.4 to 5.2.0
- [Release notes](https://github.com/piscinajs/piscina/releases)
- [Changelog](https://github.com/piscinajs/piscina/blob/v5.2.0/CHANGELOG.md)
- [Commits](piscinajs/piscina@v5.1.4...v5.2.0)

Updates `webpack-dev-server` from 5.2.3 to 5.2.5
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.4...v5.2.5)

Updates `ws` from 8.17.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `multer` from 2.1.1 to 2.2.0
- [Release notes](https://github.com/expressjs/multer/releases)
- [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md)
- [Commits](expressjs/multer@v2.1.1...v2.2.0)

Updates `ws` from 8.17.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `multer` from 2.1.1 to 2.2.0
- [Release notes](https://github.com/expressjs/multer/releases)
- [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md)
- [Commits](expressjs/multer@v2.1.1...v2.2.0)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `vite` from 8.0.14 to 8.1.1
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.1/packages/vite)

Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `undici` from 7.24.8 to 7.28.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.24.8...v7.28.0)

Updates `@babel/core` from 7.29.0 to 8.0.1
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.6/packages/babel-core)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `webpack-dev-server` from 5.2.4 to 5.2.5
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.4...v5.2.5)

Updates `@babel/core` from 7.29.0 to 7.29.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.6/packages/babel-core)

Updates `@babel/core` from 7.29.0 to 7.29.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.6/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-version: 7.29.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.19
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@sigstore/core"
  dependency-version: 3.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: piscina
  dependency-version: 5.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-server
  dependency-version: 5.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: multer
  dependency-version: 2.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: multer
  dependency-version: 2.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 7.28.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/core"
  dependency-version: 8.0.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-server
  dependency-version: 5.2.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/core"
  dependency-version: 7.29.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/core"
  dependency-version: 7.29.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Copilot AI review requested due to automatic review settings June 30, 2026 13:59
@dependabot dependabot Bot requested a review from a team as a code owner June 30, 2026 13:59
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 30, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 30, 2026 13:59
@dependabot dependabot Bot requested review from achettyiitr and arpl June 30, 2026 13:59

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

@sonarqubecloud

Copy link
Copy Markdown

@github-actions

Copy link
Copy Markdown

size-limit report 📦

Name Size Delta Limit check
Common - No bundling 5.78 KB 0 B (0% 🟢) 6 KB (✅)
Legacy Utils - No bundling 11.11 KB 0 B (0% 🟢) 12 KB (✅)
Cookies Utils - Legacy - NPM (ESM) 1.54 KB 0 B (0% 🟢) 2 KB (✅)
Cookies Utils - Legacy - NPM (CJS) 1.74 KB 0 B (0% 🟢) 2 KB (✅)
Cookies Utils - Legacy - NPM (UMD) 1.52 KB 0 B (0% 🟢) 2 KB (✅)
Cookies Utils - Modern - NPM (ESM) 1.16 KB 0 B (0% 🟢) 1.5 KB (✅)
Cookies Utils - Modern - NPM (CJS) 1.39 KB 0 B (0% 🟢) 1.5 KB (✅)
Cookies Utils - Modern - NPM (UMD) 1.15 KB 0 B (0% 🟢) 1.5 KB (✅)
Plugins Module Federation Mapping - Legacy - CDN 330 B 0 B (0% 🟢) 512 B (✅)
Plugins Module Federation Mapping - Modern - CDN 330 B 0 B (0% 🟢) 512 B (✅)
Plugins - Legacy - CDN 13.6 KB 0 B (0% 🟢) 15 KB (✅)
Plugins - Modern - CDN 5.52 KB 0 B (0% 🟢) 6 KB (✅)
Core (v1.1) - NPM (ESM) 29.77 KB 0 B (0% 🟢) 32 KB (✅)
Core (v1.1) - NPM (CJS) 29.99 KB 0 B (0% 🟢) 32 KB (✅)
Core (v1.1) - NPM (UMD) 29.8 KB 0 B (0% 🟢) 32 KB (✅)
Core (Content Script - v1.1) - NPM (ESM) 29.39 KB 0 B (0% 🟢) 30.5 KB (✅)
Core (Content Script - v1.1) - NPM (CJS) 29.47 KB 0 B (0% 🟢) 30.5 KB (✅)
Core (Content Script - v1.1) - NPM (UMD) 29.37 KB 0 B (0% 🟢) 30.5 KB (✅)
Core (v1.1) - Legacy - CDN 31.24 KB 0 B (0% 🟢) 32.5 KB (✅)
Core (v1.1) - Modern - CDN 29.68 KB 0 B (0% 🟢) 32 KB (✅)
All Integrations - Legacy - CDN 96.25 KB 0 B (0% 🟢) 97 KB (✅)
All Integrations - Modern - CDN 88.5 KB 0 B (0% 🟢) 93.5 KB (✅)
Service Worker - Legacy - NPM (ESM) 31.68 KB 0 B (0% 🟢) 32 KB (✅)
Service Worker - Legacy - NPM (CJS) 31.85 KB 0 B (0% 🟢) 32 KB (✅)
Service Worker - Legacy - NPM (UMD) 31.68 KB 0 B (0% 🟢) 32 KB (✅)
Service Worker - Modern - NPM (ESM) 27.55 KB 0 B (0% 🟢) 28 KB (✅)
Service Worker - Modern - NPM (CJS) 27.74 KB 0 B (0% 🟢) 28 KB (✅)
Service Worker - Modern - NPM (UMD) 27.56 KB 0 B (0% 🟢) 28 KB (✅)
Core - Legacy - NPM (ESM) 47.77 KB 0 B (0% 🟢) 50 KB (✅)
Core - Legacy - NPM (CJS) 47.94 KB 0 B (0% 🟢) 50 KB (✅)
Core - Legacy - NPM (UMD) 47.83 KB 0 B (0% 🟢) 50 KB (✅)
Core - Legacy - CDN 47.88 KB 0 B (0% 🟢) 50 KB (✅)
Core - Modern - NPM (ESM) 27.09 KB 0 B (0% 🟢) 28.5 KB (✅)
Core - Modern - NPM (CJS) 27.33 KB 0 B (0% 🟢) 28.5 KB (✅)
Core - Modern - NPM (UMD) 27.14 KB 0 B (0% 🟢) 28.5 KB (✅)
Core - Modern - CDN 27.36 KB 0 B (0% 🟢) 28.5 KB (✅)
Core (Bundled) - Legacy - NPM (ESM) 47.81 KB 0 B (0% 🟢) 50 KB (✅)
Core (Bundled) - Legacy - NPM (CJS) 47.97 KB 0 B (0% 🟢) 50 KB (✅)
Core (Bundled) - Legacy - NPM (UMD) 47.78 KB 0 B (0% 🟢) 50 KB (✅)
Core (Bundled) - Modern - NPM (ESM) 40.35 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Bundled) - Modern - NPM (CJS) 40.59 KB 0 B (0% 🟢) 42 KB (✅)
Core (Bundled) - Modern - NPM (UMD) 40.42 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Content Script) - Legacy - NPM (ESM) 47.72 KB 0 B (0% 🟢) 50 KB (✅)
Core (Content Script) - Legacy - NPM (CJS) 47.82 KB 0 B (0% 🟢) 50 KB (✅)
Core (Content Script) - Legacy - NPM (UMD) 47.74 KB 0 B (0% 🟢) 50 KB (✅)
Core (Content Script) - Modern - NPM (ESM) 40.38 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Content Script) - Modern - NPM (CJS) 40.52 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Content Script) - Modern - NPM (UMD) 40.32 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Lite) - Legacy - NPM (ESM) 36.48 KB 0 B (0% 🟢) 39 KB (✅)
Core (Lite) - Legacy - NPM (CJS) 36.69 KB 0 B (0% 🟢) 39 KB (✅)
Core (Lite) - Legacy - NPM (UMD) 36.47 KB 0 B (0% 🟢) 39 KB (✅)
Core (Lite) - Modern - NPM (ESM) 31.8 KB 0 B (0% 🟢) 34 KB (✅)
Core (Lite) - Modern - NPM (CJS) 32.01 KB 0 B (0% 🟢) 34 KB (✅)
Core (Lite) - Modern - NPM (UMD) 31.84 KB 0 B (0% 🟢) 34 KB (✅)
Load Snippet 780 B 0 B (0% 🟢) 1 KB (✅)

@dependabot @github

dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #3092.

@dependabot dependabot Bot closed this Jul 2, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-6f09c92c37 branch July 2, 2026 01:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant