Skip to content

chore(deps): bump the npm-dependencies group across 1 directory with 6 updates#141

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-8cf2eb6bfe
Closed

chore(deps): bump the npm-dependencies group across 1 directory with 6 updates#141
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-8cf2eb6bfe

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 29, 2026
edited
Loading

Bumps the npm-dependencies group with 6 updates in the / directory:

Package From To
@types/node 25.9.0 25.9.1
typescript-eslint 8.59.4 8.60.0
ws 8.20.1 8.21.0
katex 0.16.47 0.17.0
markdown-it 14.1.1 14.2.0
markdown-it-attrs 4.3.1 4.5.0

Updates @types/node from 25.9.0 to 25.9.1

Commits

Updates typescript-eslint from 8.59.4 to 8.60.0

Release notes

Sourced from typescript-eslint's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.60.0 (2026-05-25)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

Updates katex from 0.16.47 to 0.17.0

Release notes

Sourced from katex's releases.

v0.17.0

0.17.0 (2026-05-22)

Performance Improvements

  • simplify defineFunction to avoid destructuring, improve typing (#4222) (fb604e6)

BREAKING CHANGES

  • The internal API for __defineFunction changed: you should no longer wrap properties in props.
Changelog

Sourced from katex's changelog.

0.17.0 (2026-05-22)

Performance Improvements

  • simplify defineFunction to avoid destructuring, improve typing (#4222) (fb604e6)

BREAKING CHANGES

  • The internal API for __defineFunction changed: you should no longer wrap properties in props.
Commits
  • 3dec549 chore(release): 0.17.0 [ci skip]
  • fb604e6 perf: simplify defineFunction to avoid destructuring, improve typing (#4222)
  • 6caa636 refactor: tighten ParseNode types (#4219)
  • afed784 docs: make first supportive organizations logos bigger (#4216)
  • b02d9ac chore(deps): update dependency webpack-dev-server to v5.2.4 [security] (#4220)
  • See full diff in compare view

Updates markdown-it from 14.1.1 to 14.2.0

Changelog

Sourced from markdown-it's changelog.

[14.2.0] - 2026-05-24

Added

  • isPunctCharCode to utilities.

Fixed

  • Don't end HTML comment blocks on a blank line, #1155.
  • Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
  • Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
  • More strict entities decode to avoid false positives ;, #1096.
  • Restore block parser state on fail in lheading rule, #1131.

Security

  • Fixed poor smartquotes perfomance on > 70k quotes in single block
  • Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.
Commits

Updates markdown-it-attrs from 4.3.1 to 4.5.0

Release notes

Sourced from markdown-it-attrs's releases.

v4.5.0

What's Changed

Full Changelog: arve0/markdown-it-attrs@v4.4.0...v4.5.0

v4.4.0

What's Changed

New Contributors

Full Changelog: arve0/markdown-it-attrs@v4.3.2...v4.4.0

v4.3.2

What's Changed

New Contributors

Full Changelog: arve0/markdown-it-attrs@v4.3.1...v4.3.2

Commits
  • 4f2a6b4 4.5.0
  • 038f2f2 Address code review: add depth comment, rename hash to anchorSymbol
  • 61a4c64 Fix end-of-block pattern to handle heading attrs with trailing navigation tokens
  • a244fd3 Initial plan for fixing heading attrs with trailing navigation tokens
  • 6d3c7f3 Update CI triggers and bump workflow actions
  • 2a2c8e0 Add minimal GITHUB_TOKEN permissions to CI workflow
  • 8a9f96f Update CI matrix to Linux and Node 22/24/26
  • 3089651 test: reproducible for issue #111
  • 43b35cd Add first-party TypeScript type definitions and test
  • e5eef3e initial plan
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the npm-dependencies group across 1 directory with …
eac4e73 
…6 updates

Bumps the npm-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.0` | `25.9.1` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.59.4` | `8.60.0` |
| [ws](https://github.com/websockets/ws) | `8.20.1` | `8.21.0` |
| [katex](https://github.com/KaTeX/KaTeX) | `0.16.47` | `0.17.0` |
| [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.1` | `14.2.0` |
| [markdown-it-attrs](https://github.com/arve0/markdown-it-attrs) | `4.3.1` | `4.5.0` |



Updates `@types/node` from 25.9.0 to 25.9.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `typescript-eslint` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/typescript-eslint)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

Updates `katex` from 0.16.47 to 0.17.0
- [Release notes](https://github.com/KaTeX/KaTeX/releases)
- [Changelog](https://github.com/KaTeX/KaTeX/blob/main/CHANGELOG.md)
- [Commits](KaTeX/KaTeX@v0.16.47...v0.17.0)

Updates `markdown-it` from 14.1.1 to 14.2.0
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@14.1.1...14.2.0)

Updates `markdown-it-attrs` from 4.3.1 to 4.5.0
- [Release notes](https://github.com/arve0/markdown-it-attrs/releases)
- [Commits](arve0/markdown-it-attrs@v4.3.1...v4.5.0)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.9.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: typescript-eslint
  dependency-version: 8.60.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: katex
  dependency-version: 0.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: markdown-it
  dependency-version: 14.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: markdown-it-attrs
  dependency-version: 4.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added Dependencies Pull requests that update a dependency file Javascript Pull requests that update javascript code labels May 29, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 30, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 30, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm-dependencies-8cf2eb6bfe branch May 30, 2026 05:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file Javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants