Skip to content

chore(deps): bump the npm_and_yarn group across 4 directories with 20 updates#36561

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/e2e/dotcms-e2e-node/frontend/npm_and_yarn-5dfa1b77db
Open

chore(deps): bump the npm_and_yarn group across 4 directories with 20 updates#36561
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/e2e/dotcms-e2e-node/frontend/npm_and_yarn-5dfa1b77db

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 6 updates in the /e2e/dotcms-e2e-node/frontend directory:

Package From To
brace-expansion 1.1.11 1.1.16
flatted 3.3.2 3.4.2
form-data 4.0.0 4.0.6
js-yaml 4.1.0 4.3.0
picomatch 2.3.1 4.0.5
ws 8.18.0 8.21.0

Bumps the npm_and_yarn group with 6 updates in the /examples/angular-ssr directory:

Package From To
ws 8.20.1 8.21.0
@angular/common 20.3.24 22.0.6
@angular/compiler 20.3.24 22.0.6
@angular/core 20.3.24 22.0.6
hono 4.12.23 4.12.30
undici 6.26.0 6.27.0

Bumps the npm_and_yarn group with 2 updates in the /examples/astro directory: @astrojs/vercel and astro.
Bumps the npm_and_yarn group with 7 updates in the /starter/nextjs directory:

Package From To
flatted 3.3.1 3.4.2
js-yaml 4.1.0 4.3.0
picomatch 2.3.1 2.3.2
postcss 8.4.47 8.5.10
next 14.2.16 15.5.18
tinymce 7.4.1 7.9.3
yaml 2.6.0 2.9.0

Updates brace-expansion from 1.1.11 to 1.1.16

Release notes

Sourced from brace-expansion's releases.

v1.1.15

  • Backport v5.0.6 change to v1 (#111) 0b09384

juliangruber/brace-expansion@v1.1.14...v1.1.15

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates flatted from 3.3.2 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates form-data from 4.0.0 to 4.0.6

Changelog

Sourced from form-data's changelog.

v4.0.6 - 2026-06-12

Commits

  • [Fix] escape CR, LF, and " in field names and filenames 8dff42c
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape f31d21e
  • [Deps] update hasown, mime-types 92ae0eb
  • [Dev Deps] update js-randomness-predictor 67b0f65

v4.0.5 - 2025-11-17

Commits

  • [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
  • [Dev Deps] update @ljharb/eslint-config, eslint 5822467
  • [Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

... (truncated)

Commits
  • 64190db v4.0.6
  • 92ae0eb [Deps] update hasown, mime-types
  • f31d21e [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape
  • 8dff42c [Fix] escape CR, LF, and " in field names and filenames
  • 67b0f65 [Dev Deps] update js-randomness-predictor
  • 68ff7dd v4.0.5
  • 5822467 [Dev Deps] update @ljharb/eslint-config, eslint
  • 76d0dee [Fix] set Symbol.toStringTag in the proper place
  • 16e0076 [Tests] Switch to newer v8 prediction library; enable node 24 testing
  • 41996f5 v4.0.4
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.


Updates js-yaml from 4.1.0 to 4.3.0

Changelog

Sourced from js-yaml's changelog.

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.

... (truncated)

Commits
  • 33d05b5 4.3.0 released
  • 663bfab Drop demo publish, to not override new v5 one.
  • 1cb8c7b Add v4-legacy tag for publish
  • 02f27af Restore umd builds back to es5
  • 8be84ed Fix es5 compatibility
  • 59423c6 Replace maxMergeSeqLength option with maxTotalMergeKeys (more robust). Ba...
  • 6842ef6 doc polish
  • 590dbab 4.2.0 released
  • f944dc5 Add package.json funding field
  • f692719 Changelog update
  • Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 4.0.5

Release notes

Sourced from picomatch's releases.

4.0.5

What's Changed

New Contributors

Full Changelog: micromatch/picomatch@4.0.4...4.0.5

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

4.0.3

What's Changed

New Contributors

Full Changelog: micromatch/picomatch@4.0.2...4.0.3

3.0.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@3.0.1...3.0.2

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits
  • 4f41a8e 4.0.5
  • 02cfc1b Update .verb.md and run verb to generate README documentation
  • cc52ff6 Only run the upload code coverage step for 1 matrix permutation
  • 6d426d7 Allow workflow to continue if the code coverage step to fails
  • a00b954 Merge branch 'codeql-coverage'
  • 9680381 Merge pull request #183 from MerlijnW70/fix/matchbase-windows-basename
  • 648b4f2 Merge pull request #182 from MerlijnW70/fix/repeated-extglob-drops-branches
  • 70e6485 Configure code coverage upload for CodeQL
  • ab8bc4d fix: honor the windows option when matching basenames
  • 6289307 fix: preserve all branches when rewriting risky repeated extglobs
  • Additional commits viewable in compare view

Updates ws from 8.18.0 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

8.20.1

... (truncated)

Commits
  • bca91ad [dist] 8.21.0
  • 2b2abd4 [security] Limit retained message parts
  • 78eabe2 [security] Add latest vulnerability to SECURITY.md
  • 5d9b316 [dist] 8.20.1
  • c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
  • ce2a3d6 [ci] Test on node 26
  • 58e45b8 [ci] Do not test on node 25
  • 5f26c24 [ci] Run the lint step on node 24
  • 8439255 [dist] 8.20.0
  • d3503c1 [minor] Export the PerMessageDeflate class and header utils
  • Additional commits viewable in compare view

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

8.20.1

... (truncated)

Commits
  • bca91ad [dist] 8.21.0
  • 2b2abd4 [security] Limit retained message parts
  • 78eabe2 [security] Add latest vulnerability to SECURITY.md
  • 5d9b316 [dist] 8.20.1
  • c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
  • ce2a3d6 [ci] Test on node 26
  • 58e45b8 [ci] Do not test on node 25
  • 5f26c24 [ci] Run the lint step on node 24
  • 8439255 [dist] 8.20.0
  • d3503c1 [minor] Export the PerMessageDeflate class and header utils
  • Additional commits viewable in compare view

Updates @angular/common from 20.3.24 to 22.0.6

Release notes

Sourced from @​angular/common's releases.

22.0.6

compiler

Commit Description
fix - fd4ddcafed use regular optional chaining expression for safe function calls in TCBs

compiler-cli

Commit Description
fix - 534fe81a89 apply debugName transform to required signal queries
fix - 3b08201bfb detect uninvoked signals in bound expressions using ternary

forms/signals

Commit Description
fix - 171669f7b2 make extractValue reactive for compat AbstractControl values

migrations

Commit Description
fix - 0a6af1496b preserve transitive NgModule references when pruning
fix - d4a926a762 remove stale model import in model-output migration

router

Commit Description
fix - c238bd2ad7 handle outlet named proto in segment group maps
fix - 8e6d7f7190 use safe hasOwnProperty when parsing query params

22.0.5

common

Commit Description
fix - eb8fb9fe58 use Object.hasOwn in I18nSelectPipe to handle null-prototype and shadowed mappings

compiler-cli

Commit Description
fix - baf09a9939 include toSignal in debugName transform

core

Commit Description
fix - e598dc843f improve input writes migration in best effort mode
fix - ced0180b06 reject dynamic script host elements

router

Commit Description
fix - ca13b42e7c fix malformed jsdoc comment for RouterLinkWithHref export

22.0.4

migrations

Commit Description
fix - fd37f09f37 resolve migration failure when tsconfig specifies rootDir

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

22.0.6 (2026-07-08)

compiler

Commit Type Description
fd4ddcafed fix use regular optional chaining expression for safe function calls in TCBs

compiler-cli

Commit Type Description
534fe81a89 fix apply debugName transform to required signal queries
3b08201bfb fix detect uninvoked signals in bound expressions using ternary

forms/signals

Commit Type Description
171669f7b2 fix make extractValue reactive for compat AbstractControl values

migrations

Commit Type Description
0a6af1496b fix preserve transitive NgModule references when pruning
d4a926a762 fix remove stale model import in model-output migration

router

Commit Type Description
c238bd2ad7 fix handle outlet named proto in segment group maps
8e6d7f7190 fix use safe hasOwnProperty when parsing query params

22.1.0-next.4 (2026-07-01)

common

Commit Type Description
311aff05aa fix use Object.hasOwn in I18nSelectPipe to handle null-prototype and shadowed mappings

compiler

Commit Type Description
292199aa4d fix permissive whitespace parsing in default never blocks

compiler-cli

Commit Type Description
165995285c fix include toSignal in debugName transform

core

Commit Type Description
74638cab84 fix improve input writes migration in best effort mode
d7f70616a0 fix reject dynamic script host elements

router

Commit Type Description
a74801c59c fix fix malformed jsdoc comment for RouterLinkWithHref export

... (truncated)

Commits
  • 748faa4 docs(docs-infra): Add build-time validation for API and guide links using rou...
  • 8e6d7f7 fix(router): use safe hasOwnProperty when parsing query params
  • eb8fb9f fix(common): use Object.hasOwn in I18nSelectPipe to handle null-prototype and...
  • cd8f472 docs: add documentation for HttpClient response body size limit and related e...
  • 8cdc202 fix(http): prevent caching of responses with Set-Cookie headers
  • 6867f77 fix(http): distinguish repeated transfer cache params
  • 6c1f3e9 fix(common): skip transfer cache for uncacheable HTTP traffic (#69316)
  • 7ef1399 fix(http): skip transfer cache for fetch credentialed requests (#69316)
  • 94ea403 fix(common): escape anchor fragment in shadow DOM name selector
  • 2dd65d2 fix(http): pass down the reportUploadProgress and reportDownloadProgress ...
  • Additional commits viewable in compare view

Updates @angular/compiler from 20.3.24 to 22.0.6

Release notes

Sourced from @​angular/compiler's releases.

22.0.6

compiler

Commit Description
fix - fd4ddcafed use regular optional chaining expression for safe function calls in TCBs

compiler-cli

Commit Description
fix - 534fe81a89 apply debugName transform to required signal queries
fix - 3b08201bfb detect uninvoked signals in bound expressions using ternary

forms/signals

Commit Description
fix - 171669f7b2 make extractValue reactive for compat AbstractControl values

migrations

Commit Description
fix - 0a6af1496b preserve transitive NgModule references when pruning
fix - d4a926a762 remove stale model import in model-output migration

router

Commit Description
fix - c238bd2ad7 handle outlet named proto in segment group maps
fix - 8e6d7f7190 use safe hasOwnProperty when parsing query params

22.0.5

common

Commit Description
fix - eb8fb9fe58 use Object.hasOwn in I18nSelectPipe to handle null-prototype and shadowed mappings

compiler-cli

Commit Description
fix - baf09a9939 include toSignal in debugName transform

core

Commit Description
fix - e598dc843f improve input writes migration in best effort mode
fix - ced0180b06 reject dynamic script host elements

router

Commit Description
fix - ca13b42e7c fix malformed jsdoc comment for RouterLinkWithHref export

22.0.4

migrations

Commit Description
fix - fd37f09f37 resolve migration failure when tsconfig specifies rootDir

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

22.0.6 (2026-07-08)

compiler

Commit Type Description
fd4ddcafed fix use regular optional chaining expression for safe function calls in TCBs

compiler-cli

Commit Type Description
534fe81a89 fix apply debugName transform to required signal queries
3b08201bfb fix detect uninvoked signals in bound expressions using ternary

forms/signals

Commit Type Description
171669f7b2 fix make extractValue reactive for compat AbstractControl values

migrations

Commit Type Description
0a6af1496b fix preserve transitive NgModule references when pruning
d4a926a762 fix remove stale model import in model-output migration

router

Commit Type Description
c238bd2ad7 fix handle outlet named proto in segment group maps
8e6d7f7190 fix use safe hasOwnProperty when parsing query params

22.1.0-next.4 (2026-07-01)

common

Commit Type Description
311aff05aa fix use Object.hasOwn in I18nSelectPipe to handle null-prototype and shadowed mappings

compiler

Commit Type Description
292199aa4d fix permissive whitespace parsing in default never blocks

compiler-cli

Commit Type Description
165995285c fix include toSignal in debugName transform

core

Commit Type Description
74638cab84 fix improve input writes migration in best effort mode
d7f70616a0 fix reject dynamic script host elements

router

Commit Type Description
a74801c59c fix fix malformed jsdoc comment for RouterLinkWithHref export

... (truncated)

Commits
  • fd4ddca fix(compiler): use regular optional chaining expression for safe function cal...
  • b5ea340 refactor(compiler): remove visitAttributeComment
  • f4f7f37 fix(compiler): remove unused import breaking CI in 22.0.x
  • f90c20d fix(compiler): account for NgModule dependencies in JIT-compiled partial decl...
  • 489d170 refactor(compiler): desable the legacy template syntax
  • 39001be refactor(compiler): Move the attribute comment to the HTML AST
  • 74f2b91 refactor(compiler): correct TcbInvalidReferenceOp initializer
  • b32ee7c fix(core): treat iframe credentialless as security-sensitive
  • f309727 refactor(compiler): Collect in-element comments
  • 6f11719 fix(compiler): restrict possible event handler check to property names longer...
  • Additional commits viewable in compare view

Updates @angular/core from 20.3.24 to 22.0.6

Release notes

Sourced from @​angular/core's releases.

22.0.6

compiler

Commit Description
fix - fd4ddcafed use regular optional chaining expression for safe function calls in TCBs

compiler-cli

Commit Description
fix - 534fe81a89 apply debugName transform to required signal queries
fix - 3b08201bfb detect uninvoked signals in bound expressions using ternary

forms/signals

Commit Description
fix - 171669f7b2 make extractValue reactive for compat AbstractControl values

migrations

Commit Description
fix - 0a6af1496b preserve transitive NgModule references when pruning
fix - d4a926a762 remove stale model import in model-output migration

router

Commit Description
fix - c238bd2ad7 handle outlet named proto in segment group maps
fix - 8e6d7f7190 use safe hasOwnProperty when parsing query params

22.0.5

common

Commit Description
fix - eb8fb9fe58 use Object.hasOwn in I18nSelectPipe to handle null-prototype and shadowed mappings

compiler-cli

Commit Description
fix - baf09a9939 include toSignal in debugName transform

core

Commit Description
fix - e598dc843f improve input writes migration in best effort mode
fix - ced0180b06 reject dynamic script host elements

router

Commit Description
fix - ca13b42e7c fix malformed jsdoc comment for RouterLinkWithHref export

22.0.4

migrations

Commit Description
fix - fd37f09f37 resolve migration failure when tsconfig specifies rootDir

....

Description has been truncated

… updates

Bumps the npm_and_yarn group with 6 updates in the /e2e/dotcms-e2e-node/frontend directory:

| Package | From | To |
| --- | --- | --- |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.16` |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |
| [form-data](https://github.com/form-data/form-data) | `4.0.0` | `4.0.6` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.3.0` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `4.0.5` |
| [ws](https://github.com/websockets/ws) | `8.18.0` | `8.21.0` |

Bumps the npm_and_yarn group with 6 updates in the /examples/angular-ssr directory:

| Package | From | To |
| --- | --- | --- |
| [ws](https://github.com/websockets/ws) | `8.20.1` | `8.21.0` |
| [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `20.3.24` | `22.0.6` |
| [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `20.3.24` | `22.0.6` |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `20.3.24` | `22.0.6` |
| [hono](https://github.com/honojs/hono) | `4.12.23` | `4.12.30` |
| [undici](https://github.com/nodejs/undici) | `6.26.0` | `6.27.0` |

Bumps the npm_and_yarn group with 2 updates in the /examples/astro directory: [@astrojs/vercel](https://github.com/withastro/astro/tree/HEAD/packages/integrations/vercel) and [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).
Bumps the npm_and_yarn group with 7 updates in the /starter/nextjs directory:

| Package | From | To |
| --- | --- | --- |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.3.0` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |
| [postcss](https://github.com/postcss/postcss) | `8.4.47` | `8.5.10` |
| [next](https://github.com/vercel/next.js) | `14.2.16` | `15.5.18` |
| [tinymce](https://github.com/tinymce/tinymce/tree/HEAD/modules/tinymce) | `7.4.1` | `7.9.3` |
| [yaml](https://github.com/eemeli/yaml) | `2.6.0` | `2.9.0` |



Updates `brace-expansion` from 1.1.11 to 1.1.16
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.16)

Updates `flatted` from 3.3.2 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.2...v3.4.2)

Updates `form-data` from 4.0.0 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.0...v4.0.6)

Updates `js-yaml` from 4.1.0 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.3.0)

Updates `picomatch` from 2.3.1 to 4.0.5
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...4.0.5)

Updates `ws` from 8.18.0 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.18.0...8.21.0)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.18.0...8.21.0)

Updates `@angular/common` from 20.3.24 to 22.0.6
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.6/packages/common)

Updates `@angular/compiler` from 20.3.24 to 22.0.6
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.6/packages/compiler)

Updates `@angular/core` from 20.3.24 to 22.0.6
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.6/packages/core)

Updates `@angular/core` from 20.3.24 to 22.0.6
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.6/packages/core)

Updates `@babel/core` from 7.28.3 to 7.29.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-core)

Updates `hono` from 4.12.23 to 4.12.30
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.23...v4.12.30)

Updates `piscina` from 5.1.3 to 5.2.0
- [Release notes](https://github.com/piscinajs/piscina/releases)
- [Changelog](https://github.com/piscinajs/piscina/blob/v5.2.0/CHANGELOG.md)
- [Commits](piscinajs/piscina@v5.1.3...v5.2.0)

Updates `undici` from 6.26.0 to 6.27.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.26.0...v6.27.0)

Updates `vite` from 7.3.2 to 7.3.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.5/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.5/packages/vite)

Updates `@astrojs/vercel` from 9.0.5 to 11.0.3
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/vercel/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/vercel@11.0.3/packages/integrations/vercel)

Updates `astro` from 5.18.2 to 7.0.9
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.0.9/packages/astro)

Updates `flatted` from 3.3.1 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.2...v3.4.2)

Updates `js-yaml` from 4.1.0 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.3.0)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...4.0.5)

Updates `postcss` from 8.4.47 to 8.5.10
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.47...8.5.10)

Updates `next` from 14.2.16 to 15.5.18
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v14.2.16...v15.5.18)

Updates `tinymce` from 7.4.1 to 7.9.3
- [Changelog](https://github.com/tinymce/tinymce/blob/7.9.3/modules/tinymce/CHANGELOG.md)
- [Commits](https://github.com/tinymce/tinymce/commits/7.9.3/modules/tinymce)

Updates `yaml` from 2.6.0 to 2.9.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.6.0...v2.9.0)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 4.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@angular/common"
  dependency-version: 22.0.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/compiler"
  dependency-version: 22.0.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/core"
  dependency-version: 22.0.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/core"
  dependency-version: 22.0.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/core"
  dependency-version: 7.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.30
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: piscina
  dependency-version: 5.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@astrojs/vercel"
  dependency-version: 11.0.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: astro
  dependency-version: 7.0.9
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.18
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: tinymce
  dependency-version: 7.9.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.9.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 13, 2026
@github-actions

Copy link
Copy Markdown
Contributor

❌ Issue Linking Required

This PR could not be linked to an issue. All PRs must be linked to an issue for tracking purposes.

How to fix this:

Option 1: Add keyword to PR body (Recommended - auto-removes this comment)
Edit this PR description and add one of these lines:

  • This PR fixes #123 or Fixes: #123

  • This PR closes #123 or Closes: #123

  • This PR resolves #123 or Resolves: #123

  • Other supported keywords: fix, fixed, close, closed, resolve, resolved
    Option 2: Link via GitHub UI (Note: won't clear the failed check)

  1. Go to the PR → Development section (right sidebar)

  2. Click "Link issue" and select an existing issue

  3. Push a new commit or re-run the workflow to clear the failed check
    Option 3: Use branch naming
    Create a new branch with one of these patterns:

  • 123-feature-description (number at start)

  • issue-123-feature-description (issue-number at start)

  • feature-issue-123 (issue-number anywhere)

Why is this required?

Issue linking ensures proper tracking, documentation, and helps maintain project history. It connects your code changes to the problem they solve.---

This comment was automatically generated by the issue linking workflow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

Status: No status

Development

Successfully merging this pull request may close these issues.

0 participants