chore(deps): bump the npm_and_yarn group across 2 directories with 24 updates#7
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
… updates Bumps the npm_and_yarn group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [react-native](https://github.com/facebook/react-native/tree/HEAD/packages/react-native) | `0.61.5` | `0.69.12` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.16` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.15.0` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [serve-static](https://github.com/expressjs/serve-static) | `1.15.0` | `1.16.3` | Bumps the npm_and_yarn group with 16 updates in the /Example directory: | Package | From | To | | --- | --- | --- | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.15.3` | `7.29.7` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.15.0` | `7.29.7` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.16` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.15.0` | | [json5](https://github.com/json5/json5) | `2.2.0` | `2.2.3` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [react-devtools-core](https://github.com/facebook/react/tree/HEAD/packages/react-devtools-core) | `4.15.0` | `4.28.5` | | [serve-static](https://github.com/expressjs/serve-static) | `1.14.1` | `1.16.3` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.7` | `4.7.9` | | [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` | | [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` | | [nanoid](https://github.com/ai/nanoid) | `3.1.25` | `3.3.15` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.0` | `2.3.2` | | [url-parse](https://github.com/unshiftio/url-parse) | `1.5.3` | `1.5.10` | Updates `react-native` from 0.61.5 to 0.69.12 - [Release notes](https://github.com/facebook/react-native/releases) - [Changelog](https://github.com/react/react-native/blob/main/CHANGELOG-0.6x.md) - [Commits](https://github.com/facebook/react-native/commits/v0.69.12/packages/react-native) Updates `@babel/core` from 7.18.9 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core) Updates `@babel/helpers` from 7.18.9 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-helpers) Updates `brace-expansion` from 1.1.11 to 1.1.16 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.16) Updates `cross-spawn` from 5.1.0 to 6.0.5 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@5.1.0...v6.0.5) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `hermes-engine` from 0.2.1 to 0.11.0 - [Release notes](https://github.com/facebook/hermes/releases) - [Commits](facebook/hermes@v0.2.1...v0.11.0) Updates `js-yaml` from 3.14.1 to 3.15.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.15.0) Updates `json5` from 2.2.1 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `node-fetch` from 1.7.3 to 2.6.7 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@1.7.3...v2.6.7) Updates `react-devtools-core` from 3.6.3 to 4.24.0 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/HEAD/packages/react-devtools-core) Updates `serve-static` from 1.15.0 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `shell-quote` from 1.6.1 to 1.7.3 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.6.1...v1.7.3) Updates `ws` from 1.1.5 to 6.2.4 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@1.1.5...6.2.4) Updates `@babel/helpers` from 7.15.3 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-helpers) Updates `@babel/traverse` from 7.15.0 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-traverse) Updates `brace-expansion` from 1.1.11 to 1.1.16 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.16) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `js-yaml` from 3.14.1 to 3.15.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.15.0) Updates `json5` from 2.2.0 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) Updates `minimatch` from 3.0.4 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `react-devtools-core` from 4.15.0 to 4.28.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/HEAD/packages/react-devtools-core) Updates `serve-static` from 1.14.1 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `handlebars` from 4.7.7 to 4.7.9 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.7.7...v4.7.9) Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `min-document` from 2.19.0 to 2.19.2 - [Commits](Raynos/min-document@v2.19.0...v2.19.2) Updates `nanoid` from 3.1.25 to 3.3.15 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/3.3.15/CHANGELOG.md) - [Commits](ai/nanoid@3.1.25...3.3.15) Updates `picomatch` from 2.3.0 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.0...2.3.2) Updates `url-parse` from 1.5.3 to 1.5.10 - [Commits](unshiftio/url-parse@1.5.3...1.5.10) --- updated-dependencies: - dependency-name: react-native dependency-version: 0.69.12 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/core" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/helpers" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.16 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 6.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hermes-engine dependency-version: 0.11.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 2.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-fetch dependency-version: 2.6.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: react-devtools-core dependency-version: 4.24.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shell-quote dependency-version: 1.7.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 6.2.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/helpers" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.16 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 2.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: react-devtools-core dependency-version: 4.28.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: handlebars dependency-version: 4.7.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: min-document dependency-version: 2.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: url-parse dependency-version: 1.5.10 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This was referenced Jul 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 6 updates in the / directory:
0.61.50.69.121.1.111.1.160.2.00.2.23.14.13.15.03.1.23.1.51.15.01.16.3Bumps the npm_and_yarn group with 16 updates in the /Example directory:
7.15.37.29.77.15.07.29.71.1.111.1.160.2.00.2.23.14.13.15.02.2.02.2.33.0.43.1.51.2.51.2.84.15.04.28.51.14.11.16.34.7.74.7.93.2.23.2.32.19.02.19.23.1.253.3.152.3.02.3.21.5.31.5.10Updates
react-nativefrom 0.61.5 to 0.69.12Changelog
Sourced from react-native's changelog.
... (truncated)
Commits
Maintainer changes
This version was pushed to npm by react-native-bot, a new releaser for react-native since your current version.
Updates
@babel/corefrom 7.18.9 to 7.29.7Release notes
Sourced from @babel/core's releases.
... (truncated)
Commits
4fba754v7.29.704ea6b2v7.29.699f498a[7.x packport]Improve input source map handling (#18001)feba0a3Preserve original identifier names from input sourcemaps (#17992) (#17998)aa8394ev7.29.0ad0d03f[7.x backport] feat: Allow specifying startLine in code frame (#17739)d7f4008v7.28.6e130225Polish(standalone): improve message on invalid preset/plugin (#17606)99dcba5chore: enable some ts-eslint rules (#17592)c92c491Improve Unicode handling in code-frame tokenizer (#17589)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@babel/coresince your current version.Updates
@babel/helpersfrom 7.18.9 to 7.29.7Release notes
Sourced from @babel/helpers's releases.
... (truncated)
Commits
4fba754v7.29.737d5595v7.29.21c0a08d[7.x backport] fix: Properly handle await in finally (#17805)d7f4008v7.28.699dcba5chore: enable some ts-eslint rules (#17592)c1b55f6Useeslint.config.mts(#17573)35055e3v7.28.418d88b8Improve@babel/coretypings (#17471)ef155f5v7.28.3741cbd2chore: fix various typos across codebase (#17476)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@babel/helperssince your current version.Updates
brace-expansionfrom 1.1.11 to 1.1.16Release notes
Sourced from brace-expansion's releases.
Commits
447763a1.1.16d74e630fix: v1 backport for CVE-2026-13149 (#122)2203f4f1.1.150b09384Backport v5.0.6 change to v1 (#111)10c05fc1.1.141afa1b2Add opt-in { max } mitigation to v1 legacy line (#103)2fbb6a2Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)0d7652eBackport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)6c353ca1.1.137fd684fBackport fix for GHSA-f886-m6hf-6m8v (#95)Updates
cross-spawnfrom 5.1.0 to 6.0.5Changelog
Sourced from cross-spawn's changelog.
... (truncated)
Commits
301187achore(release): 6.0.5ae85d40chore: fix linting errorsd5770dffix: avoid using deprecated Buffer constructor (#94)6b64987chore(package): update lint-staged to version 7.0.0 (#93)39166ebchore: update eslint-config-moxy dependency213aa43Merge pull request #92 from moxystudio/greenkeeper/eslint-config-moxy-5.0.035b1ff0chore(package): update eslint-config-moxy to version 5.0.052e557echore(release): 6.0.46f43a61Merge pull request #91 from moxystudio/fix-unix-path-normalize06ee3c6fix: fix paths being incorrectly normalized on unixUpdates
decode-uri-componentfrom 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Commits
a0eea460.2.2980e0bfPrevent overwriting previously decoded tokens3c8a3730.2.176abc93Switch to GitHub workflows746ca5dFix issue where decode throws - fixes #6486d7e2Update license (#1)a650457Tidelift tasks66e1c28Meta tweaksUpdates
hermes-enginefrom 0.2.1 to 0.11.0Release notes
Sourced from hermes-engine's releases.
Commits
2040453Bump versions for 0.11.0 cut6c53047Run Hermes CMake from cargo67fe974Bump nanoid from 3.1.22 to 3.2.0 in /website (#666)10d4945Handle type params in methodsbd64b09Avoid parens around spread argumentsdeabbfdUse proper quotes in string literal type annotationae61d74Fix extra parens in property assignment1ba8ef6Store raw values for string literals as JSX attributes46faa15Enable some syscalls to resume after SIGPROF8bebc9bfix handling of importsUpdates
js-yamlfrom 3.14.1 to 3.15.0Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
c34b6c43.15.0 released21e13d3dist rebuild4165c62Add v3-legacy tag for publishd8ff750Add package lock24f13e7AddedmaxTotalMergeKeys(10000) loader option (v5 backport)9963d363.14.2 released10d3c8edist rebuild5278870fix prototype pollution in merge (<<) (#731)Updates
json5from 2.2.1 to 2.2.3Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
Commits
c3a75242.2.394fd06ddocs: update CHANGELOG for v2.2.33b8cebfdocs(security): use GitHub security advisoriesf0fd9e1docs: publish a security policy6a91a05docs(template): bug -> bug report14f8cb12.2.210cc7cadocs: update CHANGELOG for v2.2.27774c10fix: add proto to objects and arraysedde30aReadme: slight tweak to intro97286f8Improve example in readmeUpdates
lodashfrom 4.17.21 to 4.18.1Release notes
Sourced from lodash's releases.
Commits
cb0b9b9release(patch): bump main to 4.18.1 (#6177)75535f5chore: prune stale advisory refs (#6170)62e91bcdocs: remove n_ Node.js < 6 REPL note from README (#6165)59be2derelease(minor): bump to 4.18.0 (#6161)af63457fix: broken tests for _.template 879aaa91073a76fix: linting issues879aaa9fix: validate imports keys in _.templatefe8d32efix: block prototype pollution in baseUnset via constructor/prototype traversal18ba0a3refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)b819080ci: add dist sync validation workflow (#6137)Updates
minimatchfrom 3.1.2 to 3.1.5Commits
7bba9783.1.5bd25942docs: add warning about ReDoS1a9c27cfix partial matching of globstar patterns1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actionsUpdates
node-fetchfrom 1.7.3 to 2.6.7Release notes
Sourced from node-fetch's releases.
... (truncated)
Commits
1ef4b56backport of #1449 (#1453)8fe5c4e2.x: Specify encoding as an optional peer dependency in package.json (#1310)f56b0c6fix(URL): prefer built in URL version when available and fallback to whatwg (...b5417aefix: import whatwg-url in a way compatible with ESM Node (#1303)18193c5fix v2.6.3 that did not sending query params (#1301)ace7536fix: properly encode url with unicode characters (#1291)152214cFix(package.json): Corrected main file path in package.json (#1274)b5e2e41update version number2358a6cHonor thesizeoption after following a redirect and revert data uri support8c197f8docs: Fix typos and grammatical errors in README.md (#686)Maintainer changes
This version was pushed to npm by endless, a new releaser for node-fetch since your current version.
Install script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.Updates
react-devtools-corefrom 3.6.3 to 4.24.0Commits
Maintainer changes
This version was pushed to npm by hoxyq, a new releaser for react-devtools-core since your current version.
Updates
serve-staticfrom 1.15.0 to 1.16.3Release notes
Sourced from serve-static's releases.
Changelog
Sourced from serve-static's changelog.
Commits
9acad221.16.3 (#229)52dc97ddeps: send@~0.19.1 and upgrade Node.js versions on the CI (#227)ec9c5ec1.16.2f454d37fix(deps): encodeurl@~2.0.077a82551.16.14263f49fix(deps): send@0.19.048c73971.16.00c11fadMerge commit from forkMaintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for serve-static since your current version.
Updates
shell-quotefrom 1.6.1 to 1.7.3Changelog
Sourced from shell-quote's changelog.