Skip to content

chore(deps)(deps): bump the npm-production group across 1 directory with 7 updates#1067

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/npm-production-5c2f3dd88a
Open

chore(deps)(deps): bump the npm-production group across 1 directory with 7 updates#1067
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/npm-production-5c2f3dd88a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Bumps the npm-production group with 7 updates in the / directory:

Package From To
tar 7.5.15 7.5.16
lucide-react 0.460.0 0.577.0
ws 8.20.1 8.21.0
web-vitals 5.2.0 5.3.0
@module-federation/rsbuild-plugin 0.9.1 0.24.1
@module-federation/runtime 0.9.1 0.24.1
shaders 2.5.109 2.5.129

Updates tar from 7.5.15 to 7.5.16

Commits

Updates lucide-react from 0.460.0 to 0.577.0

Release notes

Sourced from lucide-react's releases.

Version 0.577.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.576.0...0.577.0

Version 0.576.0

What's Changed

Full Changelog: lucide-icons/lucide@0.575.0...0.576.0

Version 0.575.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.573.0...0.575.0

Version 0.574.0

What's Changed

New Contributors

... (truncated)

Commits
  • f6c0d06 chore(deps): bump rollup from 4.53.3 to 4.59.0 (#4106)
  • 67c0485 feat(scripts): added helper script to automatically update OpenCollective bac...
  • b6ed43d feat(packages): Added aria-hidden fallback for decorative icons to all packag...
  • 076e0bb chore(dependencies): Update dependencies (#3809)
  • 80d6f73 fix(icons): Rename fingerprint icon to fingerprint-pattern (#3767)
  • 1cfb3ff chore(deps-dev): bump vite from 6.3.5 to 6.3.6 (#3611)
  • e71198d chore: icon alias improvements (#2861)
  • 3e644fd chore(scripts): Refactor scripts to typescript (#3316)
  • 19fa01b build(deps-dev): bump vite from 6.3.2 to 6.3.4 (#3181)
  • 03eb862 use implicit return in react package (#2325)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for lucide-react since your current version.


Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

Updates web-vitals from 5.2.0 to 5.3.0

Changelog

Sourced from web-vitals's changelog.

v5.3.0 (2026-05-28)

  • Remove getFirstHiddenTimePolyfill (#729)
  • Fixed issue where the same configuration object to multiple metric functions can result in errors (#731)
  • Add more robust interactionTarget setting for INP (#744)
Commits

Updates @module-federation/rsbuild-plugin from 0.9.1 to 0.24.1

Release notes

Sourced from @​module-federation/rsbuild-plugin's releases.

0.24.1

What's Changed

Bug Fixes 🐞

Document 📖

Full Changelog: module-federation/core@v0.24.0...v0.24.1

Release v0.24.0

What's Changed

New Features 🎉

Bug Fixes 🐞

Document 📖

Other Changes

Full Changelog: module-federation/core@v0.23.0...v0.24.0

0.23.0

What's Changed

New Features 🎉

Bug Fixes 🐞

... (truncated)

Changelog

Sourced from @​module-federation/rsbuild-plugin's changelog.

0.24.1

Patch Changes

  • @​module-federation/node@​2.7.30
  • @​module-federation/enhanced@​0.24.1
  • @​module-federation/sdk@​0.24.1

0.24.0

Patch Changes

  • Updated dependencies [c3c068e]
    • @​module-federation/enhanced@​0.24.0
    • @​module-federation/node@​2.7.29
    • @​module-federation/sdk@​0.24.0

0.23.0

Minor Changes

  • 3aa3cf9: feat(rsbuild-plugin): support build node mf assets

Patch Changes

  • @​module-federation/enhanced@​0.23.0
  • @​module-federation/node@​2.7.28
  • @​module-federation/sdk@​0.23.0

0.22.1

Patch Changes

  • @​module-federation/enhanced@​0.22.1
  • @​module-federation/sdk@​0.22.1
  • @​module-federation/node@​2.7.27

0.22.0

Patch Changes

  • @​module-federation/enhanced@​0.22.0
  • @​module-federation/sdk@​0.22.0
  • @​module-federation/node@​2.7.26

0.21.6

Patch Changes

  • b307ae0: fix(rsbuild-plugin): create different temp filepath to prevent invalid manifest.exposes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​module-federation/rsbuild-plugin since your current version.


Updates @module-federation/runtime from 0.9.1 to 0.24.1

Release notes

Sourced from @​module-federation/runtime's releases.

0.24.1

What's Changed

Bug Fixes 🐞

Document 📖

Full Changelog: module-federation/core@v0.24.0...v0.24.1

Release v0.24.0

What's Changed

New Features 🎉

Bug Fixes 🐞

Document 📖

Other Changes

Full Changelog: module-federation/core@v0.23.0...v0.24.0

0.23.0

What's Changed

New Features 🎉

Bug Fixes 🐞

... (truncated)

Changelog

Sourced from @​module-federation/runtime's changelog.

0.24.1

Patch Changes

  • Updated dependencies [6590738]
    • @​module-federation/runtime-core@​0.24.1
    • @​module-federation/sdk@​0.24.1
    • @​module-federation/error-codes@​0.24.1

0.24.0

Patch Changes

  • @​module-federation/sdk@​0.24.0
  • @​module-federation/error-codes@​0.24.0
  • @​module-federation/runtime-core@​0.24.0

0.23.0

Patch Changes

  • Updated dependencies [3aa3cf9]
    • @​module-federation/runtime-core@​0.23.0
    • @​module-federation/sdk@​0.23.0
    • @​module-federation/error-codes@​0.23.0

0.22.1

Patch Changes

  • @​module-federation/sdk@​0.22.1
  • @​module-federation/error-codes@​0.22.1
  • @​module-federation/runtime-core@​0.22.1

0.22.0

Patch Changes

  • @​module-federation/sdk@​0.22.0
  • @​module-federation/error-codes@​0.22.0
  • @​module-federation/runtime-core@​0.22.0

0.21.6

Patch Changes

  • @​module-federation/sdk@​0.21.6
  • @​module-federation/error-codes@​0.21.6
  • @​module-federation/runtime-core@​0.21.6

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​module-federation/runtime since your current version.


Updates shaders from 2.5.109 to 2.5.129

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps)(deps): bump the npm-production group across 1 directory w…
b77f7cb 
…ith 7 updates

Bumps the npm-production group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [tar](https://github.com/isaacs/node-tar) | `7.5.15` | `7.5.16` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.460.0` | `0.577.0` |
| [ws](https://github.com/websockets/ws) | `8.20.1` | `8.21.0` |
| [web-vitals](https://github.com/GoogleChrome/web-vitals) | `5.2.0` | `5.3.0` |
| [@module-federation/rsbuild-plugin](https://github.com/module-federation/core/tree/HEAD/packages/rsbuild-plugin) | `0.9.1` | `0.24.1` |
| [@module-federation/runtime](https://github.com/module-federation/core/tree/HEAD/packages/runtime) | `0.9.1` | `0.24.1` |
| [shaders](https://shaders.com/) | `2.5.109` | `2.5.129` |



Updates `tar` from 7.5.15 to 7.5.16
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.15...v7.5.16)

Updates `lucide-react` from 0.460.0 to 0.577.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.577.0/packages/lucide-react)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

Updates `web-vitals` from 5.2.0 to 5.3.0
- [Changelog](https://github.com/GoogleChrome/web-vitals/blob/main/CHANGELOG.md)
- [Commits](GoogleChrome/web-vitals@v5.2.0...v5.3.0)

Updates `@module-federation/rsbuild-plugin` from 0.9.1 to 0.24.1
- [Release notes](https://github.com/module-federation/core/releases)
- [Changelog](https://github.com/module-federation/core/blob/main/packages/rsbuild-plugin/CHANGELOG.md)
- [Commits](https://github.com/module-federation/core/commits/v0.24.1/packages/rsbuild-plugin)

Updates `@module-federation/runtime` from 0.9.1 to 0.24.1
- [Release notes](https://github.com/module-federation/core/releases)
- [Changelog](https://github.com/module-federation/core/blob/main/packages/runtime/CHANGELOG.md)
- [Commits](https://github.com/module-federation/core/commits/v0.24.1/packages/runtime)

Updates `shaders` from 2.5.109 to 2.5.129

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: lucide-react
  dependency-version: 0.577.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: web-vitals
  dependency-version: 5.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: "@module-federation/rsbuild-plugin"
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: "@module-federation/runtime"
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: shaders
  dependency-version: 2.5.129
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from jmaionchi as a code owner June 2, 2026 15:16
@dependabot dependabot Bot added area: deps Dependency updates (Dependabot, supply chain) dependencies Pull requests that update a dependency file labels Jun 2, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file area: deps Dependency updates (Dependabot, supply chain) labels Jun 2, 2026
@github-actions github-actions Bot added module:vscode VS Code extension module:ui Chat UI and Dropper UI module:client-typescript labels Jun 2, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 2, 2026

No description provided.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmaionchi jmaionchi Awaiting requested review from jmaionchi jmaionchi is a code owner

@Rod-Christensen Rod-Christensen Awaiting requested review from Rod-Christensen Rod-Christensen is a code owner

@stepmikhaylov stepmikhaylov Awaiting requested review from stepmikhaylov stepmikhaylov is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area: deps Dependency updates (Dependabot, supply chain) dependencies Pull requests that update a dependency file module:client-typescript module:ui Chat UI and Dropper UI module:vscode VS Code extension

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants