Skip to content

chore(deps): bump the minor-and-patch group across 1 directory with 5 updates#982

Merged
taroj1205 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-adb49bedee
Jun 9, 2026
Merged

chore(deps): bump the minor-and-patch group across 1 directory with 5 updates#982
taroj1205 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-adb49bedee

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 5 updates in the / directory:

Package From To
date-fns 4.2.1 4.4.0
turbo 2.9.14 2.9.16
ua-parser-js 2.0.9 2.0.10
@types/node 25.9.0 25.9.2
wrangler 4.95.0 4.98.0

Updates date-fns from 4.2.1 to 4.4.0

Release notes

Sourced from date-fns's releases.

v4.4.0

This release revisits the approach to CDN usage and introduces a new package, @date-fns/cdn and deprecates the date-fns CDN scripts. It allowed reducing the zipped package size from 5.83 MB down to 3.96 MB without introducing any breaking changes.

In v5.0.0-alpha.0 where CDN scripts are completely removed from date-fns the change is more significant and brings the zipped package size down to 2.89 MB.

It is just the first step in optimizing the package size. Expect further size reduction in the future v4 and v5 versions.

Changed

  • DEPRECATED: The date-fns CDN scripts are now deprecated and will be removed in the next major release. Please switch to the new @date-fns/cdn package for CDN usage.

  • Removed CDN source maps to reduce the package size. If you rely on them, please switch to the new @date-fns/cdn package that still includes them.

v4.3.0

Kudos to @​ImRodry and @​puneetdixit200 for their contributions.

Fixed

Commits
  • cd53d25 Promote to v4.4.0
  • d948ec1 Preserve but deprecate CDN versions for v4, set up v5 with polyfills
  • ee65753 Add root mise :format task
  • 9f5bdf5 Add positional argument to test/smoke.sh script
  • 651ead6 Split CDN bundles into separate @​date-fns/cdn package
  • 224c1a2 Deprecate type tests as attw hangs on date-fns package
  • 7bb2842 Switch PACKAGE_OUTPUT_PATH to --dist flag in the package build script
  • b6ad5ac Add flags to control package build script
  • 424a783 Fix docs release after moving to monorepo setup
  • f95bcf1 (docs): Add missing tsx dependency
  • Additional commits viewable in compare view

Updates turbo from 2.9.14 to 2.9.16

Release notes

Sourced from turbo's releases.

Turborepo v2.9.16

What's Changed

Changelog

Full Changelog: vercel/turborepo@v2.9.15...v2.9.16

Turborepo v2.9.16-canary.2

What's Changed

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.9.15-canary.7...v2.9.16-canary.2

Turborepo v2.9.15

... (truncated)

Commits

Updates ua-parser-js from 2.0.9 to 2.0.10

Release notes

Sourced from ua-parser-js's releases.

v2.0.10

Version 2.0.10

  • Fix ReDoS vulnerability by limiting Client Hints input length (GHSA-9h5v-pfqq-x599)
  • Add new method useExtension() in UAParser to extend custom detection rules
  • Add new device vendor: Blackview, Coolpad, CUBOT, T-Mobile
  • Improve browser detection: Huawei Browser, UCBrowser
  • Improve OS detection: iOS
  • Identify WebView user-agent as inapp browser
  • extensions submodule:
    • Add new crawler: atlassian-bot, Audisto Crawler, AwarioBot, AwarioRssBot, AwarioSmartBot, BrightEdge Crawler, HubSpot Crawler, Meta-ExternalAds, Meta-WebIndexer, proximic, yacybot
    • Add new fetcher: Feedly, GoogleDocs, UptimeBot, virustotal
    • Add new library: phpcrawl
  • helpers submodule:
    • Fix isElectron() function return itself

What's Changed

New Contributors

Full Changelog: faisalman/ua-parser-js@2.0.9...2.0.10

Changelog

Sourced from ua-parser-js's changelog.

Version 2.0.10

  • Fix ReDoS vulnerability by limiting Client Hints input length (GHSA-9h5v-pfqq-x599)
  • Add new method useExtension() in UAParser to extend custom detection rules
  • Add new device vendor: Blackview, Coolpad, CUBOT, T-Mobile
  • Improve browser detection: Huawei Browser, UCBrowser
  • Improve OS detection: iOS
  • Identify WebView user-agent as inapp browser
  • extensions submodule:
    • Add new crawler: atlassian-bot, Audisto Crawler, AwarioBot, AwarioRssBot, AwarioSmartBot, BrightEdge Crawler, HubSpot Crawler, Meta-ExternalAds, Meta-WebIndexer, proximic, yacybot
    • Add new fetcher: Feedly, GoogleDocs, UptimeBot, virustotal
    • Add new library: phpcrawl
  • helpers submodule:
    • Fix isElectron() function return itself
Commits
  • 4121c59 Build: Bump version 2.0.10
  • 90354d3 Fix: Prevent ReDoS vulnerability by limiting Client Hints input length (GHSA-...
  • 3baa3bc Test: Increase nyc timeout to fix timeout error
  • 18d39b5 CI: Add GitHub Actions workflow to publish to Docker Hub
  • 58b5a0c Build: Add Dockerfile for container image build
  • 965c20d CI: Update fuzz test
  • ad97fea Build: Set sideEffects=false in package.json for tree shaking (#781)
  • 312598f CI: Add AI and spam detection to pull request workflow
  • 8f9e4dc Test: Fix relative path and update done() callback in CLI test spec
  • eb809ec Chore(license): Add THIRD_PARTY_NOTICES.md for third-party assets
  • Additional commits viewable in compare view

Updates @types/node from 25.9.0 to 25.9.2

Commits

Updates wrangler from 4.95.0 to 4.98.0

Release notes

Sourced from wrangler's releases.

wrangler@4.98.0

Minor Changes

  • #14089 c6c61b5 Thanks @​alsuren! - Add migrations_pattern to D1 database bindings

    The D1 binding now accepts an optional migrations_pattern field, allowing you to point wrangler d1 migrations apply and wrangler d1 migrations list at migration files in nested layouts (e.g. ORM-generated folders like migrations/0000_init/migration.sql).

    migrations_pattern is a glob (relative to the wrangler config file) and defaults to ${migrations_dir}/*.sql, which preserves today's behaviour. Files that do not match the pattern are not executed.

    {
  "d1_databases": [
    {
      "binding": "DB",
      "database_name": "my-db",
      "database_id": "...",
      "migrations_dir": "migrations",
      "migrations_pattern": "migrations/*/migration.sql"
    }
  ]
}

    When no migrations match the configured pattern but files matching the common migrations/*/migration.sql (drizzle-style) layout do exist, Wrangler logs a hint suggesting migrations_pattern as an opt-in.

    wrangler d1 migrations create now returns an actionable error if the generated migration filename would not match the configured pattern.

  • #14153 7a6b1a4 Thanks @​dario-piotrowicz! - Generalize wrangler deploy and wrangler versions upload positional argument from [script] to [path]

    Both wrangler deploy and wrangler versions upload now accept a generic [path] positional argument that can point to either a Worker entry-point file or a directory of static assets. The type is auto-detected. For example:

    • File: wrangler deploy ./src/index.ts deploys a Worker (same as before)
    • Directory: wrangler deploy ./public deploys a static assets site (no interactive confirmation prompt)

    The --script named option is now hidden and deprecated for both commands. It continues to work for backwards compatibility but only accepts file paths. Passing a directory to --script now produces a clear error message suggesting the positional path argument or --assets flag instead.

  • #13863 3b8b80a Thanks @​aslakhellesoy! - getPlatformProxy() now passes through workflow bindings that have a script_name

    Workflows without a script_name are still stripped (and warned about) because the engine for an internal workflow can't run inside the empty proxy worker that backs getPlatformProxy(). Workflows with a script_name are handed to miniflare unchanged; miniflare reroutes the engine's USER_WORKFLOW binding through the dev-registry-proxy when the target worker is running in another Miniflare instance — the same mechanism Durable Objects already use.

    This means SvelteKit/Remix (and similar split-process setups) can call platform.env.MY_WORKFLOW.create({ ... }) directly from their server-side request handlers in dev, as long as the workflow class is exposed by another worker registered in the dev registry.

    Closes #7459.

  • #14164 b502d54 Thanks @​G4brym! - Rename the web_search binding kind to websearch

    Pre-launch rename of the public binding type from web_search to websearch so the on-the-wire shape matches the product name (Web Search). The wrangler config key, the binding-type string sent to the Cloudflare API, and the miniflare option key all move from web_search / webSearch to websearch.

    Update your wrangler config:

... (truncated)

Commits
  • c8c366e Version Packages (#14159)
  • a3eea27 Bump the workerd-and-workers-types group with 2 updates (#14175)
  • d462013 fix: update secret bulk command description to reflect create/update/delete (...
  • acf7817 [wrangler] Show OAuth callback errors instead of hanging on wrangler login ...
  • 7a6b1a4 Generalize wrangler deploy positional argument from [script] to [path] ...
  • c2280cd [wrangler] fix: warn when named env silently inherits custom_domain routes (#...
  • 0bb2d55 In non-interactive mode remove the skills installation message (#14162)
  • c6c61b5 CFSQL-1589 migrations_pattern for configuring recursive migration discovery ...
  • 8400fb9 fix(wrangler): version listing limits (#14165)
  • 7949f81 Skip stale bundles during dev server reload to avoid redundant restarts (#14151)
  • Additional commits viewable in compare view

@dependabot dependabot Bot requested review from mr-cheffy and taroj1205 as code owners June 2, 2026 00:53
@dependabot dependabot Bot added dependabot dependencies Pull requests that update a dependency file labels Jun 2, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/minor-and-patch-adb49bedee branch 2 times, most recently from d4f028b to 8bf56fe Compare June 8, 2026 09:07
@dependabot
chore(deps): bump the minor-and-patch group across 1 directory with 5…
1316607 
… updates

Bumps the minor-and-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [date-fns](https://github.com/date-fns/date-fns) | `4.2.1` | `4.4.0` |
| [turbo](https://github.com/vercel/turborepo) | `2.9.14` | `2.9.16` |
| [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `2.0.9` | `2.0.10` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.0` | `25.9.2` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.95.0` | `4.98.0` |



Updates `date-fns` from 4.2.1 to 4.4.0
- [Release notes](https://github.com/date-fns/date-fns/releases)
- [Commits](date-fns/date-fns@v4.2.1...v4.4.0)

Updates `turbo` from 2.9.14 to 2.9.16
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.9.14...v2.9.16)

Updates `ua-parser-js` from 2.0.9 to 2.0.10
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md)
- [Commits](faisalman/ua-parser-js@2.0.9...2.0.10)

Updates `@types/node` from 25.9.0 to 25.9.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `wrangler` from 4.95.0 to 4.98.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.98.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.9.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: date-fns
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: turbo
  dependency-version: 2.9.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: ua-parser-js
  dependency-version: 2.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: wrangler
  dependency-version: 4.96.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/minor-and-patch-adb49bedee branch from 8bf56fe to 1316607 Compare June 8, 2026 12:12
@taroj1205 taroj1205 merged commit 97b224f into main Jun 9, 2026
10 checks passed
@taroj1205 taroj1205 deleted the dependabot/npm_and_yarn/minor-and-patch-adb49bedee branch June 9, 2026 02:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@taroj1205 taroj1205 taroj1205 approved these changes

@mr-cheffy mr-cheffy Awaiting requested review from mr-cheffy mr-cheffy is a code owner

Assignees

@taroj1205 taroj1205

Labels

dependabot dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@taroj1205