Skip to content

Bump the npm_and_yarn group across 1 directory with 5 updates#178

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-2aa4465945
Open

Bump the npm_and_yarn group across 1 directory with 5 updates#178
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-2aa4465945

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
@babel/plugin-transform-modules-systemjs 7.29.0 7.29.7
launch-editor 2.13.2 2.14.1
qs 6.14.2 6.15.3
webpack-dev-server 5.2.3 6.0.0
ws 7.5.10 7.5.11

Updates @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.7

Release notes

Sourced from @​babel/plugin-transform-modules-systemjs's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

Committers: 3

v7.29.5 (2026-05-05)

🏠 Internal

  • babel-preset-env
    • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

  • babel-plugin-transform-modules-systemjs
    • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

  • babel-parser

... (truncated)

Commits

Updates launch-editor from 2.13.2 to 2.14.1

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for launch-editor since your current version.


Updates qs from 6.14.2 to 6.15.3

Changelog

Sourced from qs's changelog.

6.15.3

  • [Fix] parse: enforce throwOnLimitExceeded for cumulative array growth via combine/merge
  • [Fix] utils: respect encoding of surrogate pairs across chunks (#559)
  • [Robustness] parse: throw the arrayLimit error before splitting oversized comma values
  • [Robustness] utils.merge / utils.assign: avoid invoking __proto__ setter when copying own properties
  • [Robustness] utils: enforce arrayLimit consistently across merge's array paths
  • [Perf] utils: make compact O(n) via a side-channel visited-set instead of Array.indexOf
  • [Deps] update side-channel
  • [Dev Deps] update eslint, mock-property, tape
  • [Tests] parse: characterize current lenient handling of unbalanced bracket keys (#558)

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

  • [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
  • [Deps] update @ljharb/eslint-config
  • [Dev Deps] update @ljharb/eslint-config, iconv-lite
  • [Tests] increase coverage

6.15.0

  • [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
  • [Fix] duplicates option should not apply to bracket notation keys (#514)
Commits
  • 18d085e v6.15.3
  • c38af42 [Deps] update side-channel
  • adce539 [Dev Deps] update eslint, mock-property, tape
  • 74a0f6a [Robustness] utils: enforce arrayLimit consistently across merge's arra...
  • f4938f5 [Tests] parse: characterize current lenient handling of unbalanced bracket ...
  • 5d5f723 [Perf] utils: make compact O(n) via a side-channel visited-set instead of...
  • 52afe00 [Robustness] parse: throw the arrayLimit error before splitting oversized...
  • 963e538 [Fix] parse: enforce throwOnLimitExceeded for cumulative array growth via...
  • 59da434 [Fix] utils: respect encoding of surrogate pairs across chunks
  • 9532969 [Robustness] utils.merge / utils.assign: avoid invoking __proto__ sette...
  • Additional commits viewable in compare view

Updates webpack-dev-server from 5.2.3 to 6.0.0

Release notes

Sourced from webpack-dev-server's releases.

v6.0.0

Major Changes

  • Bump Express to v5. See the Express 5 migration guide for the full list of breaking changes. (by @​bjohansebas in #5674)

  • Bump the webpack peer dependency range from ^5.0.0 to ^5.101.0. (by @​bjohansebas in #5674)

  • Drop support for Node.js < 22.15.0. (by @​bjohansebas in #5674)

  • Convert the source to native ES modules. The package keeps "type": "module" and now exposes both an ESM and a CommonJS build via the exports field: ESM consumers import the native lib/, while CommonJS consumers require() a transpiled dist/ build — so the package works from both ESM and CommonJS, including environments where require(ESM) is not supported. (by @​bjohansebas in #5674)

  • Remove CLI flags. Use the serve command from webpack-cli together with a configuration file or the programmatic API instead. (by @​bjohansebas in #5674)

  • Remove the internalIP and internalIPSync static methods from Server. Resolve the local IP yourself if you need it. (by @​bjohansebas in #5674)

  • Remove the bypass option from proxy configuration. Use the router or context options provided by http-proxy-middleware instead. (by @​bjohansebas in #5674)

  • Remove SockJS support. The webSocketServer option no longer accepts "sockjs"; use the default "ws" transport instead. (by @​bjohansebas in #5674)

  • Remove the spdy dependency. Use the built-in node:http2 module via the server option for HTTP/2 support. (by @​bjohansebas in #5674)

  • Update http-proxy-middleware to v4. See the http-proxy-middleware v3 release notes and v4 release notes for the full list of breaking changes. (by @​bjohansebas in #5674)

  • Update webpack-dev-middleware to v8 and sync originalUrl for middleware compatibility. server.middleware.getFilenameFromUrl() is now asynchronous and resolves to { filename, extra: { stats, outputFileSystem } }. See the webpack-dev-middleware v8 release notes for details. (by @​bjohansebas in #5674)

Minor Changes

  • Add plugin support. webpack-dev-server can now be used as a webpack plugin, integrating with the compiler lifecycle without explicitly passing a compiler, preventing multiple server starts on recompilation, ensuring clean shutdown, and supporting MultiCompiler setups with multiple independent plugin servers. (by @​bjohansebas in #5674)

  • Enable the compression middleware for HTTP/2 connections. (by @​bjohansebas in #5674)

  • Remove the colorette dependency in favor of native ANSI styling. (by @​bjohansebas in #5674)

  • Update chokidar to v5 and extend watchFiles.options.ignored to support glob string patterns via tinyglobby. (by @​bjohansebas in #5674)

  • Use compiler.platform to determine the target environment instead of inspecting the resolved target string. Universal targets ("universal" or ["web", "node"], where compiler.platform.universal is true since webpack 5.108.0) are treated as web targets so the client runtime is injected. (by @​bjohansebas in #5674)

  • Use the WHATWG URL API instead of the deprecated url.parse. (by @​bjohansebas in #5674)

Patch Changes

  • Bump production dependencies, notably open to v11 and p-retry to v8. (by @​bjohansebas in #5674)

  • Reject cross-site requests to the internal open-editor and invalidate endpoints. They performed state-changing actions (opening a file in the editor, forcing a recompilation) on any GET request, so a page the developer visited could trigger them. They now require a same-origin request, validated via Sec-Fetch-Site with an Origin/Host fallback. (by @​bjohansebas in #5691)

  • Treat loopback aliases (127.0.0.1, ::1, localhost) as equivalent in isSameOrigin so the WebSocket client does not reject valid same-origin connections. (by @​bjohansebas in #5674)

  • Migrate the test suite from Jest to node:test and set up the jsdom environment. (by @​bjohansebas in #5674)

  • Update webpack-cli to v7.0.2. (by @​bjohansebas in #5674)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

6.0.0

Major Changes

  • Bump Express to v5. See the Express 5 migration guide for the full list of breaking changes. (by @​bjohansebas in #5674)

  • Bump the webpack peer dependency range from ^5.0.0 to ^5.101.0. (by @​bjohansebas in #5674)

  • Drop support for Node.js < 22.15.0. (by @​bjohansebas in #5674)

  • Convert the source to native ES modules. The package keeps "type": "module" and now exposes both an ESM and a CommonJS build via the exports field: ESM consumers import the native lib/, while CommonJS consumers require() a transpiled dist/ build — so the package works from both ESM and CommonJS, including environments where require(ESM) is not supported. (by @​bjohansebas in #5674)

  • Remove CLI flags. Use the serve command from webpack-cli together with a configuration file or the programmatic API instead. (by @​bjohansebas in #5674)

  • Remove the internalIP and internalIPSync static methods from Server. Resolve the local IP yourself if you need it. (by @​bjohansebas in #5674)

  • Remove the bypass option from proxy configuration. Use the router or context options provided by http-proxy-middleware instead. (by @​bjohansebas in #5674)

  • Remove SockJS support. The webSocketServer option no longer accepts "sockjs"; use the default "ws" transport instead. (by @​bjohansebas in #5674)

  • Remove the spdy dependency. Use the built-in node:http2 module via the server option for HTTP/2 support. (by @​bjohansebas in #5674)

  • Update http-proxy-middleware to v4. See the http-proxy-middleware v3 release notes and v4 release notes for the full list of breaking changes. (by @​bjohansebas in #5674)

  • Update webpack-dev-middleware to v8 and sync originalUrl for middleware compatibility. server.middleware.getFilenameFromUrl() is now asynchronous and resolves to { filename, extra: { stats, outputFileSystem } }. See the webpack-dev-middleware v8 release notes for details. (by @​bjohansebas in #5674)

Minor Changes

  • Add plugin support. webpack-dev-server can now be used as a webpack plugin, integrating with the compiler lifecycle without explicitly passing a compiler, preventing multiple server starts on recompilation, ensuring clean shutdown, and supporting MultiCompiler setups with multiple independent plugin servers. (by @​bjohansebas in #5674)

  • Enable the compression middleware for HTTP/2 connections. (by @​bjohansebas in #5674)

  • Remove the colorette dependency in favor of native ANSI styling. (by @​bjohansebas in #5674)

  • Update chokidar to v5 and extend watchFiles.options.ignored to support glob string patterns via tinyglobby. (by @​bjohansebas in #5674)

  • Use compiler.platform to determine the target environment instead of inspecting the resolved target string. Universal targets ("universal" or ["web", "node"], where compiler.platform.universal is true since webpack 5.108.0) are treated as web targets so the client runtime is injected. (by @​bjohansebas in #5674)

  • Use the WHATWG URL API instead of the deprecated url.parse. (by @​bjohansebas in #5674)

Patch Changes

  • Bump production dependencies, notably open to v11 and p-retry to v8. (by @​bjohansebas in #5674)

  • Reject cross-site requests to the internal open-editor and invalidate endpoints. They performed state-changing actions (opening a file in the editor, forcing a recompilation) on any GET request, so a page the developer visited could trigger them. They now require a same-origin request, validated via Sec-Fetch-Site with an Origin/Host fallback. (by @​bjohansebas in #5691)

  • Treat loopback aliases (127.0.0.1, ::1, localhost) as equivalent in isSameOrigin so the WebSocket client does not reject valid same-origin connections. (by @​bjohansebas in #5674)

  • Migrate the test suite from Jest to node:test and set up the jsdom environment. (by @​bjohansebas in #5674)

... (truncated)

Commits
  • 05cb792 chore(release): new release (#5692)
  • a451839 fix: handle middleware teardown in plugin mode (#5703)
  • c2d23a7 fix: load ESM-only dependencies with native import() in the CommonJS build (#...
  • ba54764 fix: reject cross-site requests to open-editor and invalidate endpoints (#5691)
  • 2b369b3 fixup!
  • 08a0ea7 fix: ensure undefined options default to an empty object in Server constructor
  • 797b9e7 fix: handle undefined options in Server constructor
  • e90221c feat: plugin support (#5650)
  • 4c351e1 feat: support universal platform as a web target (#5690)
  • 2236aa4 chore: update http-proxy-middleware to version 4.1.1 and add tests for pathRe...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-server since your current version.


Updates ws from 7.5.10 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.29.0` | `7.29.7` |
| [launch-editor](https://github.com/vitejs/launch-editor) | `2.13.2` | `2.14.1` |
| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.3` |
| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.3` | `6.0.0` |
| [ws](https://github.com/websockets/ws) | `7.5.10` | `7.5.11` |



Updates `@babel/plugin-transform-modules-systemjs` from 7.29.0 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs)

Updates `launch-editor` from 2.13.2 to 2.14.1
- [Commits](vitejs/launch-editor@v2.13.2...v2.14.1)

Updates `qs` from 6.14.2 to 6.15.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.2...v6.15.3)

Updates `webpack-dev-server` from 5.2.3 to 6.0.0
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.3...v6.0.0)

Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: launch-editor
  dependency-version: 2.14.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-server
  dependency-version: 6.0.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 3, 2026
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 3, 2026
@dependabot dependabot Bot requested review from camio, ednolan and inbal2l as code owners July 3, 2026 09:41
@dependabot dependabot Bot added the javascript Pull requests that update javascript code label Jul 3, 2026
@netlify

netlify Bot commented Jul 3, 2026

Copy link
Copy Markdown

Deploy Preview for bemanproject failed.

Name Link
🔨 Latest commit 2485107
🔍 Latest deploy log https://app.netlify.com/projects/bemanproject/deploys/6a4783e6d23ed2000833b3e0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants