Skip to content

chore(deps): bump the npm_and_yarn group across 4 directories with 18 updates#36551

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/examples/angular-ssr/npm_and_yarn-f73eca9ab4
Closed

chore(deps): bump the npm_and_yarn group across 4 directories with 18 updates#36551
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/examples/angular-ssr/npm_and_yarn-f73eca9ab4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 3 updates in the /examples/angular-ssr directory: @angular/common, hono and undici.
Bumps the npm_and_yarn group with 2 updates in the /examples/astro directory: @astrojs/vercel and astro.
Bumps the npm_and_yarn group with 9 updates in the /examples/vuejs directory:

Package From To
postcss 8.4.35 8.5.19
brace-expansion 1.1.11 1.1.16
minimatch 3.1.2 3.1.5
picomatch 2.3.1 2.3.2
flatted 3.2.9 3.4.2
lodash 4.17.21 4.18.1
rollup 4.10.0 4.62.2
vite 5.1.2 8.1.4
js-yaml 4.1.0 4.3.0

Bumps the npm_and_yarn group with 8 updates in the /starter/nextjs directory:

Package From To
postcss 8.4.47 8.5.10
brace-expansion 1.1.11 1.1.16
picomatch 2.3.1 2.3.2
flatted 3.3.1 3.4.2
next 14.2.16 15.5.18
js-yaml 4.1.0 4.3.0
yaml 2.6.0 2.9.0
tinymce 7.4.1 7.9.3

Updates @angular/common from 20.3.24 to 22.0.6

Release notes

Sourced from @​angular/common's releases.

22.0.6

compiler

Commit Description
fix - fd4ddcafed use regular optional chaining expression for safe function calls in TCBs

compiler-cli

Commit Description
fix - 534fe81a89 apply debugName transform to required signal queries
fix - 3b08201bfb detect uninvoked signals in bound expressions using ternary

forms/signals

Commit Description
fix - 171669f7b2 make extractValue reactive for compat AbstractControl values

migrations

Commit Description
fix - 0a6af1496b preserve transitive NgModule references when pruning
fix - d4a926a762 remove stale model import in model-output migration

router

Commit Description
fix - c238bd2ad7 handle outlet named proto in segment group maps
fix - 8e6d7f7190 use safe hasOwnProperty when parsing query params

22.0.5

common

Commit Description
fix - eb8fb9fe58 use Object.hasOwn in I18nSelectPipe to handle null-prototype and shadowed mappings

compiler-cli

Commit Description
fix - baf09a9939 include toSignal in debugName transform

core

Commit Description
fix - e598dc843f improve input writes migration in best effort mode
fix - ced0180b06 reject dynamic script host elements

router

Commit Description
fix - ca13b42e7c fix malformed jsdoc comment for RouterLinkWithHref export

22.0.4

migrations

Commit Description
fix - fd37f09f37 resolve migration failure when tsconfig specifies rootDir

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

22.0.6 (2026-07-08)

compiler

Commit Type Description
fd4ddcafed fix use regular optional chaining expression for safe function calls in TCBs

compiler-cli

Commit Type Description
534fe81a89 fix apply debugName transform to required signal queries
3b08201bfb fix detect uninvoked signals in bound expressions using ternary

forms/signals

Commit Type Description
171669f7b2 fix make extractValue reactive for compat AbstractControl values

migrations

Commit Type Description
0a6af1496b fix preserve transitive NgModule references when pruning
d4a926a762 fix remove stale model import in model-output migration

router

Commit Type Description
c238bd2ad7 fix handle outlet named proto in segment group maps
8e6d7f7190 fix use safe hasOwnProperty when parsing query params

22.1.0-next.4 (2026-07-01)

common

Commit Type Description
311aff05aa fix use Object.hasOwn in I18nSelectPipe to handle null-prototype and shadowed mappings

compiler

Commit Type Description
292199aa4d fix permissive whitespace parsing in default never blocks

compiler-cli

Commit Type Description
165995285c fix include toSignal in debugName transform

core

Commit Type Description
74638cab84 fix improve input writes migration in best effort mode
d7f70616a0 fix reject dynamic script host elements

router

Commit Type Description
a74801c59c fix fix malformed jsdoc comment for RouterLinkWithHref export

... (truncated)

Commits
  • 748faa4 docs(docs-infra): Add build-time validation for API and guide links using rou...
  • 8e6d7f7 fix(router): use safe hasOwnProperty when parsing query params
  • eb8fb9f fix(common): use Object.hasOwn in I18nSelectPipe to handle null-prototype and...
  • cd8f472 docs: add documentation for HttpClient response body size limit and related e...
  • 8cdc202 fix(http): prevent caching of responses with Set-Cookie headers
  • 6867f77 fix(http): distinguish repeated transfer cache params
  • 6c1f3e9 fix(common): skip transfer cache for uncacheable HTTP traffic (#69316)
  • 7ef1399 fix(http): skip transfer cache for fetch credentialed requests (#69316)
  • 94ea403 fix(common): escape anchor fragment in shadow DOM name selector
  • 2dd65d2 fix(http): pass down the reportUploadProgress and reportDownloadProgress ...
  • Additional commits viewable in compare view

Updates hono from 4.12.23 to 4.12.30

Release notes

Sourced from hono's releases.

v4.12.30

What's Changed

Full Changelog: honojs/hono@v4.12.29...v4.12.30

v4.12.29

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.28...v4.12.29

v4.12.28

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.27...v4.12.28

... (truncated)

Commits
  • b2ae3a2 4.12.30
  • e0cdeb0 fix(method-override): set duplex when forwarding a stream body in query mode ...
  • 653025e fix(client): replaceUrlParam should not match a param that prefixes another (...
  • 67efb27 fix(compress): do not compress 206 Partial Content responses (#5020)
  • a48c8bf fix(cache): deduplicate Cache-Control directives case-insensitively (#5025)
  • 3bb9a0e chore: update to ts6 in prep for ts7 (#5104)
  • d3f97ca chore(benchmark): remove not used benchmarks (#5108)
  • 29a3f73 chore(benchmark/routers): bump deps (#5107)
  • cda1af2 4.12.29
  • 2126289 fix(etag): treat If-None-Match: * as a match (#5084)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for hono since your current version.


Updates piscina from 5.1.3 to 5.2.0

Release notes

Sourced from piscina's releases.

v5.1.4

What's Changed

Full Changelog: piscinajs/piscina@v5.1.3...v5.1.4

Changelog

Sourced from piscina's changelog.

5.2.0 (2026-06-12)

Features

Bug Fixes

  • eagerly spawn workers up to maxThreads on cold-pool burst (#1043) (779c640)
  • include skipQueue in queueSize calculation (#1030) (b7d4d61)
  • interface name and add missing curly brace (#951) (8cd51f2)
  • onWorkerMessage gets skipped in Jest environment (#968) (54de192)

5.1.4 (2025-11-07)

Bug Fixes

Commits
  • 8baaa1b chore(release): 5.2.0
  • 107b09a Merge commit from fork
  • 3eeaa37 docs: correct typo 'maintanance' in CONTRIBUTING.md (#1071)
  • b7d4d61 fix: include skipQueue in queueSize calculation (#1030)
  • 6beabe0 feat: Add idleThreads getter (#1059)
  • e104a89 chore(deps): Bump fast-uri from 3.0.6 to 3.1.2 in /docs in the npm_and_yarn g...
  • 779c640 fix: eagerly spawn workers up to maxThreads on cold-pool burst (#1043)
  • 469cb93 docs: Update Fastify listen() calls to use { port: 3000 } in docs and example...
  • d752afd [Backport v5] chore(deps): docs: Bump lodash from 4.17.23 to 4.18.1 in /docs ...
  • 6ed6284 chores: gh actions least privilege (#1013) (#1015)
  • Additional commits viewable in compare view

Updates undici from 6.26.0 to 6.27.0

Release notes

Sourced from undici's releases.

v6.27.0

⚠️ Security Release

This release line addresses 4 security advisories.

Action required: Upgrade to undici 6.27.0 or later.

npm install undici@^6.27.0

Note on patched version: the v6 fixes shipped in v6.27.0, not 6.26.0v6.26.0 contains only the chunked-EOF fix (#5308) and the version bump, none of the security fixes below.

The v6 line is not affected by the SOCKS5 advisories (GHSA-vmh5-mc38-953g, GHSA-hm92-r4w5-c3mj), the shared-cache disclosure (GHSA-pr7r-676h-xcf6), or the 8.x-only WebSocket regression (GHSA-38rv-x7px-6hhq).

Summary

Advisory CVE Severity (CVSS) Fixed in Fix commit
GHSA-vxpw-j846-p89q CVE-2026-12151 High (7.5) 6.27.0 b7f252e7
GHSA-p88m-4jfj-68fv CVE-2026-9679 Moderate (5.9) 6.27.0 25efa447
GHSA-g8m3-5g58-fq7m CVE-2026-11525 Low (3.7) 6.27.0 25efa447
GHSA-35p6-xmwp-9g52 CVE-2026-6733 Low (3.7) 6.27.0 f4c31d60

High severity

WebSocket DoS via fragment count bypass — CVE-2026-12151

GHSA-vxpw-j846-p89q · CWE-400, CWE-770 Fix: b7f252e7 Backport WebSocket maxPayloadSize fixes (#5423, backported to v6 in #5428)

A malicious WebSocket server can stream a large number of small or empty continuation frames. Undici enforced a limit on cumulative payload size but did not limit the number of fragments per message, leading to unbounded memory growth and denial of service. All releases from 6.17.0 onward are affected.

  • Affected: applications using new WebSocket(...) or WebSocketStream against untrusted endpoints.
  • Workaround: none — upgrade is required.

Moderate severity

HTTP header injection via Set-Cookie percent-decoding — CVE-2026-9679

... (truncated)

Commits

Updates vite from 7.3.2 to 7.3.5

Release notes

Sourced from vite's releases.

v8.1.4

Please refer to CHANGELOG.md for details.

v8.1.3

Please refer to CHANGELOG.md for details.

v8.1.2

Please refer to CHANGELOG.md for details.

v8.1.1

Please refer to CHANGELOG.md for details.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.1.4 (2026-07-09)

Features

Bug Fixes

  • build: add workaround for building on stackblitz (#22840) (575c32c)
  • build: keep import.meta.url in preload function as-is (#22839) (f1f90ed)
  • deps: update all non-major dependencies (#22865) (d4295a9)
  • deps: update rolldown-related dependencies (#22866) (7cf07e4)
  • html: avoid backtracking in import-only check (#22848) (b5868c0)
  • optimizer: avoid optimizer run for transform request before init (#22852) (72a5e21)
  • ssr: align named export function call stacktrace column with Node (#22829) (173a1b6)
  • strip pure CSS chunk imports when chunkImportMap is enabled (#22841) (648bd04)

Documentation

Miscellaneous Chores

  • deps: update dependency postcss-modules to v9 (#22867) (a9539d6)

Code Refactoring

Tests

Build System

8.1.3 (2026-07-02)

Bug Fixes

8.1.2 (2026-06-30)

Bug Fixes

  • deps: revert es-module-lexer to 2.1.0 (#22827) (0d3bd7c)
  • restore, "fix: resolve pnpm .modules.yaml from workspace root instead of cwd (#22757)" (#22825) (efb98cc)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vite since your current version.


Updates @astrojs/vercel from 9.0.5 to 11.0.2

Release notes

Sourced from @​astrojs/vercel's releases.

@​astrojs/vercel@​11.0.2

Patch Changes

  • Updated dependencies [eb6f97e]:
    • @​astrojs/internal-helpers@​0.10.1

@​astrojs/vercel@​11.0.1

Patch Changes

@​astrojs/vercel@​11.0.0

Major Changes

Minor Changes

  • #16335 9a53f77 Thanks @​ascorbic! - Adds a CDN cache provider for Astro route caching on Vercel

    Setup

    Import cacheVercel() from @astrojs/vercel/cache and set it as your cache provider:

    import { defineConfig } from 'astro/config';
    import vercel from '@astrojs/vercel';
    import { cacheVercel } from '@astrojs/vercel/cache';
    export default defineConfig({
    adapter: vercel(),
    cache: {
    provider: cacheVercel(),
    },
    });

    Caching responses

    Use Astro.cache.set() in your pages and API routes to cache responses on Vercel's edge network. The provider sets Vercel-CDN-Cache-Control and Vercel-Cache-Tag headers on responses.

    ---
    Astro.cache.set({ maxAge: 300, tags: ['products'] });
    const data = await fetchProducts();
    ---
    <ProductList items={data} />

... (truncated)

Changelog

Sourced from @​astrojs/vercel's changelog.

11.0.2

Patch Changes

  • Updated dependencies [eb6f97e]:
    • @​astrojs/internal-helpers@​0.10.1

11.0.1

Patch Changes

11.0.0

Major Changes

Minor Changes

  • #16335 9a53f77 Thanks @​ascorbic! - Adds a CDN cache provider for Astro route caching on Vercel

    Setup

    Import cacheVercel() from @astrojs/vercel/cache and set it as your cache provider:

    import { defineConfig } from 'astro/config';
    import vercel from '@astrojs/vercel';
    import { cacheVercel } from '@astrojs/vercel/cache';
    export default defineConfig({
    adapter: vercel(),
    cache: {
    provider: cacheVercel(),
    },
    });

    Caching responses

    Use Astro.cache.set() in your pages and API routes to cache responses on Vercel's edge network. The provider sets Vercel-CDN-Cache-Control and Vercel-Cache-Tag headers on responses.

    ---
    Astro.cache.set({ maxAge: 300, tags: ['products'] });
    const data = await fetchProducts();
    ---

... (truncated)

Commits

Updates astro from 5.18.2 to 7.0.8

Release notes

Sourced from astro's releases.

astro@7.0.8

Patch Changes

  • #17363 3f4efc5 Thanks @​astrobot-houston! - Fixes astro preview --open not opening a browser when using an adapter with a custom preview entrypoint, such as @astrojs/cloudflare

  • #17313 e2e319d Thanks @​ronits2407! - Exposes the AstroRuntimeLogger interface to allow users to properly type the logger functions at runtime.

  • #17328 025cc74 Thanks @​matthewp! - Fixes astro dev --force not replacing an already-running dev server

  • #17353 2bba277 Thanks @​ematipico! - Updates the Astro compiler to the latest version, which fixes many regressions. Refer to the changelog for more details.

  • #17344 79a41e0 Thanks @​adamchal! - Improves rendering performance for pages with many component instances, such as repeated MDX <Content /> components.

  • Updated dependencies [64b0d66]:

    • @​astrojs/markdown-satteri@​0.3.4

astro@7.0.7

Patch Changes

  • #17318 23a4120 Thanks @​astrobot-houston! - Fixes CSS module scoped-name hash mismatch in astro dev when using vite.css.transformer: 'lightningcss' with content collections. Previously, a component importing a CSS module and rendered via content collection render() would get different class name hashes in the element and the injected <style> tag, causing styles not to apply.

  • #17323 4298883 Thanks @​ematipico! - Fixes a dev server memory leak which caused Node.js to emit warnings in the console.

  • #17323 4298883 Thanks @​ematipico! - Fixes a dev server crash when a .html or /index.html suffixed request (such as those netlify dev probes as pretty-URL fallbacks) matched a dynamic endpoint route, causing a TypeError: Missing parameter error

  • #17325 cebc404 Thanks @​astrobot-houston! - Fixes a bug where CSS @import rules could end up mid-stylesheet after inline CSS chunks were merged during build, causing browsers to silently ignore them

  • #17323 4298883 Thanks @​ematipico! - Fixes a build regression that could leave unresolved preload markers in inlined scripts with external dynamic imports

  • Updated dependencies [4298883, 4298883]:

    • @​astrojs/telemetry@​3.3.3

astro@7.0.6

Patch Changes

  • #17261 79aa99c Thanks @​astrobot-houston! - Fixes a false deprecation warning for markdown.gfm and markdown.smartypants when using the Container API

  • #17247 f94280d Thanks @​chatman-media! - Fixes route generation throwing "Missing parameter" (or silently dropping the segment) when a dynamic param's value is 0. The generator used truthy checks instead of checking for undefined, so paginate(posts, { params: { categoryId: 0 } }) would crash even though 0 is a perfectly valid param value.

  • #17278 6f11739 Thanks @​astrobot-houston! - Fixes missing CSS for virtual style modules (e.g., responsive image layout styles) in dev mode when JavaScript is disabled

  • #17250 0b30b35 Thanks Description has been truncated

… updates

Bumps the npm_and_yarn group with 3 updates in the /examples/angular-ssr directory: [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common), [hono](https://github.com/honojs/hono) and [undici](https://github.com/nodejs/undici).
Bumps the npm_and_yarn group with 2 updates in the /examples/astro directory: [@astrojs/vercel](https://github.com/withastro/astro/tree/HEAD/packages/integrations/vercel) and [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).
Bumps the npm_and_yarn group with 9 updates in the /examples/vuejs directory:

| Package | From | To |
| --- | --- | --- |
| [postcss](https://github.com/postcss/postcss) | `8.4.35` | `8.5.19` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.16` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |
| [flatted](https://github.com/WebReflection/flatted) | `3.2.9` | `3.4.2` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |
| [rollup](https://github.com/rollup/rollup) | `4.10.0` | `4.62.2` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.1.2` | `8.1.4` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.3.0` |

Bumps the npm_and_yarn group with 8 updates in the /starter/nextjs directory:

| Package | From | To |
| --- | --- | --- |
| [postcss](https://github.com/postcss/postcss) | `8.4.47` | `8.5.10` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.16` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |
| [next](https://github.com/vercel/next.js) | `14.2.16` | `15.5.18` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.3.0` |
| [yaml](https://github.com/eemeli/yaml) | `2.6.0` | `2.9.0` |
| [tinymce](https://github.com/tinymce/tinymce/tree/HEAD/modules/tinymce) | `7.4.1` | `7.9.3` |



Updates `@angular/common` from 20.3.24 to 22.0.6
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.6/packages/common)

Updates `hono` from 4.12.23 to 4.12.30
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.23...v4.12.30)

Updates `piscina` from 5.1.3 to 5.2.0
- [Release notes](https://github.com/piscinajs/piscina/releases)
- [Changelog](https://github.com/piscinajs/piscina/blob/v5.2.0/CHANGELOG.md)
- [Commits](piscinajs/piscina@v5.1.3...v5.2.0)

Updates `undici` from 6.26.0 to 6.27.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.26.0...v6.27.0)

Updates `vite` from 7.3.2 to 7.3.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `@astrojs/vercel` from 9.0.5 to 11.0.2
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/vercel/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/vercel@11.0.2/packages/integrations/vercel)

Updates `astro` from 5.18.2 to 7.0.8
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.0.8/packages/astro)

Updates `postcss` from 8.4.35 to 8.5.19
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.35...8.5.19)

Updates `brace-expansion` from 1.1.11 to 1.1.16
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.16)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

Updates `flatted` from 3.2.9 to 3.4.2
- [Commits](WebReflection/flatted@v3.2.9...v3.4.2)

Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.18.1)

Updates `rollup` from 4.10.0 to 4.62.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.10.0...v4.62.2)

Updates `vite` from 5.1.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `js-yaml` from 4.1.0 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.3.0)

Updates `yaml` from 2.3.4 to 2.9.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.6.0...v2.9.0)

Updates `postcss` from 8.4.47 to 8.5.10
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.35...8.5.19)

Updates `brace-expansion` from 1.1.11 to 1.1.16
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.16)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

Updates `flatted` from 3.3.1 to 3.4.2
- [Commits](WebReflection/flatted@v3.2.9...v3.4.2)

Updates `next` from 14.2.16 to 15.5.18
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v14.2.16...v15.5.18)

Updates `js-yaml` from 4.1.0 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.3.0)

Updates `yaml` from 2.6.0 to 2.9.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.6.0...v2.9.0)

Updates `tinymce` from 7.4.1 to 7.9.3
- [Changelog](https://github.com/tinymce/tinymce/blob/7.9.3/modules/tinymce/CHANGELOG.md)
- [Commits](https://github.com/tinymce/tinymce/commits/7.9.3/modules/tinymce)

---
updated-dependencies:
- dependency-name: "@angular/common"
  dependency-version: 22.0.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.30
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: piscina
  dependency-version: 5.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@astrojs/vercel"
  dependency-version: 11.0.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: astro
  dependency-version: 7.0.8
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.19
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.62.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.9.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.18
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.9.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tinymce
  dependency-version: 7.9.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 13, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 13, 2026
@github-actions

Copy link
Copy Markdown
Contributor

❌ Issue Linking Required

This PR could not be linked to an issue. All PRs must be linked to an issue for tracking purposes.

How to fix this:

Option 1: Add keyword to PR body (Recommended - auto-removes this comment)
Edit this PR description and add one of these lines:

  • This PR fixes #123 or Fixes: #123

  • This PR closes #123 or Closes: #123

  • This PR resolves #123 or Resolves: #123

  • Other supported keywords: fix, fixed, close, closed, resolve, resolved
    Option 2: Link via GitHub UI (Note: won't clear the failed check)

  1. Go to the PR → Development section (right sidebar)

  2. Click "Link issue" and select an existing issue

  3. Push a new commit or re-run the workflow to clear the failed check
    Option 3: Use branch naming
    Create a new branch with one of these patterns:

  • 123-feature-description (number at start)

  • issue-123-feature-description (issue-number at start)

  • feature-issue-123 (issue-number anywhere)

Why is this required?

Issue linking ensures proper tracking, documentation, and helps maintain project history. It connects your code changes to the problem they solve.---

This comment was automatically generated by the issue linking workflow

@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #36555.

@dependabot dependabot Bot closed this Jul 13, 2026
@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/examples/angular-ssr/npm_and_yarn-f73eca9ab4 branch July 13, 2026 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

0 participants