Skip to content

build(deps): bump the npm_and_yarn group across 1 directory with 11 updates#191

Open
dependabot[bot] wants to merge 1 commit intomv3-vuefrom
dependabot/npm_and_yarn/npm_and_yarn-cc4cbcd5d2
Open

build(deps): bump the npm_and_yarn group across 1 directory with 11 updates#191
dependabot[bot] wants to merge 1 commit intomv3-vuefrom
dependabot/npm_and_yarn/npm_and_yarn-cc4cbcd5d2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 10, 2026

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package From To
@mozilla/readability 0.5.0 0.6.0
lodash 4.17.21 4.17.23
vue-i18n 11.0.1 11.2.8
vite 6.0.7 6.4.1
@babel/helpers 7.23.7 7.28.6
@eslint/plugin-kit 0.2.4 0.2.8
ajv 6.12.6 6.14.0
brace-expansion 1.1.11 1.1.12
js-yaml 4.1.0 4.1.1
nanoid 3.3.7 3.3.11
node-forge 1.3.1 1.3.3

Updates @mozilla/readability from 0.5.0 to 0.6.0

Changelog

Sourced from @​mozilla/readability's changelog.

[0.6.0] - 2025-03-03

Commits

Updates lodash from 4.17.21 to 4.17.23

Commits

Updates vue-i18n from 11.0.1 to 11.2.8

Release notes

Sourced from vue-i18n's releases.

v11.2.8

Full Changelog: intlify/vue-i18n@v11.2.7...v11.2.8

v11.2.7

Full Changelog: intlify/vue-i18n@v11.2.6...v11.2.7

v11.2.6

Full Changelog: intlify/vue-i18n@v11.2.5...v11.2.6

v11.2.5

Full Changelog: intlify/vue-i18n@v11.2.4...v11.2.5

v11.2.4

Full Changelog: intlify/vue-i18n@v11.2.3...v11.2.4

v11.2.3

What's Changed

⚡ Improvement Features

Full Changelog: intlify/vue-i18n@v11.2.2...v11.2.3

v11.2.2

What's Changed

🐛 Bug Fixes

... (truncated)

Changelog

Sourced from vue-i18n's changelog.

v12.0.0-alpha.3 (2025-07-02T15:15:01Z)

This changelog is generated by GitHub Releases

What's Changed

🌟 Features

🐛 Bug Fixes

💥 Breaking Changes

⚡ Improvement Features

📝️ Documentations

🍭 Examples

New Contributors

Full Changelog: intlify/vue-i18n@v12.0.0-alpha.2...v12.0.0-alpha.3

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vue-i18n since your current version.


Updates vite from 6.0.7 to 6.4.1

Release notes

Sourced from vite's releases.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

v6.3.5

Please refer to CHANGELOG.md for details.

v6.3.4

Please refer to CHANGELOG.md for details.

v6.3.3

Please refer to CHANGELOG.md for details.

v6.2.7

Please refer to CHANGELOG.md for details.

v6.1.6

Please refer to CHANGELOG.md for details.

plugin-legacy@6.1.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.0-beta.18 (2026-03-09)

Bug Fixes

Code Refactoring

  • don't add optimization.inlineConst: { mode: 'smart' } as it's enabled by default (#21794) (22b3d11)

8.0.0-beta.17 (2026-03-09)

Features

  • css: support es2025 build target for lightningcss (#21769) (08906e7)
  • forward browser console logs and errors to dev server terminal (#20916) (2540ed0)
  • update rolldown to 1.0.0-rc.8 (#21790) (a0c950e)

Bug Fixes

  • css: apply server.origin to public file URLs in CSS (fix #18457) (#21697) (c967f48)
  • deps: update all non-major dependencies (#21732) (5c921ca)
  • dev: disable extglobs for consistency (#21745) (1958eeb)
  • lib: keep annotation comments for es output (#21740) (dd3c4f4)
  • optimizer: avoid error happening with a package with asset entrypoint (#21766) (f7e1d07)
  • ssr: throw friendly error when calling ssrLoadModule with non-runnable ssr env (#21739) (1fa736e)
  • types: remove extends ImportMeta from ModuleRunnerImportMeta (#21710) (0176d45)
  • wasm: reset assetUrlRE.lastIndex before .test() in SSR builds (#21780) (3a0d8d9)

Miscellaneous Chores

Code Refactoring

  • enable some native plugins even with enable native plugin false (#21744) (fc46c79)

Tests

  • ssr: incorrect handleInvoke was called in server-worker-runner.invoke test (#21751) (b95ca22)

8.0.0-beta.16 (2026-02-27)

Features

Bug Fixes

... (truncated)

Commits
  • a7349ef release: v6.3.1
  • a152b7c fix: backward compat for internal plugin transform calls (#19878)
  • 35c7f35 fix: avoid using Promise.allSettled in preload function (#19805)
  • 5fdcfe7 release: v6.3.0
  • d4ee5e8 fix(hmr): avoid infinite loop happening with hot.invalidate in circular dep...
  • 5003434 fix(preview): use host url to open browser (#19836)
  • bf9728e release: v6.3.0-beta.2
  • 380c10e fix(hmr): run HMR handler sequentially (#19793)
  • 8bed1de fix: addWatchFile doesn't work if base is specified (fixes #19792) (#19794)
  • 0a0c50a refactor: simplify pluginFilter implementation (#19828)
  • Additional commits viewable in compare view

Updates @babel/helpers from 7.23.7 to 7.28.6

Release notes

Sourced from @​babel/helpers's releases.

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

  • babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • babel-plugin-transform-regenerator
  • babel-plugin-transform-react-jsx

💅 Polish

  • babel-core, babel-standalone

🏠 Internal

  • babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

🏃‍♀️ Performance

  • babel-plugin-transform-react-jsx

Committers: 7

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

🐛 Bug Fix

  • babel-plugin-proposal-destructuring-private
  • babel-parser
  • babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/helpers since your current version.


Updates @eslint/plugin-kit from 0.2.4 to 0.2.8

Release notes

Sourced from @​eslint/plugin-kit's releases.

plugin-kit: v0.2.8

0.2.8 (2025-04-01)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.12.0 to ^0.13.0

plugin-kit: v0.2.7

0.2.7 (2025-02-21)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.11.0 to ^0.12.0

plugin-kit: v0.2.6

0.2.6 (2025-01-31)

Bug Fixes

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.10.0 to ^0.11.0

plugin-kit: v0.2.5

0.2.5 (2025-01-09)

Bug Fixes

  • make plugin-kit types usable in CommonJS (#143) (f77ba17)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.9.1 to ^0.10.0
Changelog

Sourced from @​eslint/plugin-kit's changelog.

0.2.8 (2025-04-01)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.12.0 to ^0.13.0

0.2.7 (2025-02-21)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.11.0 to ^0.12.0

0.2.6 (2025-01-31)

Bug Fixes

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.10.0 to ^0.11.0

0.2.5 (2025-01-09)

Bug Fixes

  • make plugin-kit types usable in CommonJS (#143) (f77ba17)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.9.1 to ^0.10.0
Commits

Updates ajv from 6.12.6 to 6.14.0

Commits

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates nanoid from 3.3.7 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

  • Fixed React Native support.

3.3.10

3.3.9

  • Reduced npm package size.
Changelog

Sourced from nanoid's changelog.

3.3.11

  • Fixed React Native support.

3.3.10

3.3.9

  • Reduced npm package size.

3.3.8

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).
Commits

Updates node-forge from 1.3.1 to 1.3.3

Changelog

Sourced from node-forge's changelog.

1.3.3 - 2025-12-02

Fixed

  • [pkcs12] Make digestAlgorithm parameters optional to fix PKCS#12/PFX issues introduced in 1.3.2.

1.3.2 - 2025-11-25

Security

  • HIGH: ASN.1 Validator Desynchronization
    • An Interpretation Conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.
    • Reported by Hunter Wodzenski.
    • CVE ID: CVE-2025-12816
    • GHSA ID: GHSA-5gfm-wpxj-wjgq
  • HIGH: ASN.1 Unbounded Recursion
    • An Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.
    • Reported by Hunter Wodzenski.
    • CVE ID: CVE-2025-66031
    • GHSA ID: GHSA-554w-wpv2-vw27
  • MODERATE: ASN.1 OID Integer Truncation
    • An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions.
    • Reported by Hunter Wodzenski.
    • CVE ID: CVE-2025-66030
    • GHSA ID: GHSA-65ch-62r8-g69g

Fixed

  • [asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12 MAC verification bypass due to missing macData enforcement and improper asn1.validate routine.
  • [asn1] Add fromDer() max recursion depth check.
    • Add a asn1.maxDepth global configurable maximum depth of 256.
    • Add a asn1.fromDer() per-call maxDepth option.
    • NOTE: The default maximum is assumed to be higher than needed for valid data. If this assumption is false then this could be a breaking change. Please file an issue if there are use cases that need a higher maximum.
    • NOTE: The per-call maxDepth parameter has not been exposed up through all of the API stack due to the complexities involved. Please file an issue if there are use cases that require this instead of changing the default

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 11 u…
055225b 
…pdates

Bumps the npm_and_yarn group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@mozilla/readability](https://github.com/mozilla/readability) | `0.5.0` | `0.6.0` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |
| [vue-i18n](https://github.com/intlify/vue-i18n/tree/HEAD/packages/vue-i18n) | `11.0.1` | `11.2.8` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.0.7` | `6.4.1` |
| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.23.7` | `7.28.6` |
| [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit) | `0.2.4` | `0.2.8` |
| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |
| [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` |
| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.3.3` |



Updates `@mozilla/readability` from 0.5.0 to 0.6.0
- [Changelog](https://github.com/mozilla/readability/blob/main/CHANGELOG.md)
- [Commits](mozilla/readability@0.5.0...0.6.0)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `vue-i18n` from 11.0.1 to 11.2.8
- [Release notes](https://github.com/intlify/vue-i18n/releases)
- [Changelog](https://github.com/intlify/vue-i18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/intlify/vue-i18n/commits/v11.2.8/packages/vue-i18n)

Updates `vite` from 6.0.7 to 6.4.1
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@6.4.1/packages/vite)

Updates `@babel/helpers` from 7.23.7 to 7.28.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-helpers)

Updates `@eslint/plugin-kit` from 0.2.4 to 0.2.8
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.2.8/packages/plugin-kit)

Updates `ajv` from 6.12.6 to 6.14.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v6.12.6...v6.14.0)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `nanoid` from 3.3.7 to 3.3.11
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.3.7...3.3.11)

Updates `node-forge` from 1.3.1 to 1.3.3
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.3.3)

---
updated-dependencies:
- dependency-name: "@mozilla/readability"
  dependency-version: 0.6.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vue-i18n
  dependency-version: 11.2.8
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.4.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/helpers"
  dependency-version: 7.28.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@eslint/plugin-kit"
  dependency-version: 0.2.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ajv
  dependency-version: 6.14.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-version: 3.3.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.3.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants