Skip to content

Bump the npm_and_yarn group across 1 directory with 6 updates#856

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-5e60a151f0
Open

Bump the npm_and_yarn group across 1 directory with 6 updates#856
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-5e60a151f0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 2 updates in the / directory: tsup and vitest.

Updates tsup from 8.3.0 to 8.3.5

Release notes

Sourced from tsup's releases.

v8.3.5

   🐞 Bug Fixes

    View changes on GitHub

v8.3.4

No significant changes

    View changes on GitHub

v8.3.3

No significant changes

    View changes on GitHub

v8.3.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates vitest from 2.1.3 to 3.2.6

Release notes

Sourced from vitest's releases.

v3.2.6

   🐞 Bug Fixes

    View changes on GitHub

v3.2.5

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v3.2.4

   🐞 Bug Fixes

    View changes on GitHub

v3.2.3

   🚀 Features

... (truncated)

Commits
  • b6d56f8 chore: release v3.2.6
  • 16f120d fix: pin last supported vite-node version
  • 2cbad0a chore: release v3.2.5
  • 385a1ae fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • af88b1f feat(api): add allowWrite and allowExec options to api [backport to v3]...
  • c666d14 chore: release v3.2.4
  • 8a18c8e fix(cli): throw error when --shard x/\<count> exceeds count of test files (#...
  • 8abd7cc chore(deps): update tinypool (#8174)
  • 93f3200 fix(deps): update all non-major dependencies (#8123)
  • 0c3be6f fix(coverage): ignore SCSS in browser mode (#8161)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Updates esbuild from 0.21.5 to 0.23.1

Release notes

Sourced from esbuild's releases.

v0.23.1

  • Allow using the node: import prefix with es* targets (#3821)

    The node: prefix on imports is an alternate way to import built-in node modules. For example, import fs from "fs" can also be written import fs from "node:fs". This only works with certain newer versions of node, so esbuild removes it when you target older versions of node such as with --target=node14 so that your code still works. With the way esbuild's platform-specific feature compatibility table works, this was added by saying that only newer versions of node support this feature. However, that means that a target such as --target=node18,es2022 removes the node: prefix because none of the es* targets are known to support this feature. This release adds the support for the node: flag to esbuild's internal compatibility table for es* to allow you to use compound targets like this:

    // Original code
    import fs from 'node:fs'
    fs.open
    // Old output (with --bundle --format=esm --platform=node --target=node18,es2022)
    import fs from "fs";
    fs.open;
    // New output (with --bundle --format=esm --platform=node --target=node18,es2022)
    import fs from "node:fs";
    fs.open;

  • Fix a panic when using the CLI with invalid build flags if --analyze is present (#3834)

    Previously esbuild's CLI could crash if it was invoked with flags that aren't valid for a "build" API call and the --analyze flag is present. This was caused by esbuild's internals attempting to add a Go plugin (which is how --analyze is implemented) to a null build object. The panic has been fixed in this release.

  • Fix incorrect location of certain error messages (#3845)

    This release fixes a regression that caused certain errors relating to variable declarations to be reported at an incorrect location. The regression was introduced in version 0.18.7 of esbuild.

  • Print comments before case clauses in switch statements (#3838)

    With this release, esbuild will attempt to print comments that come before case clauses in switch statements. This is similar to what esbuild already does for comments inside of certain types of expressions. Note that these types of comments are not printed if minification is enabled (specifically whitespace minification).

  • Fix a memory leak with pluginData (#3825)

    With this release, the build context's internal pluginData cache will now be cleared when starting a new build. This should fix a leak of memory from plugins that return pluginData objects from onResolve and/or onLoad callbacks.

v0.23.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.22.0 or ~0.22.0. See npm's documentation about semver for more information.

  • Revert the recent change to avoid bundling dependencies for node (#3819)

    This release reverts the recent change in version 0.22.0 that made --packages=external the default behavior with --platform=node. The default is now back to --packages=bundle.

    I've just been made aware that Amazon doesn't pin their dependencies in their "AWS CDK" product, which means that whenever esbuild publishes a new release, many people (potentially everyone?) using their SDK around the world instantly starts using it without Amazon checking that it works first. This change in version 0.22.0 happened to break their SDK. I'm amazed that things haven't broken before this point. This revert attempts to avoid these problems for Amazon's customers. Hopefully Amazon will pin their dependencies in the future.

    In addition, this is probably a sign that esbuild is used widely enough that it now needs to switch to a more complicated release model. I may have esbuild use a beta channel model for further development.

  • Fix preserving collapsed JSX whitespace (#3818)

    When transformed, certain whitespace inside JSX elements is ignored completely if it collapses to an empty string. However, the whitespace should only be ignored if the JSX is being transformed, not if it's being preserved. This release fixes a bug where esbuild was previously incorrectly ignoring collapsed whitespace with --jsx=preserve. Here is an example:

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.23.1

  • Allow using the node: import prefix with es* targets (#3821)

    The node: prefix on imports is an alternate way to import built-in node modules. For example, import fs from "fs" can also be written import fs from "node:fs". This only works with certain newer versions of node, so esbuild removes it when you target older versions of node such as with --target=node14 so that your code still works. With the way esbuild's platform-specific feature compatibility table works, this was added by saying that only newer versions of node support this feature. However, that means that a target such as --target=node18,es2022 removes the node: prefix because none of the es* targets are known to support this feature. This release adds the support for the node: flag to esbuild's internal compatibility table for es* to allow you to use compound targets like this:

    // Original code
    import fs from 'node:fs'
    fs.open
    // Old output (with --bundle --format=esm --platform=node --target=node18,es2022)
    import fs from "fs";
    fs.open;
    // New output (with --bundle --format=esm --platform=node --target=node18,es2022)
    import fs from "node:fs";
    fs.open;

  • Fix a panic when using the CLI with invalid build flags if --analyze is present (#3834)

    Previously esbuild's CLI could crash if it was invoked with flags that aren't valid for a "build" API call and the --analyze flag is present. This was caused by esbuild's internals attempting to add a Go plugin (which is how --analyze is implemented) to a null build object. The panic has been fixed in this release.

  • Fix incorrect location of certain error messages (#3845)

    This release fixes a regression that caused certain errors relating to variable declarations to be reported at an incorrect location. The regression was introduced in version 0.18.7 of esbuild.

  • Print comments before case clauses in switch statements (#3838)

    With this release, esbuild will attempt to print comments that come before case clauses in switch statements. This is similar to what esbuild already does for comments inside of certain types of expressions. Note that these types of comments are not printed if minification is enabled (specifically whitespace minification).

  • Fix a memory leak with pluginData (#3825)

    With this release, the build context's internal pluginData cache will now be cleared when starting a new build. This should fix a leak of memory from plugins that return pluginData objects from onResolve and/or onLoad callbacks.

0.23.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.22.0 or ~0.22.0. See npm's documentation about semver for more information.

  • Revert the recent change to avoid bundling dependencies for node (#3819)

    This release reverts the recent change in version 0.22.0 that made --packages=external the default behavior with --platform=node. The default is now back to --packages=bundle.

    I've just been made aware that Amazon doesn't pin their dependencies in their "AWS CDK" product, which means that whenever esbuild publishes a new release, many people (potentially everyone?) using their SDK around the world instantly starts using it without Amazon checking that it works first. This change in version 0.22.0 happened to break their SDK. I'm amazed that things haven't broken before this point. This revert attempts to avoid these problems for Amazon's customers. Hopefully Amazon will pin their dependencies in the future.

    In addition, this is probably a sign that esbuild is used widely enough that it now needs to switch to a more complicated release model. I may have esbuild use a beta channel model for further development.

  • Fix preserving collapsed JSX whitespace (#3818)

... (truncated)

Commits

Updates postcss from 8.4.47 to 8.5.16

Release notes

Sourced from postcss's releases.

8.5.16

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

8.5.3

8.5.2

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.16

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for postcss since your current version.


Updates rollup from 4.24.0 to 4.62.2

Release notes

Sourced from rollup's releases.

v4.62.2

4.62.2

2026-06-19

Bug Fixes

  • Do not add spurious side-effect-free external imports to chunks when using minChunkSize (#6411)

Pull Requests

v4.62.1

4.62.1

2026-06-19

Bug Fixes

  • Preserve multipart file extensions when deconflicting output chunks (#6408)
  • Fix an issue where getLogFilter would match additional logs (#6415)

Pull Requests

v4.62.0

4.62.0

2026-06-13

Features

  • Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.62.2

2026-06-19

Bug Fixes

  • Do not add spurious side-effect-free external imports to chunks when using minChunkSize (#6411)

Pull Requests

4.62.1

2026-06-19

Bug Fixes

  • Preserve multipart file extensions when deconflicting output chunks (#6408)
  • Fix an issue where getLogFilter would match additional logs (#6415)

Pull Requests

4.62.0

2026-06-13

Features

  • Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

... (truncated)

Commits
  • 8faa187 4.62.2
  • a38a795 refactor(rust/parser_ast): extract property AstConverter write buffer kind lo...
  • 6cc5c31 Skip side-effect-free external imports when hoisting is disabled (#6411)
  • caacf70 4.62.1
  • d1e8297 Add missing ignore
  • 1ba1fc2 fix: insert conflict numbers before first extension in multi-extension filena...
  • 532bd0a Use import attributes for importing JSON (#6393)
  • 2cd8194 fix: advance value past wildcard prefix before suffix check in getLogFilter (...
  • dfac590 fix(deps): update minor/patch updates (#6418)
  • 1d6db3d chore(deps): update dependency eslint-plugin-unicorn to v66 (#6419)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for rollup since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates vite from 5.4.9 to 7.3.6

Release notes

Sourced from vite's releases.

v7.3.6

Please refer to CHANGELOG.md for details.

v7.3.5

Please refer to CHANGELOG.md for details.

v7.3.3

Please refer to CHANGELOG.md for details.

v7.3.2

Please refer to CHANGELOG.md for details.

v7.3.1

Please refer to CHANGELOG.md for details.

v7.3.0

Please refer to CHANGELOG.md for details.

v7.2.7

Please refer to CHANGELOG.md for details.

v7.2.6

Please refer to CHANGELOG.md for details.

v7.2.5

Please refer to CHANGELOG.md for details.

Note: 7.2.5 failed to publish so it is skipped on npm

v7.2.4

Please refer to CHANGELOG.md for details.

v7.2.3

Please refer to CHANGELOG.md for details.

v7.2.2

Please refer to CHANGELOG.md for details.

v7.2.1

Please refer to CHANGELOG.md for details.

v7.2.0

Please refer to CHANGELOG.md for details.

v7.2.0-beta.1

Please refer to CHANGELOG.md for details.

v7.2.0-beta.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.3.6 (2026-06-25)

Features

7.3.5 (2026-06-01)

Bug Fixes

Miscellaneous Chores

7.3.4 (2026-06-01)

Bug Fixes

7.3.3 (2026-05-07)

Bug Fixes

7.3.2 (2026-04-06)

Bug Fixes

7.3.1 (2026-01-07)

Features

  • add ignoreOutdatedRequests option to optimizeDeps (#21364) (9d39d37)

7.3.0 (2025-12-15)

Features

  • deps: update esbuild from ^0.25.0 to ^0.27.0 (#21183) (cff26ec)

7.2.7 (2025-12-08)

Bug Fixes

7.2.6 (2025-12-01)

7.2.5 (2025-12-01)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vite since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 2 updates in the / directory: [tsup](https://github.com/egoist/tsup) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `tsup` from 8.3.0 to 8.3.5
- [Release notes](https://github.com/egoist/tsup/releases)
- [Commits](egoist/tsup@v8.3.0...v8.3.5)

Updates `vitest` from 2.1.3 to 3.2.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest)

Updates `esbuild` from 0.21.5 to 0.23.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](evanw/esbuild@v0.21.5...v0.23.1)

Updates `postcss` from 8.4.47 to 8.5.16
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.47...8.5.16)

Updates `rollup` from 4.24.0 to 4.62.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.24.0...v4.62.2)

Updates `vite` from 5.4.9 to 7.3.6
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.6/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.6/packages/vite)

---
updated-dependencies:
- dependency-name: tsup
  dependency-version: 8.3.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 3.2.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.23.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.62.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file major javascript Pull requests that update javascript code labels Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code major

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants