Skip to content

Bump the javascript-dev group across 1 directory with 5 updates#490

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/javascript-dev-e85def6ffa
Open

Bump the javascript-dev group across 1 directory with 5 updates#490
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/javascript-dev-e85def6ffa

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 31, 2026
edited
Loading

Bumps the javascript-dev group with 5 updates in the / directory:

Package From To
@babel/preset-env 7.29.0 7.29.2
core-js 3.48.0 3.49.0
less 4.5.1 4.6.4
less-loader 12.3.0 12.3.2
webpack 5.105.0 5.105.4

Updates @babel/preset-env from 7.29.0 to 7.29.2

Release notes

Sourced from @​babel/preset-env's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

  • babel-parser

🐛 Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • babel-preset-env
    • #17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@​JLHwung)

🏠 Internal

Committers: 2

v7.29.1 (2026-02-04)

🐛 Bug Fix

Committers: 2

Commits

Updates core-js from 3.48.0 to 3.49.0

Changelog

Sourced from core-js's changelog.

3.49.0 - 2026.03.16

  • Changes v3.48.0...v3.49.0 (373 commits)
  • Iterator.range updated following the actual spec version
    • Throw a RangeError on NaN start / end / step
    • Allow null as optionOrStep
  • Improved accuracy of Math.{ asinh, atanh } polyfills with big and small values
  • Improved accuracy of Number.prototype.toExponential polyfills with big and small values
  • Improved performance of atob, btoa, Uint8Array.fromHex, Uint8Array.prototype.setFromHex, and Uint8Array.prototype.toHex, #1503, #1464, #1510, thanks @​johnzhou721
  • Minor performance optimization polyfills of methods from Map upsert proposal
  • Polyfills of methods from Map upsert proposal from the pure version made generic to make it work with polyfilled and native collections
  • Wrap Symbol.for in Symbol.prototype.description polyfill for correct handling of empty string descriptions
  • Fixed a modern Safari bug in Array.prototype.includes with sparse arrays and fromIndex
  • Fixed one more case (Iterator.prototype.take) of a V8 ~ Chromium < 126 bug
  • Forced replacement of Iterator.{ concat, zip, zipKeyed } in the pure version for ensuring proper wrapped Iterator instances as the result
  • Fixed proxying .return() on exhausted iterator from some methods of iterator helpers polyfill to the underlying iterator
  • Fixed double .return() calling in case of throwing error in this method in the internal iterate helper that affected some polyfills
  • Fixed closing iterator on IteratorValue errors in the internal iterate helper that affected some polyfills
  • Fixed iterator closing in Array.from polyfill on failure to create array property
  • Fixed order of arguments validation in Array.fromAsync polyfill
  • Fixed a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync polyfill
  • Fixed order of arguments validation in Array.prototype.flat polyfill
  • Fixed handling strings as iterables in Iterator.{ zip, zipKeyed } polyfills
  • Fixed some cases of iterators closing in Iterator.{ zip, zipKeyed } polyfills
  • Fixed validation of iterators .next() results an objects in Iterator.{ zip, zipKeyed } polyfills
  • Fixed a lack of early error in Iterator.concat polyfill on primitive as an iterator
  • Fixed buffer mutation exposure in Iterator.prototype.windows polyfill
  • Fixed iterator closing in Set.prototype.{ isDisjointFrom, isSupersetOf } polyfill
  • Fixed (updated following the final spec) one more case Set.prototype.difference polyfill with updating this
  • Fixed DataView.prototype.setFloat16 polyfill in (0, 1) range
  • Fixed order of arguments validation in String.prototype.{ padStart, padEnd } polyfills
  • Fixed order of arguments validation in String.prototype.{ startsWith, endsWith } polyfills
  • Fixed some cases of Infinity handling in String.prototype.substr polyfill
  • Fixed String.prototype.repeat polyfill with a counter exceeding 2 ** 32
  • Fixed some cases of chars case in escape polyfill
  • Fixed named backreferences in RegExp NCG polyfill
  • Fixed some cases of RegExp NCG polyfill in combination with other types of groups
  • Fixed some cases of RegExp NCG polyfill in combination with dotAll
  • Fixed String.prototype.replace with sticky polyfill, #810, #1514
  • Fixed RegExp sticky polyfill with alternation
  • Fixed handling of some line terminators in case of multiline + sticky mode in RegExp polyfill
  • Fixed .input slicing on result object with RegExp sticky mode polyfill
  • Fixed handling of empty groups with global and unicode modes in polyfills
  • Fixed URLSearchParam.prototype.delete polyfill with duplicate key-value pairs
  • Fixed possible removal of unnecessary entries in URLSearchParam.prototype.delete polyfill with second argument
  • Fixed an error in some cases of non-special URLs without a path in the URL polyfill
  • Fixed some percent encode cases / character sets in the URL polyfill
  • Fixed parsing of non-IPv4 hosts ends in a number in the URL polyfill
  • Fixed some cases of '' and null host handling in the URL polyfill
  • Fixed host parsing with hostname = host:port in the URL polyfill
  • Fixed host inheritance in some cases of file scheme in the URL polyfill

... (truncated)

Commits
  • 80adfc4 v3.49.0
  • 0ad3e00 fix a modern Safari bug in Array.prototype.includes with sparse arrays and ...
  • 853bfa4 update some links
  • b4d723f fix a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync p...
  • e276676 fix parsing of non-IPv4 hosts ends in a number in the URL polyfill
  • dd1cfba fix order of arguments validation in String.prototype.{ padStart, padEnd } ...
  • b952c5f add an extra protection to configurator
  • e490caf Fix for #810 (#1514)
  • 10b4e86 drop an unneeded comment
  • 28cf2e9 feat: Improve performance of Uint8Array Hex functions (#1510)
  • Additional commits viewable in compare view

Updates less from 4.5.1 to 4.6.4

Release notes

Sourced from less's releases.

Release v4.6.3

Changes

See CHANGELOG.md for details.

Installation

npm install less@4.6.3

Release v4.6.0

Changes

See CHANGELOG.md for details.

Installation

npm install less@4.6.0
Changelog

Sourced from less's changelog.

Change Log

v4.6.0 (2026-03-09)

Bug Fixes

Features & Improvements

Deprecation Warnings

Chores

Commits

Updates less-loader from 12.3.0 to 12.3.2

Release notes

Sourced from less-loader's releases.

v12.3.2

12.3.2 (2026-03-11)

Bug Fixes

  • compatibility with ECMA modules less version (#578) (6850f6c)

v12.3.1

12.3.1 (2026-02-05)

Bug Fixes

  • update peer dependency for @​rspack/core v2 (#575) (6588093)
Changelog

Sourced from less-loader's changelog.

12.3.2 (2026-03-11)

Bug Fixes

  • compatibility with ECMA modules less version (#578) (6850f6c)

12.3.1 (2026-02-05)

Bug Fixes

  • update peer dependency for @​rspack/core v2 (#575) (6588093)
Commits

Updates webpack from 5.105.0 to 5.105.4

Release notes

Sourced from webpack's releases.

v5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

v5.105.3

Patch Changes

  • Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

  • Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

  • Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

  • Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

  • Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

  • Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

  • Fix some types. (by @​alexander-akait in #20412)

  • Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

  • Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

  • Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

  • Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

  • Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

v5.105.2

Patch Changes

v5.105.1

Patch Changes

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

5.105.3

Patch Changes

  • Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

  • Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

  • Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

  • Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

  • Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

  • Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

  • Fix some types. (by @​alexander-akait in #20412)

  • Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

  • Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

  • Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

  • Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

  • Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

5.105.2

Patch Changes

... (truncated)

Commits
  • 27c13b4 chore(release): new release (#20550)
  • 9b2f41e chore: bump terser plugin (#20569)
  • eafe060 fix: narrow the export presence guard detection (#20561)
  • 75d605c refactor: add AppendOnlyStackedSet iteration support and tests (#20560)
  • afa607d refactor: remove unused code (#20562)
  • 4098902 test: add source files for web-webworker and web-webworker-auto-public-path (...
  • f97be67 refactor: fix duplicated word in Compilation JSDoc (#20547)
  • 9d76fff refactor: add Module.getSourceBasicTypes for basic JS type detection (#20546)
  • a3d7839 fix: types for multi stats (#20556)
  • b8e9b05 fix: update enhanced-resolve to support new features for tsconfig.json (#...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the javascript-dev group across 1 directory with 5 updates
1313425 
Bumps the javascript-dev group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.29.0` | `7.29.2` |
| [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) | `3.48.0` | `3.49.0` |
| [less](https://github.com/less/less.js) | `4.5.1` | `4.6.4` |
| [less-loader](https://github.com/webpack/less-loader) | `12.3.0` | `12.3.2` |
| [webpack](https://github.com/webpack/webpack) | `5.105.0` | `5.105.4` |



Updates `@babel/preset-env` from 7.29.0 to 7.29.2
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-preset-env)

Updates `core-js` from 3.48.0 to 3.49.0
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/commits/v3.49.0/packages/core-js)

Updates `less` from 4.5.1 to 4.6.4
- [Release notes](https://github.com/less/less.js/releases)
- [Changelog](https://github.com/less/less.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/less/less.js/commits)

Updates `less-loader` from 12.3.0 to 12.3.2
- [Release notes](https://github.com/webpack/less-loader/releases)
- [Changelog](https://github.com/webpack/less-loader/blob/main/CHANGELOG.md)
- [Commits](webpack/less-loader@v12.3.0...v12.3.2)

Updates `webpack` from 5.105.0 to 5.105.4
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.105.0...v5.105.4)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-version: 7.29.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: javascript-dev
- dependency-name: core-js
  dependency-version: 3.49.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: javascript-dev
- dependency-name: less
  dependency-version: 4.6.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: javascript-dev
- dependency-name: less-loader
  dependency-version: 12.3.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: javascript-dev
- dependency-name: webpack
  dependency-version: 5.105.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: javascript-dev
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 31, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants