Skip to content

chore(deps): bump the compatible group across 1 directory with 5 updates#73

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/compatible-674ddc00df
Closed

chore(deps): bump the compatible group across 1 directory with 5 updates#73
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/compatible-674ddc00df

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 27, 2026
edited
Loading

Bumps the compatible group with 5 updates in the / directory:

Package From To
@modelcontextprotocol/sdk 1.27.1 1.28.0
jsdom 24.1.3 29.0.1
pino 9.14.0 10.3.1
@types/diff 7.0.2 8.0.0
typescript 5.9.3 6.0.2

Updates @modelcontextprotocol/sdk from 1.27.1 to 1.28.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.28.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

Commits
  • a056569 chore: bump version to 1.28.0 (#1746)
  • 897bc25 fix(server/auth): RFC 8252 loopback port relaxation (#1738)
  • 398dc70 fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller c...
  • 93640d3 fix: reject plain JSON Schema objects passed as inputSchema (#1596)
  • 4cbcec0 [v1.x backport] Default to client_secret_basic when server omits token_endpoi...
  • c9b58d1 feat: use scopes_supported from resource metadata by default (fixes #580) (#757)
  • 351e124 docs: add links to hosted V1 and V2 API reference docs
  • See full diff in compare view

Updates jsdom from 24.1.3 to 29.0.1

Release notes

Sourced from jsdom's releases.

v29.0.1

  • Fixed CSS parsing of border, background, and their sub-shorthands containing keywords or var(). (@​asamuzaK)
  • Fixed getComputedStyle() to return a more functional CSSStyleDeclaration object, including indexed access support, which regressed in v29.0.0.

v29.0.0

Breaking changes:

  • Node.js v22.13.0+ is now the minimum supported v22 version (was v22.12.0+).

Other changes:

  • Overhauled the CSSOM implementation, replacing the @acemir/cssom and cssstyle dependencies with fresh internal implementations built on webidl2js wrappers and the css-tree parser. Serialization, parsing, and API behavior is improved in various ways, especially around edge cases.
  • Added CSSCounterStyleRule and CSSNamespaceRule to jsdom Windows.
  • Added cssMediaRule.matches and cssSupportsRule.matches getters.
  • Added proper media query parsing in MediaList, using css-tree instead of naive comma-splitting. Invalid queries become "not all" per spec.
  • Added cssKeyframeRule.keyText getter/setter validation.
  • Added cssStyleRule.selectorText setter validation: invalid selectors are now rejected.
  • Added styleSheet.ownerNode, styleSheet.href, and styleSheet.title.
  • Added bad port blocking per the fetch specification, preventing fetches to commonly-abused ports.
  • Improved Document initialization performance by lazily initializing the CSS selector engine, avoiding ~0.5 ms of overhead per Document. (@​thypon)
  • Fixed a memory leak when stylesheets were removed from the document.
  • Fixed CSSStyleDeclaration modifications to properly trigger custom element reactions.
  • Fixed nested @media rule parsing.
  • Fixed CSSStyleSheet's "disallow modification" flag not being checked in all mutation methods.
  • Fixed XMLHttpRequest's response getter returning parsed JSON during the LOADING state instead of null.
  • Fixed getComputedStyle() crashing in XHTML documents when stylesheets contained at-rules such as @page or @font-face.
  • Fixed a potential hang in synchronous XMLHttpRequest caused by a race condition with the worker thread's idle timeout.

v28.1.0

  • Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
  • Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (@​asamuzaK)
  • Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
  • Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
  • Fixed getComputedStyle() to correctly handle !important priority. (@​asamuzaK)
  • Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
  • Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
  • Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
  • Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
  • Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.

v28.0.0

  • Overhauled resource loading customization. See the new README for details on the new API.
  • Added MIME type sniffing to <iframe> and <frame> loads.
  • Regression: WebSockets are no longer correctly throttled to one connection per origin. This is a result of the bug at nodejs/undici#4743.
  • Fixed decoding of the query components of <a> and <area> elements in non-UTF-8 documents.
  • Fixed XMLHttpRequest fetches and WebSocket upgrade requests to be interceptable by the new customizable resource loading. (Except synchronous XMLHttpRequests.)
  • Fixed the referrer of a document to be set correctly when redirects are involved; it is now the initiating page, not the last hop in the redirect chain.
  • Fixed correctness bugs when passing ArrayBuffers or typed arrays to various APIs, where they would not correctly snapshot the data.
  • Fixed require("url").parse() deprecation warning when using WebSockets.
  • Fixed <iframe>, <frame>, and <img> (when canvas is installed) to fire load events, not error events, on non-OK HTTP responses.

... (truncated)

Commits
  • 34c7d6e 29.0.1
  • 8ffc811 Add benchmark for computed style property access
  • 5f2434c Update dependencies and dev dependencies
  • 1e8a7ff Handle global keywords in CSS shorthand property handlers
  • 0b79509 Wrap getComputedStyle return value for proper indexed access
  • d589a8e Fix border shorthand parsing
  • e528859 Modernize release infrastructure
  • 00522ce Version 29.0.0
  • a217975 Use undici's request() API for XHR dispatching
  • f29722d Convert CSSStyleDeclaration to webidl2js
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for jsdom since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates pino from 9.14.0 to 10.3.1

Release notes

Sourced from pino's releases.

v10.3.1

What's Changed

Full Changelog: pinojs/pino@v10.3.0...v10.3.1

v10.3.0

What's Changed

Full Changelog: pinojs/pino@v10.2.1...v10.3.0

v10.2.1

What's Changed

Full Changelog: pinojs/pino@v10.2.0...v10.2.1

v10.2.0

What's Changed

New Contributors

Full Changelog: pinojs/pino@v10.1.1...v10.2.0

v10.1.1

What's Changed

... (truncated)

Commits
  • 6b34498 Bumped v10.3.1
  • f1203e6 fix(transport): sanitize invalid NODE_OPTIONS preloads for workers (#2391)
  • 6a8e598 docs: clarify transport level filtering behavior (#2390)
  • 49a4807 Merge branch 'main' of github.com:pinojs/pino
  • 960bbbb build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 (#2386)
  • e2a5b4a build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#2385)
  • 04859e2 chore: update gitignore for ai assistant files
  • d6adf03 Bumped v10.3.0
  • 06d55b1 feat: set worker thread name for transport identification (#2380)
  • a728702 fix: fix multistream().clone() return type (#2377)
  • Additional commits viewable in compare view

Updates @types/diff from 7.0.2 to 8.0.0

Commits

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the compatible group across 1 directory with 5 updates
f8216b1 
Bumps the compatible group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.27.1` | `1.28.0` |
| [jsdom](https://github.com/jsdom/jsdom) | `24.1.3` | `29.0.1` |
| [pino](https://github.com/pinojs/pino) | `9.14.0` | `10.3.1` |
| [@types/diff](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/diff) | `7.0.2` | `8.0.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.2` |



Updates `@modelcontextprotocol/sdk` from 1.27.1 to 1.28.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0)

Updates `jsdom` from 24.1.3 to 29.0.1
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Commits](jsdom/jsdom@v24.1.3...v29.0.1)

Updates `pino` from 9.14.0 to 10.3.1
- [Release notes](https://github.com/pinojs/pino/releases)
- [Commits](pinojs/pino@v9.14.0...v10.3.1)

Updates `@types/diff` from 7.0.2 to 8.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/diff)

Updates `typescript` from 5.9.3 to 6.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.2)

---
updated-dependencies:
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: compatible
- dependency-name: jsdom
  dependency-version: 29.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: compatible
- dependency-name: pino
  dependency-version: 10.3.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: compatible
- dependency-name: "@types/diff"
  dependency-version: 8.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: compatible
- dependency-name: typescript
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: compatible
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 27, 2026
This was referenced Mar 27, 2026
Closed
Closed
Closed
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 27, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 27, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/compatible-674ddc00df branch March 27, 2026 14:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants