Bump the weekly-dependencies group across 1 directory with 15 updates by dependabot[bot] · Pull Request #884 · DEFRA/grants-ui

dependabot · 2026-05-18T09:35:53Z

Bumps the weekly-dependencies group with 15 updates in the / directory:

Package	From	To
@defra/forms-engine-plugin	`4.11.1`	`4.12.0`
date-fns	`4.1.0`	`4.2.0`
undici	`8.2.0`	`8.3.0`
yaml	`2.8.4`	`2.9.0`
@types/node	`25.6.0`	`25.8.0`
@typescript-eslint/eslint-plugin	`8.59.2`	`8.59.3`
@typescript-eslint/parser	`8.59.2`	`8.59.3`
@vitest/coverage-v8	`4.1.5`	`4.1.6`
@vitest/eslint-plugin	`1.6.16`	`1.6.17`
@vitest/ui	`4.1.5`	`4.1.6`
sass-loader	`16.0.7`	`16.0.8`
snyk	`1.1304.2`	`1.1304.3`
terser-webpack-plugin	`5.5.0`	`5.6.0`
tsx	`4.21.0`	`4.22.1`
vitest	`4.1.5`	`4.1.6`

Updates @defra/forms-engine-plugin from 4.11.1 to 4.12.0

Release notes

Sourced from @defra/forms-engine-plugin's releases.

v4.12.0

What's Changed

Add component previews to documentation microsite by @alexluckett in DEFRA/forms-engine-plugin#392

feat: add JS level system for component preview notices by @alexluckett in DEFRA/forms-engine-plugin#393

feat(DF-789): render unavailable view when form is offline by @mokhld in DEFRA/forms-engine-plugin#398

Full Changelog: DEFRA/forms-engine-plugin@v4.11.3...v4.12.0

v4.11.3

What's Changed

feat(DF-952): Update location map instructions for user interaction by @mokhld in DEFRA/forms-engine-plugin#389

Full Changelog: DEFRA/forms-engine-plugin@v4.11.2...v4.11.3

Commits

4a6aab4 feat(DF-789): render unavailable view when form is offline (#398)
3ddb572 Merge pull request #393 from DEFRA/docs/component-previews-clean
a4e86da fix test
f70fd98 jsdoc types
2396088 add link for map location pattern
8698901 add notice about map question pattern
3900a16 fi image url
d1d28c0 feat: add JS level system for component preview notices
7f56605 Merge pull request #392 from DEFRA/docs/component-previews
2fe2c5e style: fix prettier formatting in generate-component-previews.test.js
Additional commits viewable in compare view

Updates date-fns from 4.1.0 to 4.2.0

Release notes

Sourced from date-fns's releases.

v4.2.0

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

Changelog

Sourced from date-fns's changelog.

v4.2.0 - 2026-05-18

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

Commits

3d4ca4b Update browserslist
562c485 Promote to v4.2.0
3709c02 Make steps into the Temporal-first future
07592b9 Upgrade Node.js types, upgrade TypeScript
09ece22 Upgrade Vitest
c37c22e Set up Oxfmt as the default formatter
d40bb80 Upgrade mise setup
dd66398 Fix tz tests workflow
ef962f8 Adjust smoke tests
5ad3aa7 Restore lost DST tests
Additional commits viewable in compare view

Updates undici from 8.2.0 to 8.3.0

Release notes

Sourced from undici's releases.

v8.3.0

What's Changed

fix: preserve pool capacity after removing stale client by @trivikr in nodejs/undici#5151

build(deps): bump actions/github-script from 8.0.0 to 9.0.0 by @dependabot[bot] in nodejs/undici#5157

build(deps): bump actions/upload-artifact from 5.0.0 to 7.0.1 by @dependabot[bot] in nodejs/undici#5162

build(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by @dependabot[bot] in nodejs/undici#5156

chore(http2): collapse duplicate request stream setup by @trivikr in nodejs/undici#5140

perf(client): cache HTTP/2 authority by @trivikr in nodejs/undici#5141

build(deps-dev): bump borp from 0.20.2 to 1.0.0 by @dependabot[bot] in nodejs/undici#4819

types: add TOpaque to client connect options by @samuel871211 in nodejs/undici#4928

build(deps): bump tinybench from 5.1.0 to 6.0.1 in /benchmarks by @dependabot[bot] in nodejs/undici#4688

build(deps): bump codecov/codecov-action from 5.5.1 to 6.0.0 by @dependabot[bot] in nodejs/undici#4950

build(deps): bump actions/dependency-review-action from 4.8.1 to 4.9.0 by @dependabot[bot] in nodejs/undici#4951

test(fetch): add userinfo coverage for issue-4897 URLs by @mcollina in nodejs/undici#4901

perf: avoid duplicate pool dispatcher selection on backpressure by @trivikr in nodejs/undici#5149

build(deps): bump actions/setup-node from 6.2.0 to 6.4.0 by @dependabot[bot] in nodejs/undici#5163

build(deps): bump step-security/harden-runner from 2.14.1 to 2.19.1 by @dependabot[bot] in nodejs/undici#5160

build(deps): bump cronometro from 5.3.0 to 6.0.3 in /benchmarks by @dependabot[bot] in nodejs/undici#4687

build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 by @dependabot[bot] in nodejs/undici#5161

build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by @dependabot[bot] in nodejs/undici#4853

build(deps): bump hendrikmuhs/ccache-action from 1.2.22 to 1.2.23 by @dependabot[bot] in nodejs/undici#5158

build(deps): bump fastify/github-action-merge-dependabot from 3.11.2 to 3.12.0 by @dependabot[bot] in nodejs/undici#5159

build(deps-dev): bump c8 from 10.1.3 to 11.0.0 by @dependabot[bot] in nodejs/undici#4854

build(deps): bump uWebSockets.js from v20.64.0 to v20.66.0 in /benchmarks by @dependabot[bot] in nodejs/undici#5130

docs: mention install() also installs WebSocket globals by @mcollina in nodejs/undici#5174

types: stop interfering with @types/node by @Renegade334 in nodejs/undici#5173

fix: align h2 empty body content-length methods with h1 by @trivikr in nodejs/undici#5172

build(deps-dev): bump fast-check from 4.6.0 to 4.7.0 by @dependabot[bot] in nodejs/undici#5192

build(deps-dev): bump typescript from 6.0.2 to 6.0.3 by @dependabot[bot] in nodejs/undici#5191

test: move cleanup from finally to after hooks by @trivikr in nodejs/undici#5194

test: resolve flaky timeout in issue-3356 by @trivikr in nodejs/undici#5188

SnapshotAgent: Add normalizeBody and normalizeQuery by @GeoffreyBooth in nodejs/undici#5121

fix(socks5): use configured connector in Socks5ProxyAgent by @trivikr in nodejs/undici#5168

perf(http2): avoid isArray checks for common headers by @trivikr in nodejs/undici#5170

fix(test): make deduplicate body-streaming test non-flaky by @mcollina in nodejs/undici#5196

test(retry): add regression test for RetryAgent + HTTP/2 stream timeout (#5137) by @mcollina in nodejs/undici#5176

fix(socks5): preserve dispatch backpressure return value by @trivikr in nodejs/undici#5166

perf(http2): end zero-length request bodies with headers by @trivikr in nodejs/undici#5169

fix(test): make issue-2898-comment.js assertion robust against flakiness by @mcollina in nodejs/undici#5208

test: disable timeouts in h2 high concurrency regression by @trivikr in nodejs/undici#5205

test: deflake stream compat coverage by @mcollina in nodejs/undici#5209

fix(dispatcher): remove unreachable assert in writeBlob by @SAY-5 in nodejs/undici#5231

fix: clean up benchmark resources before worker exit by @trivikr in nodejs/undici#5225

test: avoid per-chunk assertions in diagnostics get by @trivikr in nodejs/undici#5224

test: capture cache test worker stderr and preserve failures by @trivikr in nodejs/undici#5206

chore: gitignore benchmarks/package-lock.json by @trivikr in nodejs/undici#5228

perf(proxy-agent): avoid extra header allocations in auth guard by @trivikr in nodejs/undici#5164

test(wpt): retry WPT server startup on port conflicts or timeout by @trivikr in nodejs/undici#5215

test: make websocket diagnostics ping-pong ordering deterministic by @trivikr in nodejs/undici#5222

test(websocket): fix flaky send test by @mcollina in nodejs/undici#5232

... (truncated)

Commits

aa33b19 Bumped v8.3.0 (#5305)
f33a6cb test: fix flaky http2-dispatcher WebSocket upgrade tests (#5304)
ca0cb16 build(deps): bump uWebSockets.js in /benchmarks (#5299)
e1f9035 build(deps-dev): bump jest from 30.3.0 to 30.4.2 (#5297)
314ba6a perf(client-h2): reuse request upgrade stream handlers (#5293)
be9a544 Add Node 26 to the matrix (#5271)
45f7bd3 test: retry crashed cache-test workers once (#5294)
08cf765 build(deps-dev): bump fast-check from 4.7.0 to 4.8.0 (#5298)
df5ded9 cache formdata boundary (#5292)
e101dcb test: include after in parser-issues (#5284)
Additional commits viewable in compare view

Updates yaml from 2.8.4 to 2.9.0

Release notes

Sourced from yaml's releases.

v2.9.0

The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

fix: Avoid calling Array.prototype.push.apply() with large source array

fix(lexer): Avoid recursive calls that may exhaust the call stack

Commits

ddb21b0 2.9.0
167365b docs: Clarify that not all errors can be avoided
6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
See full diff in compare view

Updates @types/node from 25.6.0 to 25.8.0

Commits

See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.59.2 to 8.59.3

Release notes

Sourced from @typescript-eslint/eslint-plugin's releases.

v8.59.3

8.59.3 (2026-05-11)

This was a version bump only, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @typescript-eslint/eslint-plugin's changelog.

8.59.3 (2026-05-11)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

48e13c0 chore(release): publish 8.59.3
e26dc80 docs: update stale links to latest (#12313)
44f9625 chore(deps): update vitest monorepo to v4.1.5 (#12307)
See full diff in compare view

Updates @typescript-eslint/parser from 8.59.2 to 8.59.3

Release notes

Sourced from @typescript-eslint/parser's releases.

v8.59.3

8.59.3 (2026-05-11)

This was a version bump only, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @typescript-eslint/parser's changelog.

8.59.3 (2026-05-11)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

48e13c0 chore(release): publish 8.59.3
44f9625 chore(deps): update vitest monorepo to v4.1.5 (#12307)
See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.5 to 4.1.6

Release notes

Sourced from @vitest/coverage-v8's releases.

v4.1.6

   🐞 Bug Fixes

browser: Provide project reference in ToMatchScreenshotResolvePath - by @macarie and @sheremet-va in vitest-dev/vitest#10138 (31882)

Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options - by @hi-ogawa, Codex and @sheremet-va in vitest-dev/vitest#10196 (2847d)

browser: Simplify orchestrator otel carrier - by @hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

Stringify diff objects only once - by @sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

Commits

a8fd24c chore: release v4.1.6
See full diff in compare view

Updates @vitest/eslint-plugin from 1.6.16 to 1.6.17

Release notes

Sourced from @vitest/eslint-plugin's releases.

v1.6.17

🐞 Bug Fixes

Recommend toBeTypeOf instead of expectTypeOf in prefer-expect-type-of - by @sheremet-va in vitest-dev/eslint-plugin-vitest#896 (a4bcd)

no-standalone-expect: Allow expect inside vi.defineHelper callbacks - by @nami8824 in vitest-dev/eslint-plugin-vitest#894 (fd8eb)

View changes on GitHub

Commits

789966e chore: release v1.6.17
a4bcdf5 fix: recommend toBeTypeOf instead of expectTypeOf in `prefer-expect-type-...
fd8eb3c fix(no-standalone-expect): allow expect inside vi.defineHelper callbacks (#894)
dbf423c refactor: simplify ParsedGeneralVitestFnCall type exclusion (#895)
See full diff in compare view

Updates @vitest/ui from 4.1.5 to 4.1.6

Release notes

Sourced from @vitest/ui's releases.

v4.1.6

   🐞 Bug Fixes

browser: Provide project reference in ToMatchScreenshotResolvePath - by @macarie and @sheremet-va in vitest-dev/vitest#10138 (31882)

Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options - by @hi-ogawa, Codex and @sheremet-va in vitest-dev/vitest#10196 (2847d)

browser: Simplify orchestrator otel carrier - by @hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

Stringify diff objects only once - by @sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

Commits

a8fd24c chore: release v4.1.6
See full diff in compare view

Updates sass-loader from 16.0.7 to 16.0.8

Release notes

Sourced from sass-loader's releases.

v16.0.8

16.0.8 (2026-05-08)

Bug Fixes

normalize separators in getPossibleRequests for Windows (#1308) (#1309) (90e349d)

Changelog

Sourced from sass-loader's changelog.

16.0.8 (2026-05-08)

Bug Fixes

normalize separators in getPossibleRequests for Windows (#1308) (#1309) (90e349d)

Commits

4f00ed5 chore(release): 16.0.8
90e349d fix: normalize separators in getPossibleRequests for Windows (#1308) (#1309)
cda2078 chore(deps-dev): bump follow-redirects from 1.15.9 to 1.16.0 (#1306)
128abc0 chore(deps): bump lodash from 4.17.23 to 4.18.1 (#1305)
e3df97d chore(deps-dev): bump node-forge from 1.3.3 to 1.4.0 (#1304)
ff8005b chore(deps): bump serialize-javascript and terser-webpack-plugin (#1299)
7dd2827 chore(deps-dev): bump flatted from 3.3.2 to 3.4.2 (#1301)
9e6a5e5 chore(deps): bump picomatch (#1300)
a488645 chore(deps): bump immutable from 5.0.3 to 5.1.5 (#1298)
fe6fe07 chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 (#1297)
Additional commits viewable in compare view

Updates snyk from 1.1304.2 to 1.1304.3

Release notes

Sourced from snyk's releases.

v1.1304.3

1.1304.3 (2026-05-13)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

dependencies: Updates dependencies to fix vulnerabilities:

CVE-2026-45022 (aa226a9)

CVE-2026-33814 (1691c3b)

CVE-2026-33811 (1691c3b)

CVE-2026-39836 (1691c3b)

Known Issues

container-image: Two vulnerabilities are reported in the snyk/snyk container images via the transitive github.com/gomarkdown/markdown dependency (SNYK-GOLANG-GITHUBCOMGOMARKDOWNMARKDOWNHTML-16066911, SNYK-GOLANG-GITHUBCOMGOMARKDOWNMARKDOWNPARSER-8220052). We have assessed these vulnerabilities and confirmed they do not impact CLI users. A fix is scheduled for the stable release on 2026-05-20.

Commits

494c2a9 Merge pull request #6800 from snyk/release-candidate
c826a3e Merge pull request #6798 from snyk/hotfix/v1.1304.3
2220b35 chore: update release notes
7442ae0 fix(dependency): CVE-2026-45022
5c65294 fix(dependencies): Fix CVE-2026-33814, CVE-2026-33811, CVE-2026-39836
83323a1 docs: synchronizing help from snyk/user-docs
b1bc173 fix: Switch Secrets User Journey tests to prod
552f27f chore: relax test criteria to avoid failing due to dep changes
873a8da Merge pull request #6781 from snyk/release/1.1304
See full diff in compare view

Updates terser-webpack-plugin from 5.5.0 to 5.6.0

Release notes

Sourced from terser-webpack-plugin's releases.

v5.6.0

Minor Changes

support array of minimizers for minify and terserOptions (by @alexander-akait in #674)

add built-in CSS minimizers from css-minimizer-webpack-plugin (by @alexander-akait in #674)

add built-in HTML minimizers from html-minimizer-webpack-plugin (by @alexander-akait in #674)

add filter method to minimizers, allowing a single plugin instance to handle multiple asset types (by @alexander-akait in #674)

terser-webpack-plugin has been renamed to minimizer-webpack-plugin, merging other minimizers from css-minimizer-webpack-plugin and html-minimizer-webpack-plugin. We will continue to publish new releases under the old name, but we recommend switching to the new package - minimizer-webpack-plugin. It is now a single plugin for minification. We also added the ability to specify different minifier types using only one plugin instance, which will improve performance. (by @alexander-akait in #677)

rename terserOptions to minimizerOptions; terserOptions is kept as a deprecated alias (by @alexander-akait in #674)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

Changelog

Sourced from terser-webpack-plugin's changelog.

5.6.0

Minor Changes

support array of minimizers for minify and terserOptions (by @alexander-akait in #674)

add built-in CSS minimizers from css-minimizer-webpack-plugin (by @alexander-akait in #674)

add built-in HTML minimizers from html-minimizer-webpack-plugin (by @alexander-akait in #674)

add filter method to minimizers, allowing a single plugin instance to handle multiple asset types (by @alexander-akait in #674)

terser-webpack-plugin has been renamed to minimizer-webpack-plugin, merging other minimizers from css-minimizer-webpack-plugin and html-minimizer-webpack-plugin. We will continue to publish new releases under the old name, but we recommend switching to the new package - minimizer-webpack-plugin. It is now a single plugin for minification. We also added the ability to specify different minifier types using only one plugin instance, which will improve performance. (by @alexander-akait in #677)

rename terserOptions to minimizerOptions; terserOptions is kept as a deprecated alias (by @alexander-akait in #674)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

Commits

57bdcfc chore(release): new release (#675)
6feeda0 chore: add changelog entry (#677)
dd360be chore: rename other things
d78b6bd ci: dual-publish release as minimizer-webpack-plugin and terser-webpack-plugi...
e06c526 docs: add changesets for changes since v5.5.0 (#674)
a875994 chore: update codebase
2bfd4f8 ci: add changesets-driven release workflow (#672)
9b82a77 test: cover multi-asset minify and js-only minimizer fallback (#671)
34610d9 feat: added the filter method to minimizers and allow to handle different a...
1a34e62 feat: add built-in CSS minimizers from css-minimizer-webpack-plugin (#669)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for terser-webpack-plugin since your current version.

Updates tsx from 4.21.0 to 4.22.1

Release notes

Sourced from tsx's releases.

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

resolve tsconfig path aliases containing a colon (#780) (6979f28)

This release is also available on:

npm package (@latest dist-tag)

v4.22.0

4.22.0 (2026-05-14)

Features

upgrade esbuild to 0.28 (#789) (b29f6ee)

This release is also available on:

npm package (@latest dist-tag)

v4.21.1

4.21.1 (2026-05-14)

Bug Fixes

support Node 20.11/21.2 import.meta paths (acf3d8f)

support Node.js 24.15.0 (c1d2d45)

support Node.js 26.1.0 and 25.9.0 (1d7e528)

This release is also available on:

npm package (@latest dist-tag)

Commits

6979f28 fix: resolve tsconfig path aliases containing a colon (#780)
b29f6ee feat: upgrade esbuild to 0.28 (#789)
0dd17e9 test: cover registerHooks loader composition
acf3d8f fix: support Node 20.11/21.2 import.meta paths
4bbef80 test: cover configDir paths without baseUrl
dddc5ce test: cover sync-hook watch reruns and cleanup retries
09e8f8c test: assert CLI runs without warnings
1d7e528 fix: support Node.js 26.1.0 and 25.9.0
c1d2d45 fix: support Node.js 24.15.0
d04672d test: update node version feature gates
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.

Updates vitest from 4.1.5 to 4.1.6

Release notes

Sourced from vitest's releases.

v4.1.6

   🐞 Bug Fixes

browser: Provide project reference in ToMatchScreenshotResolvePath - by @macarie and @sheremet-va in vitest-dev/vitest#10138 (31882)

Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options - by @hi-ogawa, Codex and @sheremet-va in vitest-dev/vitest#10196 (2847d)

browser: Simplify orchestrator otel carrier - by @hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

Stringify diff objects only once - by @sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

Commits

a8fd24c chore: release v4.1.6
18af98c fix(browser): simplify orchestrator otel carrier (#10285)
3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the weekly-dependencies group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@defra/forms-engine-plugin](https://github.com/DEFRA/forms-engine-plugin) | `4.11.1` | `4.12.0` | | [date-fns](https://github.com/date-fns/date-fns) | `4.1.0` | `4.2.0` | | [undici](https://github.com/nodejs/undici) | `8.2.0` | `8.3.0` | | [yaml](https://github.com/eemeli/yaml) | `2.8.4` | `2.9.0` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.6.0` | `25.8.0` | | [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.59.2` | `8.59.3` | | [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.59.2` | `8.59.3` | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.5` | `4.1.6` | | [@vitest/eslint-plugin](https://github.com/vitest-dev/eslint-plugin-vitest) | `1.6.16` | `1.6.17` | | [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui) | `4.1.5` | `4.1.6` | | [sass-loader](https://github.com/webpack/sass-loader) | `16.0.7` | `16.0.8` | | [snyk](https://github.com/snyk/snyk) | `1.1304.2` | `1.1304.3` | | [terser-webpack-plugin](https://github.com/webpack/minimizer-webpack-plugin) | `5.5.0` | `5.6.0` | | [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.1` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.5` | `4.1.6` | Updates `@defra/forms-engine-plugin` from 4.11.1 to 4.12.0 - [Release notes](https://github.com/DEFRA/forms-engine-plugin/releases) - [Commits](DEFRA/forms-engine-plugin@v4.11.1...v4.12.0) Updates `date-fns` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/date-fns/date-fns/releases) - [Changelog](https://github.com/date-fns/date-fns/blob/main/CHANGELOG.md) - [Commits](date-fns/date-fns@v4.1.0...v4.2.0) Updates `undici` from 8.2.0 to 8.3.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v8.2.0...v8.3.0) Updates `yaml` from 2.8.4 to 2.9.0 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.8.4...v2.9.0) Updates `@types/node` from 25.6.0 to 25.8.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@typescript-eslint/eslint-plugin` from 8.59.2 to 8.59.3 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.3/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.59.2 to 8.59.3 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.3/packages/parser) Updates `@vitest/coverage-v8` from 4.1.5 to 4.1.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/coverage-v8) Updates `@vitest/eslint-plugin` from 1.6.16 to 1.6.17 - [Release notes](https://github.com/vitest-dev/eslint-plugin-vitest/releases) - [Commits](vitest-dev/eslint-plugin-vitest@v1.6.16...v1.6.17) Updates `@vitest/ui` from 4.1.5 to 4.1.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/ui) Updates `sass-loader` from 16.0.7 to 16.0.8 - [Release notes](https://github.com/webpack/sass-loader/releases) - [Changelog](https://github.com/webpack/sass-loader/blob/main/CHANGELOG.md) - [Commits](webpack/sass-loader@v16.0.7...v16.0.8) Updates `snyk` from 1.1304.2 to 1.1304.3 - [Release notes](https://github.com/snyk/snyk/releases) - [Commits](snyk/cli@v1.1304.2...v1.1304.3) Updates `terser-webpack-plugin` from 5.5.0 to 5.6.0 - [Release notes](https://github.com/webpack/minimizer-webpack-plugin/releases) - [Changelog](https://github.com/webpack/minimizer-webpack-plugin/blob/main/CHANGELOG.md) - [Commits](webpack/minimizer-webpack-plugin@v5.5.0...v5.6.0) Updates `tsx` from 4.21.0 to 4.22.1 - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.21.0...v4.22.1) Updates `vitest` from 4.1.5 to 4.1.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/vitest) --- updated-dependencies: - dependency-name: "@defra/forms-engine-plugin" dependency-version: 4.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: weekly-dependencies - dependency-name: date-fns dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: weekly-dependencies - dependency-name: undici dependency-version: 8.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: weekly-dependencies - dependency-name: yaml dependency-version: 2.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: weekly-dependencies - dependency-name: "@types/node" dependency-version: 25.8.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: weekly-dependencies - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.59.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: weekly-dependencies - dependency-name: "@typescript-eslint/parser" dependency-version: 8.59.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: weekly-dependencies - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: weekly-dependencies - dependency-name: "@vitest/eslint-plugin" dependency-version: 1.6.17 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: weekly-dependencies - dependency-name: "@vitest/ui" dependency-version: 4.1.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: weekly-dependencies - dependency-name: sass-loader dependency-version: 16.0.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: weekly-dependencies - dependency-name: snyk dependency-version: 1.1304.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: weekly-dependencies - dependency-name: terser-webpack-plugin dependency-version: 5.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: weekly-dependencies - dependency-name: tsx dependency-version: 4.22.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: weekly-dependencies - dependency-name: vitest dependency-version: 4.1.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: weekly-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

…da63906c6d

sonarqubecloud · 2026-05-20T04:17:59Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 18, 2026

dependabot Bot requested a review from a team May 18, 2026 09:35

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 18, 2026

Merge branch 'main' into dependabot/npm_and_yarn/weekly-dependencies-…

59e8382

…da63906c6d

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the weekly-dependencies group across 1 directory with 15 updates#884

Bump the weekly-dependencies group across 1 directory with 15 updates#884
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/weekly-dependencies-da63906c6d

dependabot Bot commented on behalf of github May 18, 2026 •

edited

Loading

Uh oh!

sonarqubecloud Bot commented May 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.12.0

What's Changed

v4.11.3

What's Changed

v4.2.0

Changed

v4.2.0 - 2026-05-18

Changed

v8.3.0

What's Changed

v2.9.0

v8.59.3

8.59.3 (2026-05-11)

8.59.3 (2026-05-11)

v8.59.3

8.59.3 (2026-05-11)

8.59.3 (2026-05-11)

v4.1.6

🐞 Bug Fixes

🏎 Performance

View changes on GitHub

v1.6.17

🐞 Bug Fixes

View changes on GitHub

v4.1.6

🐞 Bug Fixes

🏎 Performance

View changes on GitHub

v16.0.8

16.0.8 (2026-05-08)

Bug Fixes

16.0.8 (2026-05-08)

Bug Fixes

v1.1304.3

1.1304.3 (2026-05-13)

Bug Fixes

Known Issues

v5.6.0

Minor Changes

5.6.0

Minor Changes

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

v4.22.0

4.22.0 (2026-05-14)

Features

v4.21.1

4.21.1 (2026-05-14)

Bug Fixes

v4.1.6

🐞 Bug Fixes

🏎 Performance

View changes on GitHub

Uh oh!

sonarqubecloud Bot commented May 20, 2026

Quality Gate passed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 18, 2026 •

edited

Loading