Bump the npm_and_yarn group across 4 directories with 32 updates #11

dependabot · 2025-04-29T02:06:39Z

Bumps the npm_and_yarn group with 24 updates in the / directory:

Package	From	To
@babel/traverse	`7.11.0`	`7.23.2`
minimatch	`3.0.4`	`3.0.5`
minimist	`1.2.3`	`1.2.6`
semver	`6.3.1`	`7.5.2`
undici	`5.28.4`	`5.28.5`
cross-spawn	`5.1.0`	`6.0.6`
electron	`23.1.2`	`24.8.5`
shell-quote	`1.7.1`	`1.7.3`
ws	`7.5.10`	`8.18.1`
webpack	`5.82.1`	`5.94.0`
@babel/runtime	`7.11.2`	`7.26.10`
json5	`2.1.3`	`2.2.2`
bl	`1.2.1`	`1.2.3`
dot-prop	`4.2.0`	`4.2.1`
fast-xml-parser	`3.19.0`	`3.21.1`
http-proxy-middleware	`2.0.6`	`2.0.9`
ini	`1.3.5`	`1.3.8`
loader-utils	`1.2.3`	`1.4.2`
nanoid	`3.3.7`	`3.3.11`
tar-fs	`1.16.0`	`1.16.4`
thenify	`3.3.0`	`3.3.1`
websocket-extensions	`0.1.3`	`0.1.4`
xml2js	`0.4.19`	`0.4.23`
y18n	`4.0.0`	`4.0.3`

Bumps the npm_and_yarn group with 8 updates in the /scripts/bench directory:

Package	From	To
minimatch	`3.0.4`	`3.1.2`
minimist	`1.2.5`	`1.2.6`
chrome-launcher	`0.10.5`	`0.13.2`
debug	`2.6.8`	`2.6.9`
dot-prop	`4.2.0`	`4.2.1`
ini	`1.3.4`	`1.3.8`
mime	`1.6.0`	`4.0.7`
y18n	`3.2.1`	`3.2.2`

Bumps the npm_and_yarn group with 1 update in the /scripts/devtools directory: semver.
Bumps the npm_and_yarn group with 5 updates in the /scripts/release directory:

Package	From	To
minimatch	`3.0.4`	`3.0.8`
semver	`5.4.1`	`5.7.2`
ansi-regex	`3.0.0`	`3.0.1`
deep-extend	`0.5.0`	`0.5.1`
puppeteer	`1.11.0`	`24.7.2`

Updates @babel/traverse from 7.11.0 to 7.23.2

Release notes

Sourced from @babel/traverse's releases.

v7.23.2 (2023-10-11)

NOTE: This release also re-publishes @babel/core, even if it does not appear in the linked release commit.

Thanks @jimmydief for your first PR!

🐛 Bug Fix

babel-traverse

#16033 Only evaluate own String/Number/Math methods (@nicolo-ribaudo)

babel-preset-typescript

#16022 Rewrite .tsx extension when using rewriteImportExtensions (@jimmydief)

babel-helpers

#16017 Fix: fallback to typeof when toString is applied to incompatible object (@JLHwung)

babel-helpers, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16025 Avoid override mistake in namespace imports (@nicolo-ribaudo)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

James Diefenderfer (@jimmydief)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.23.1 (2023-09-25)

Re-publishing @babel/helpers due to a publishing error in 7.23.0.

v7.23.0 (2023-09-25)

Thanks @lorenzoferre and @RajShukla1 for your first PRs!

🚀 New Feature

babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-import-source, babel-plugin-transform-dynamic-import

#15870 Support transforming import source for wasm (@nicolo-ribaudo)

babel-helper-module-transforms, babel-helpers, babel-plugin-proposal-import-defer, babel-plugin-syntax-import-defer, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

#15878 Implement import defer proposal transform support (@nicolo-ribaudo)

babel-generator, babel-parser, babel-types

#15845 Implement import defer parsing support (@nicolo-ribaudo)

#15829 Add parsing support for the "source phase imports" proposal (@nicolo-ribaudo)

babel-generator, babel-helper-module-transforms, babel-parser, babel-plugin-transform-dynamic-import, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-traverse, babel-types

#15682 Add createImportExpressions parser option (@JLHwung)

babel-standalone

#15671 Pass through nonce to the transformed script element (@JLHwung)

babel-helper-function-name, babel-helper-member-expression-to-functions, babel-helpers, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-optional-chaining-assign, babel-plugin-syntax-optional-chaining-assign, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone, babel-types

#15751 Add support for optional chain in assignments (@nicolo-ribaudo)

babel-helpers, babel-plugin-proposal-decorators

#15895 Implement the "decorator metadata" proposal (@nicolo-ribaudo)

babel-traverse, babel-types

#15893 Add t.buildUndefinedNode (@liuxingbaoyu)

babel-preset-typescript

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.23.2 (2023-10-11)

🐛 Bug Fix

babel-traverse

#16033 Only evaluate own String/Number/Math methods (@nicolo-ribaudo)

babel-preset-typescript

#16022 Rewrite .tsx extension when using rewriteImportExtensions (@jimmydief)

babel-helpers

#16017 Fix: fallback to typeof when toString is applied to incompatible object (@JLHwung)

babel-helpers, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16025 Avoid override mistake in namespace imports (@nicolo-ribaudo)

v7.23.0 (2023-09-25)

🚀 New Feature

babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-import-source, babel-plugin-transform-dynamic-import

#15870 Support transforming import source for wasm (@nicolo-ribaudo)

babel-helper-module-transforms, babel-helpers, babel-plugin-proposal-import-defer, babel-plugin-syntax-import-defer, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

#15878 Implement import defer proposal transform support (@nicolo-ribaudo)

babel-generator, babel-parser, babel-types

#15845 Implement import defer parsing support (@nicolo-ribaudo)

#15829 Add parsing support for the "source phase imports" proposal (@nicolo-ribaudo)

babel-generator, babel-helper-module-transforms, babel-parser, babel-plugin-transform-dynamic-import, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-traverse, babel-types

#15682 Add createImportExpressions parser option (@JLHwung)

babel-standalone

#15671 Pass through nonce to the transformed script element (@JLHwung)

babel-helper-function-name, babel-helper-member-expression-to-functions, babel-helpers, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-optional-chaining-assign, babel-plugin-syntax-optional-chaining-assign, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone, babel-types

#15751 Add support for optional chain in assignments (@nicolo-ribaudo)

babel-helpers, babel-plugin-proposal-decorators

#15895 Implement the "decorator metadata" proposal (@nicolo-ribaudo)

babel-traverse, babel-types

#15893 Add t.buildUndefinedNode (@liuxingbaoyu)

babel-preset-typescript

#15913 Add rewriteImportExtensions option to TS preset (@nicolo-ribaudo)

babel-parser

#15896 Allow TS tuples to have both labeled and unlabeled elements (@yukukotani)

🐛 Bug Fix

babel-plugin-transform-block-scoping

#15962 fix: transform-block-scoping captures the variables of the method in the loop (@liuxingbaoyu)

💅 Polish

babel-traverse

#15797 Expand evaluation of global built-ins in @babel/traverse (@lorenzoferre)

babel-plugin-proposal-explicit-resource-management

#15985 Improve source maps for blocks with using declarations (@nicolo-ribaudo)

🔬 Output optimization

babel-core, babel-helper-module-transforms, babel-plugin-transform-async-to-generator, babel-plugin-transform-classes, babel-plugin-transform-dynamic-import, babel-plugin-transform-function-name, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd, babel-plugin-transform-parameters, babel-plugin-transform-react-constant-elements, babel-plugin-transform-react-inline-elements, babel-plugin-transform-runtime, babel-plugin-transform-typescript, babel-preset-env

#15984 Inline exports.XXX = update in simple variable declarations (@nicolo-ribaudo)

v7.22.20 (2023-09-16)

... (truncated)

Commits

b4b9942 v7.23.2
b13376b Only evaluate own String/Number/Math methods (#16033)
ca58ec1 v7.23.0
0f333da Add createImportExpressions parser option (#15682)
3744545 Fix linting
c7e6806 Add t.buildUndefinedNode (#15893)
38ee8b4 Expand evaluation of global built-ins in @babel/traverse (#15797)
9f3dfd9 v7.22.20
3ed28b2 Fully support || and && in pluginToggleBooleanFlag (#15961)
77b0d73 v7.22.19
Additional commits viewable in compare view

Updates minimatch from 3.0.4 to 3.0.5

Commits

707e1b2 3.0.5
a8763f4 Improve redos protection, add many tests
bafa295 Use master branch for travis badge
013d64d update travis
See full diff in compare view

Updates minimist from 1.2.3 to 1.2.6

Changelog

Sourced from minimist's changelog.

v1.2.6 - 2022-03-21

Commits

test from prototype pollution PR bc8ecee

isConstructorOrProto adapted from PR c2b9819

security notice for additional prototype pollution issue ef88b93

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

security notice 4cf1354

additional test for constructor prototype pollution 1043d21

Commits

7efb22a 1.2.6
ef88b93 security notice for additional prototype pollution issue
c2b9819 isConstructorOrProto adapted from PR
bc8ecee test from prototype pollution PR
aeb3e27 1.2.5
278677b 1.2.4
4cf1354 security notice
1043d21 additional test for constructor prototype pollution
See full diff in compare view

Updates semver from 6.3.1 to 7.5.2

Release notes

Sourced from semver's releases.

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

58c791f #566 diff when detecting major change from prerelease (#566) (@lukekarrys)

5c8efbc #565 preserve build in raw after inc (#565) (@lukekarrys)

717534e #564 better handling of whitespace (#564) (@lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

d30d25a #559 show type on invalid semver error (#559) (@tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

503a4e5 #548 allow identifierBase to be false (#548) (@lsvalina)

Bug Fixes

e219bb4 #552 throw on bad version with correct error message (#552) (@wraithgar)

fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@tjenkinson)

2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@macno)

v7.4.0

7.4.0 (2023-04-10)

Features

113f513 #532 identifierBase parameter for .inc (#532) (@wraithgar, @b-bly)

48d8f8f #530 export new RELEASE_TYPES constant (@hcharley)

Bug Fixes

940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@wraithgar)

aa516b5 #535 faster parse options (#535) (@H4ad)

61e6ea1 #536 faster cache key factory for range (#536) (@H4ad)

f8b8b61 #541 optimistic parse (#541) (@H4ad)

796cbe2 #533 semver.diff prerelease to release recognition (#533) (@wraithgar, @dominique-blockchain)

3f222b1 #537 reuse comparators on subset (#537) (@H4ad)

f66cc45 #539 faster diff (#539) (@H4ad)

Documentation

c5d29df #530 Add "Constants" section to README (@hcharley)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.2 (2023-06-15)

Bug Fixes

58c791f #566 diff when detecting major change from prerelease (#566) (@lukekarrys)

5c8efbc #565 preserve build in raw after inc (#565) (@lukekarrys)

717534e #564 better handling of whitespace (#564) (@lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

d30d25a #559 show type on invalid semver error (#559) (@tjenkinson)

7.5.0 (2023-04-17)

Features

503a4e5 #548 allow identifierBase to be false (#548) (@lsvalina)

Bug Fixes

e219bb4 #552 throw on bad version with correct error message (#552) (@wraithgar)

fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@tjenkinson)

2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@macno)

7.4.0 (2023-04-10)

Features

113f513 #532 identifierBase parameter for .inc (#532) (@wraithgar, @b-bly)

48d8f8f #530 export new RELEASE_TYPES constant (@hcharley)

Bug Fixes

940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@wraithgar)

aa516b5 #535 faster parse options (#535) (@H4ad)

61e6ea1 #536 faster cache key factory for range (#536) (@H4ad)

f8b8b61 #541 optimistic parse (#541) (@H4ad)

796cbe2 #533 semver.diff prerelease to release recognition (#533) (@wraithgar, @dominique-blockchain)

3f222b1 #537 reuse comparators on subset (#537) (@H4ad)

f66cc45 #539 faster diff (#539) (@H4ad)

Documentation

c5d29df #530 Add "Constants" section to README (@hcharley)

7.3.8 (2022-10-04)

Bug Fixes

... (truncated)

Commits

e7b78de chore: release 7.5.2
58c791f fix: diff when detecting major change from prerelease (#566)
5c8efbc fix: preserve build in raw after inc (#565)
717534e fix: better handling of whitespace (#564)
2f738e9 chore: bump @npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
aa016a6 chore: release 7.5.1
d30d25a fix: show type on invalid semver error (#559)
09c69e2 chore: bump @npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
5b02ad7 chore: release 7.5.0
e219bb4 fix: throw on bad version with correct error message (#552)
Additional commits viewable in compare view

Updates undici from 5.28.4 to 5.28.5

Release notes

Sourced from undici's releases.

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

Commits

6139ed2 Bumped v5.28.5
711e207 Backport of c2d78cd
See full diff in compare view

Updates cross-spawn from 5.1.0 to 6.0.6

Changelog

Sourced from cross-spawn's changelog.

6.0.6 (2024-11-18)

Bug Fixes

disable regexp backtracking (#160) (ba5aaef)

core: support worker threads (#127) (f4af31c)

6.0.5 (2018-03-02)

Bug Fixes

avoid using deprecated Buffer constructor (#94) (d5770df), closes /nodejs.org/api/deprecations.html#deprecations_dep0005

6.0.4 (2018-01-31)

Bug Fixes

fix paths being incorrectly normalized on unix (06ee3c6), closes #90

6.0.3 (2018-01-23)

6.0.2 (2018-01-23)

6.0.1 (2018-01-23)

6.0.0 (2018-01-23)

Bug Fixes

... (truncated)

Commits

d35c865 chore(release): 6.0.6
5a37e19 chore: update package.json and package.lock
ba5aaef fix: disable regexp backtracking (#160)
f4af31c fix(core): support worker threads (#127)
301187a chore(release): 6.0.5
ae85d40 chore: fix linting errors
d5770df fix: avoid using deprecated Buffer constructor (#94)
6b64987 chore(package): update lint-staged to version 7.0.0 (#93)
39166eb chore: update eslint-config-moxy dependency
213aa43 Merge pull request #92 from moxystudio/greenkeeper/eslint-config-moxy-5.0.0
Additional commits viewable in compare view

Updates electron from 23.1.2 to 24.8.5

Commits

543f7c3 chore: cherry-pick 3fbd1dca6a4d from libvpx (#40025)
e51dee4 fix: use generic capturer to list both screens and windows when possible (#39...
384f44d ci: fix linux builds of forks (#39942)
edb117a build: use afs on aks instead of circle cache (#39913)
3f864b2 build: fixup autoninja (#39901)
97bf8c8 build: run on circle hosts for forks (#39864)
4a9b367 build: use aks backed runners for linux builds (#39837)
0508e25 chore: cherry-pick b2eab7500a18 from chromium (#39826)
0641412 fix: ensure app load is limited to real asar files when appropriate (#39810)
c574fed chore: cherry-pick 3 changes from Release-3-M116 (#39757)
Additional commits viewable in compare view

Updates shell-quote from 1.7.1 to 1.7.3

Changelog

Sourced from shell-quote's changelog.

v1.7.3 - 2021-10-20

Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the quoting rules. (CVE-2021-42740)

v1.7.2 - 2019-08-30

Fix a regression introduced in 1.6.3. This reverts the Windows path quoting fix. (144e1c2)

Commits

6a8a899 1.7.3
5799416 fix for security issue with windows drive letter regex
c7de931 Add security.md
414853f Update readme.markdown (#43)
0fc4a97 use Github Actions (#42)
89a1993 1.7.2
df7e4c7 add test for #37
144e1c2 revert windows path unescaping, fixes #37
c24f3aa ci: nvs does not have iojs
See full diff in compare view

Updates ws from 7.5.10 to 8.18.1

Release notes

Sourced from ws's releases.

8.18.1

Bug fixes

The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

8.18.0

Features

Added support for Blob (#2229).

8.17.1

Bug fixes

Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
</tr></table>

... (truncated)

Commits

b92745a [dist] 8.18.1
b3d9747 [doc] Fix nit
021f7b8 [test] Shorten the path lengths
b9ca55b [pkg] Update eslint-config-prettier to version 10.0.1
c798dd4 [doc] Fix typo (#2271)
6861472 [ci] Test on node 23
019f28f [minor] Improve JSDoc-inferred types (#2242)
bfe1b2a [doc] Remove unnecessary period (#2240)
f7dc469 [doc] Fix the type of the data argument
976c53c [dist] 8.18.0
Additional commits viewable in compare view

Updates webpack from 5.82.1 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

Added runtime condition for harmony reexport checked

Handle properly data/http/https protocols in source maps

Make bigint optimistic when browserslist not found

Move @types/eslint-scope to dev deps

Related in asset stats is now always an array when no related found

Handle ASI for export declarations

Mangle destruction incorrect with export named default properly

Fixed unexpected asi generation with sequence expression

Fixed a lot of types

New Features

Added new external type "module-import"

Support webpackIgnore for new URL() construction

[CSS] @import pathinfo support

Security

Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

Generate correct relative path to runtime chunks

Makes DefinePlugin quieter under default log level

Fixed mangle destructuring default in namespace import

Fixed consumption of eager shared modules for module federation

Strip slash for pretty regexp

Calculate correct contenthash for CSS generator options

New Features

Added the binary generator option for asset modules to explicitly keep source maps produced by loaders

Added the modern-module library value for tree shakable output

Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

Correct tidle range's comutation for module federation

Consider runtime for pure expression dependency update hash

Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits

eabf85d chore(release): 5.94.0
955e057 security: fix DOM clobbering in auto public path
9822387 test: fix
cbb86ed test: fix
5ac3d7f fix: unexpected asi generation with sequence expression
2411661 security: fix DOM clobbering in auto public path
b8c03d4 fix: unexpected asi generation with sequence expression
f46a03c revert: do not use heuristic fallback for "module-import"
60f1898 fix: do not use heuristic fallback for "module-import"
66306aa Revert "fix: module-import get fallback from externalsPresets"
Additional commits viewable in compare view

Updates @babel/runtime from 7.11.2 to 7.26.10

Release notes

Sourced from @babel/runtime's releases.

v7.26.10 (2025-03-11)

Thanks @jordan-choi and @mmmsssttt404 for your first PRs!

This release includes a fix for GHSA-968p-4wvh-cqc8, a security vulnerability which affects the .replace method of transpiled regular expressions that use named capturing groups.

👓 Spec Compliance

babel-parser

#17159 Disallow decorator in array pattern (@JLHwung)

🐛 Bug Fix

babel-parser, babel-template

#17164 Fix: always initialize ExportDeclaration attributes (@JLHwung)

babel-core

#17142 fix: "Map maximum size exceeded" in deepClone (@liuxingbaoyu)

babel-parser, babel-plugin-transform-typescript

#17154 Update typescript parser tests (@JLHwung)

babel-traverse

#17151 fix: Should not evaluate vars in child scope (@liuxingbaoyu)

babel-generator

#17153 fix: Correctly generate abstract override (@liuxingbaoyu)

babel-parser

#17107 Fix source type detection when parsing TypeScript (@JLHwung)

babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3

#17173 Fix processing of replacement pattern with named capture groups (@mmmsssttt404)

💅 Polish

babel-standalone

#17158 Avoid warnings when re-bundling @babel/standalone with webpack (@liuxingbaoyu)

🏠 Internal

babel-parser

#17160 Left-value parsing cleanup (@JLHwung)

Committers: 6

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

Yunyoung Jordan Choi (

Bumps the npm_and_yarn group with 24 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.11.0` | `7.23.2` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.0.5` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.3` | `1.2.6` | | [semver](https://github.com/npm/node-semver) | `6.3.1` | `7.5.2` | | [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.28.5` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `5.1.0` | `6.0.6` | | [electron](https://github.com/electron/electron) | `23.1.2` | `24.8.5` | | [shell-quote](https://github.com/ljharb/shell-quote) | `1.7.1` | `1.7.3` | | [ws](https://github.com/websockets/ws) | `7.5.10` | `8.18.1` | | [webpack](https://github.com/webpack/webpack) | `5.82.1` | `5.94.0` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.11.2` | `7.26.10` | | [json5](https://github.com/json5/json5) | `2.1.3` | `2.2.2` | | [bl](https://github.com/rvagg/bl) | `1.2.1` | `1.2.3` | | [dot-prop](https://github.com/sindresorhus/dot-prop) | `4.2.0` | `4.2.1` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `3.19.0` | `3.21.1` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` | | [ini](https://github.com/npm/ini) | `1.3.5` | `1.3.8` | | [loader-utils](https://github.com/webpack/loader-utils) | `1.2.3` | `1.4.2` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `1.16.0` | `1.16.4` | | [thenify](https://github.com/thenables/thenify) | `3.3.0` | `3.3.1` | | [websocket-extensions](https://github.com/faye/websocket-extensions-node) | `0.1.3` | `0.1.4` | | [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) | `0.4.19` | `0.4.23` | | [y18n](https://github.com/yargs/y18n) | `4.0.0` | `4.0.3` | Bumps the npm_and_yarn group with 8 updates in the /scripts/bench directory: | Package | From | To | | --- | --- | --- | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.6` | | [chrome-launcher](https://github.com/GoogleChrome/chrome-launcher) | `0.10.5` | `0.13.2` | | [debug](https://github.com/debug-js/debug) | `2.6.8` | `2.6.9` | | [dot-prop](https://github.com/sindresorhus/dot-prop) | `4.2.0` | `4.2.1` | | [ini](https://github.com/npm/ini) | `1.3.4` | `1.3.8` | | [mime](https://github.com/broofa/mime) | `1.6.0` | `4.0.7` | | [y18n](https://github.com/yargs/y18n) | `3.2.1` | `3.2.2` | Bumps the npm_and_yarn group with 1 update in the /scripts/devtools directory: [semver](https://github.com/npm/node-semver). Bumps the npm_and_yarn group with 5 updates in the /scripts/release directory: | Package | From | To | | --- | --- | --- | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.0.8` | | [semver](https://github.com/npm/node-semver) | `5.4.1` | `5.7.2` | | [ansi-regex](https://github.com/chalk/ansi-regex) | `3.0.0` | `3.0.1` | | [deep-extend](https://github.com/unclechu/node-deep-extend) | `0.5.0` | `0.5.1` | | [puppeteer](https://github.com/puppeteer/puppeteer) | `1.11.0` | `24.7.2` | Updates `@babel/traverse` from 7.11.0 to 7.23.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse) Updates `minimatch` from 3.0.4 to 3.0.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.0.5) Updates `minimist` from 1.2.3 to 1.2.6 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.3...v1.2.6) Updates `semver` from 6.3.1 to 7.5.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.1...v7.5.2) Updates `undici` from 5.28.4 to 5.28.5 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v5.28.5) Updates `cross-spawn` from 5.1.0 to 6.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@5.1.0...v6.0.6) Updates `electron` from 23.1.2 to 24.8.5 - [Release notes](https://github.com/electron/electron/releases) - [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md) - [Commits](electron/electron@v23.1.2...v24.8.5) Updates `shell-quote` from 1.7.1 to 1.7.3 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.7.1...v1.7.3) Updates `ws` from 7.5.10 to 8.18.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.10...8.18.1) Updates `webpack` from 5.82.1 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.82.1...v5.94.0) Updates `@babel/runtime` from 7.11.2 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime) Updates `json5` from 2.1.3 to 2.2.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.1.3...v2.2.2) Updates `bl` from 1.2.1 to 1.2.3 - [Release notes](https://github.com/rvagg/bl/releases) - [Changelog](https://github.com/rvagg/bl/blob/master/CHANGELOG.md) - [Commits](rvagg/bl@v1.2.1...v1.2.3) Updates `browserslist` from 4.8.5 to 4.24.4 - [Release notes](https://github.com/browserslist/browserslist/releases) - [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md) - [Commits](browserslist/browserslist@4.8.5...4.24.4) Updates `dot-prop` from 4.2.0 to 4.2.1 - [Release notes](https://github.com/sindresorhus/dot-prop/releases) - [Commits](sindresorhus/dot-prop@v4.2.0...v4.2.1) Updates `fast-xml-parser` from 3.19.0 to 3.21.1 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@3.19.0...v3.21.1) Updates `http-proxy-middleware` from 2.0.6 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.9) Updates `ini` from 1.3.5 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.5...v1.3.8) Updates `loader-utils` from 1.2.3 to 1.4.2 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.2.3...v1.4.2) Updates `nanoid` from 3.3.7 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.11) Updates `serialize-javascript` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.1...v6.0.2) Updates `tar-fs` from 1.16.0 to 1.16.4 - [Commits](mafintosh/tar-fs@v1.16.0...v1.16.4) Updates `thenify` from 3.3.0 to 3.3.1 - [Changelog](https://github.com/thenables/thenify/blob/master/History.md) - [Commits](thenables/thenify@3.3.0...3.3.1) Updates `websocket-extensions` from 0.1.3 to 0.1.4 - [Changelog](https://github.com/faye/websocket-extensions-node/blob/main/CHANGELOG.md) - [Commits](faye/websocket-extensions-node@0.1.3...0.1.4) Updates `xml2js` from 0.4.19 to 0.4.23 - [Commits](https://github.com/Leonidas-from-XIV/node-xml2js/commits) Updates `y18n` from 4.0.0 to 4.0.3 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md) - [Commits](yargs/y18n@v4.0.0...y18n-v4.0.3) Updates `minimatch` from 3.0.4 to 3.1.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.0.5) Updates `minimist` from 1.2.5 to 1.2.6 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.3...v1.2.6) Updates `chrome-launcher` from 0.10.5 to 0.13.2 - [Release notes](https://github.com/GoogleChrome/chrome-launcher/releases) - [Changelog](https://github.com/GoogleChrome/chrome-launcher/blob/main/changelog.md) - [Commits](GoogleChrome/chrome-launcher@v0.10.5...v0.13.2) Updates `debug` from 2.6.8 to 2.6.9 - [Release notes](https://github.com/debug-js/debug/releases) - [Changelog](https://github.com/debug-js/debug/blob/2.6.9/CHANGELOG.md) - [Commits](debug-js/debug@2.6.8...2.6.9) Updates `dot-prop` from 4.2.0 to 4.2.1 - [Release notes](https://github.com/sindresorhus/dot-prop/releases) - [Commits](sindresorhus/dot-prop@v4.2.0...v4.2.1) Updates `ini` from 1.3.4 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.5...v1.3.8) Updates `mime` from 1.6.0 to 4.0.7 - [Release notes](https://github.com/broofa/mime/releases) - [Changelog](https://github.com/broofa/mime/blob/main/CHANGELOG.md) - [Commits](broofa/mime@v1.6.0...v4.0.7) Updates `y18n` from 3.2.1 to 3.2.2 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md) - [Commits](yargs/y18n@v4.0.0...y18n-v4.0.3) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.1...v7.5.2) Updates `minimatch` from 3.0.4 to 3.0.8 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.0.5) Updates `semver` from 5.4.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.1...v7.5.2) Updates `ansi-regex` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v3.0.0...v3.0.1) Updates `deep-extend` from 0.5.0 to 0.5.1 - [Changelog](https://github.com/unclechu/node-deep-extend/blob/master/CHANGELOG.md) - [Commits](unclechu/node-deep-extend@v0.5.0...v0.5.1) Updates `puppeteer` from 1.11.0 to 24.7.2 - [Release notes](https://github.com/puppeteer/puppeteer/releases) - [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md) - [Commits](puppeteer/puppeteer@v1.11.0...puppeteer-v24.7.2) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-version: 7.23.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.0.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 7.5.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 5.28.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 6.0.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: electron dependency-version: 24.8.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: shell-quote dependency-version: 1.7.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.18.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.94.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.26.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 2.2.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: bl dependency-version: 1.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserslist dependency-version: 4.24.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dot-prop dependency-version: 4.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: 3.21.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ini dependency-version: 1.3.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-version: 1.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 1.16.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: thenify dependency-version: 3.3.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: websocket-extensions dependency-version: 0.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: xml2js dependency-version: 0.4.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: y18n dependency-version: 4.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: chrome-launcher dependency-version: 0.13.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: debug dependency-version: 2.6.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dot-prop dependency-version: 4.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ini dependency-version: 1.3.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mime dependency-version: 4.0.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: y18n dependency-version: 3.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 5.7.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 5.7.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ansi-regex dependency-version: 3.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: deep-extend dependency-version: 0.5.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: puppeteer dependency-version: 24.7.2 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

snyk-io · 2025-04-29T02:07:44Z

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)

✅ code/snyk check is complete. No issues have been found. (View Details)

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 29, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 4 directories with 32 updates #11

Bump the npm_and_yarn group across 4 directories with 32 updates #11

Uh oh!

dependabot bot commented on behalf of github Apr 29, 2025

Uh oh!

snyk-io bot commented Apr 29, 2025 •

edited

Loading

Uh oh!

Uh oh!

Bump the npm_and_yarn group across 4 directories with 32 updates #11

Are you sure you want to change the base?

Bump the npm_and_yarn group across 4 directories with 32 updates #11

Uh oh!

Conversation

dependabot bot commented on behalf of github Apr 29, 2025

v7.23.2 (2023-10-11)

🐛 Bug Fix

Committers: 5

v7.23.1 (2023-09-25)

v7.23.0 (2023-09-25)

🚀 New Feature

v7.23.2 (2023-10-11)

🐛 Bug Fix

v7.23.0 (2023-09-25)

🚀 New Feature

🐛 Bug Fix

💅 Polish

🔬 Output optimization

v7.22.20 (2023-09-16)

v1.2.6 - 2022-03-21

Commits

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

v7.5.0

7.5.0 (2023-04-17)

Features

Bug Fixes

v7.4.0

7.4.0 (2023-04-10)

Features

Bug Fixes

Documentation

7.5.2 (2023-06-15)

Bug Fixes

7.5.1 (2023-05-12)

Bug Fixes

7.5.0 (2023-04-17)

Features

Bug Fixes

7.4.0 (2023-04-10)

Features

Bug Fixes

Documentation

7.3.8 (2022-10-04)

Bug Fixes

v5.28.5

⚠️ Security Release ⚠️

6.0.6 (2024-11-18)

Bug Fixes

6.0.5 (2018-03-02)

Bug Fixes

6.0.4 (2018-01-31)

Bug Fixes

6.0.3 (2018-01-23)

6.0.2 (2018-01-23)

6.0.1 (2018-01-23)

6.0.0 (2018-01-23)

Bug Fixes

v1.7.3 - 2021-10-20

v1.7.2 - 2019-08-30

8.18.1

Bug fixes

8.18.0

Features

8.17.1

Bug fixes

v5.94.0

Bug Fixes

New Features

Security

v5.93.0

Bug Fixes

snyk-io bot commented Apr 29, 2025 •

edited

Loading