Skip to content

chore(deps): bump the npm_and_yarn group across 2 directories with 16 updates#8

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-be39c12fad
Open

chore(deps): bump the npm_and_yarn group across 2 directories with 16 updates#8
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-be39c12fad

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package From To
@babel/core 7.18.0 7.29.7
@babel/plugin-transform-modules-systemjs 7.18.0 7.29.7
flatted 3.2.5 3.4.2
handlebars 4.7.7 4.7.9
joi 17.6.0 17.13.4
js-yaml 3.14.1 3.15.0
minimatch 3.1.2 3.1.5
picomatch 2.3.1 2.3.2
qs 6.10.3 6.15.3
react-devtools-core 4.24.6 4.28.5
serve-static 1.15.0 1.16.3
tough-cookie 4.0.0 4.1.4
vm2 3.9.9 3.11.5

Bumps the npm_and_yarn group with 9 updates in the /example directory:

Package From To
@babel/core 7.18.0 7.29.6
@babel/plugin-transform-modules-systemjs 7.18.0 7.29.7
form-data 3.0.1 3.0.5
joi 17.6.0 17.13.4
lodash 4.17.21 4.18.1
minimatch 3.1.2 3.1.5
picomatch 2.3.1 2.3.2
react-devtools-core 4.24.6 4.28.5
serve-static 1.15.0 1.16.3

Updates @babel/core from 7.18.0 to 7.29.7

Release notes

Sourced from @​babel/core's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

Committers: 3

v7.29.5 (2026-05-05)

🏠 Internal

  • babel-preset-env
    • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

  • babel-plugin-transform-modules-systemjs
    • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

  • babel-parser

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/core since your current version.


Updates @babel/plugin-transform-modules-systemjs from 7.18.0 to 7.29.7

Release notes

Sourced from @​babel/plugin-transform-modules-systemjs's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

Committers: 3

v7.29.5 (2026-05-05)

🏠 Internal

  • babel-preset-env
    • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

  • babel-plugin-transform-modules-systemjs
    • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

  • babel-parser

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/plugin-transform-modules-systemjs since your current version.


Updates flatted from 3.2.5 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates handlebars from 4.7.7 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

Commits

v4.7.8

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

  • fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
  • fix type "RuntimeOptions" also accepting string partials - eab1d14
  • feat(types): set hash to be a Record<string, any> - de4414d
  • fix non-contiguous program indices - 4512766
  • refactor: rename i to startPartIndex - e497a35
  • security: fix security issues - 68d8df5

Commits

v4.7.8 - July 27th, 2023

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

Commits
  • dce542c v4.7.9
  • 8a41389 Update release notes
  • 68d8df5 Fix security issues
  • b2a0831 Fix browser tests
  • 9f98c16 Fix release script
  • 45443b4 Revert "Improve partial indenting performance"
  • 8841a5f Fix CI errors with linting
  • e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
  • e914d60 Improve rendering performance
  • 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.


Updates joi from 17.6.0 to 17.13.4

Commits
Maintainer changes

This version was pushed to npm by marsup, a new releaser for joi since your current version.


Updates js-yaml from 3.14.1 to 3.15.0

Changelog

Sourced from js-yaml's changelog.

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.

... (truncated)

Commits

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

Updates qs from 6.10.3 to 6.15.3

Changelog

Sourced from qs's changelog.

6.15.3

  • [Fix] parse: enforce throwOnLimitExceeded for cumulative array growth via combine/merge
  • [Fix] utils: respect encoding of surrogate pairs across chunks (#559)
  • [Robustness] parse: throw the arrayLimit error before splitting oversized comma values
  • [Robustness] utils.merge / utils.assign: avoid invoking __proto__ setter when copying own properties
  • [Robustness] utils: enforce arrayLimit consistently across merge's array paths
  • [Perf] utils: make compact O(n) via a side-channel visited-set instead of Array.indexOf
  • [Deps] update side-channel
  • [Dev Deps] update eslint, mock-property, tape
  • [Tests] parse: characterize current lenient handling of unbalanced bracket keys (#558)

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

  • [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
  • [Deps] update @ljharb/eslint-config
  • [Dev Deps] update @ljharb/eslint-config, iconv-lite
  • [Tests] increase coverage

6.15.0

  • [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
  • [Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions

6.14.1

  • [Fix] ensure arrayLimit applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions

... (truncated)

Commits
  • 18d085e v6.15.3
  • c38af42 [Deps] update side-channel
  • adce539 [Dev Deps] update eslint, mock-property, tape
  • 74a0f6a [Robustness] utils: enforce arrayLimit consistently across merge's arra...
  • f4938f5 [Tests] parse: characterize current lenient handling of unbalanced bracket ...
  • 5d5f723 [Perf] utils: make compact O(n) via a side-channel visited-set instead of...
  • 52afe00 [Robustness] parse: throw the arrayLimit error before splitting oversized...
  • 963e538 [Fix] parse: enforce throwOnLimitExceeded for cumulative array growth via...
  • 59da434 [Fix] utils: respect encoding of surrogate pairs across chunks
  • 9532969 [Robustness] utils.merge / utils.assign: avoid invoking __proto__ sette...
  • Additional commits viewable in compare view

Updates react-devtools-core from 4.24.6 to 4.28.5

Commits
Maintainer changes

This version was pushed to npm by hoxyq, a new releaser for react-devtools-core since your current version.


Updates serve-static from 1.15.0 to 1.16.3

Release notes

Sourced from serve-static's releases.

v1.16.3

What's Changed

Full Changelog: expressjs/serve-static@v1.16.2...v1.16.3

v1.16.2

What's Changed

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

New Contributors

Full Changelog: expressjs/serve-static@1.16.0...v1.16.1

1.16.0

What's Changed

New Contributors

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.3 / 2024-12-15

  • deps: send@~0.19.1
    • deps: encodeurl@~2.0.0

1.16.2 / 2024-09-11

  • deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

  • deps: send@0.19.0

1.16.0 / 2024-09-10

  • Remove link renderization in html while redirecting
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for serve-static since your current version.


Updates tough-cookie from 4.0.0 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

New Contributors

Full Changelog: salesforce/tough-cookie@v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

... (truncated)

Commits
  • cacbc37 Bump version to 4.1.4
  • a48fb3a Add tests for url validation
  • 50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
  • 1253d58 Merge pull request #409 from corvidism/validators-to-string
  • 238367e Add local alias for toString
  • 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
  • 12d4747 Prevent prototype pollution in cookie memstore (#283)
  • f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
  • cf6debd Fix incorrect string validation for URL
  • b1a8898 fix: allow set cookies with localhost (#253)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.


Updates vm2 from 3.9.9 to 3.11.5

Release notes

Sourced from vm2's releases.

v3.11.5

What's Changed

Bug fixes

  • #566 — Restore util.inspect output on Node 26+. console.log(vm.run(...)) was rendering as Proxy(Proxy({})) / Proxy(Proxy([])) instead of the underlying value. Triggered by Node 26's stricter handling of nested proxies in the inspector.
  • #567 — Restore array iteration on vm.freeze()'d host arrays. Calling .map() / .filter() / .forEach() etc. inside the sandbox on a frozen host object containing arrays threw TypeError: 'isExtensible' on proxy: trap result does not reflect extensibility of proxy target. Regression from the 3.11.0 proxy-invariant hardening.
  • #568 — Fix .node extension handler key in lib/resolver.js (the key was ' .node' with a leading space, so native addon resolution silently fell through to the default path). Thanks to @​cherr-cc.

Upgrade Notes

Drop-in replacement for 3.11.4. No API or configuration changes.

Full Changelog: patriksimek/vm2@v3.11.4...v3.11.5

v3.11.4

Ten advisories closed. Patch release — no API changes for valid configurations.

What's Changed

Security fixes

  • GHSA-c4cf-2hgv-2qv6 — Bridge set trap ignoring ECMA-262 §9.5.9 Receiver, letting Object.create(hostObj) children and Reflect.set(hostObj, k, v, custom) writes leak onto the host object (write-channel → RCE).
  • GHSA-m5q2-4fm3-vfqp — Cross-realm Symbol.for namespace leak + missing dangerous-symbol guards on the bridge's write traps (set / defineProperty / deleteProperty), enabling sandbox-installed nodejs.util.promisify.custom / stream brand / webstream hooks on host objects (RCE).
  • GHSA-v6mx-mf47-r5wg — Host prototype mutation via Function.prototype.{call,apply,bind} and Reflect.{apply,construct} indirection through Object.prototype.__proto__ setter, severing host intrinsic prototype chains and escaping via thisEnsureThis proto-walk fallthrough (RCE).
  • GHSA-q3fm-4wcw-g57x — Defense Invariant #11 violation in defaultSandboxPrepareStackTrace (second variant of GHSA-9qj6-qjgg-37qq in a different file): sandbox-installed Array.prototype[N] setter / Array.prototype.join override could observe bridge-internal stack-trace state.
  • GHSA-76w7-j9cq-rx2j — Promise species hijack in localPromise's swallow-tail, hijacking the downstream child constructor to capture V8's internal (resolve, reject) capability and reach a raw host-realm error → host Function (RCE).
  • GHSA-m4wx-m65x-ghrr — NodeVM constructor patch bypass of GHSA-8hg8-63c5-gwmx: any truthy nesting paired with a non-real-config require produced a NESTING_OVERRIDE-only resolver → inner NodeVM with attacker-chosen requirechild_process RCE.
  • GHSA-6j2x-vhqr-qr7q — WebAssembly JSPI (WebAssembly.promising / WebAssembly.Suspending, Node 24+ behind a flag, Node 26+ default) producing Promise objects with a host-realm [[Prototype]] chain and no bridge interposition; species hijack delivers a raw host-realm rejection to sandbox .catch → host Function (RCE).
  • GHSA-rp36-8xq3-r6c4 — NodeVM builtin denylist bypass via process (whose getBuiltinModule(name) reloads any core module regardless of allow/deny config) and inspector/promises (whose Session().post('Runtime.evaluate', ...) evaluates attacker JS in the host realm). Supersedes GHSA-947f-4v7f-x2v8.
  • GHSA-r9pm-gxmw-wv6p — NodeVM builtin: ['*'] wildcard exposing Node's undocumented underscored network builtins (_http_client, _http_server, _tls_*, _stream_*) even when the documented -http/-https/-net/-tls exclusions were used — SSRF-class capability bypass (CVSS 8.6).
  • GHSA-9g8x-92q2-p28f — NodeVM builtin allowlist surfacing four process-wide observability builtins (diagnostics_channel, async_hooks, perf_hooks, v8) that read state of the entire host process rather than sandbox-local state — HTTP header / async-context / perf-mark / heap-snapshot exfiltration.

Documentation

  • docs/ATTACKS.md extended through Category 35, plus two new Defense Invariants: #12 ("No sandbox-visible object has a host-realm prototype chain without bridge interposition") and #13 ("The NodeVM builtin allowlist is a closed system").

Upgrade Notes

  • If you constructed NodeVM({ nesting: <truthy> }) without an explicit require config object, new NodeVM(...) now throws (GHSA-m4wx-m65x-ghrr). This covers every shape that previously silently produced a vm2-only resolver: omitting require, or setting it to any falsy value (false/undefined...

    Description has been truncated

… updates

Bumps the npm_and_yarn group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.18.0` | `7.29.7` |
| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.18.0` | `7.29.7` |
| [flatted](https://github.com/WebReflection/flatted) | `3.2.5` | `3.4.2` |
| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.7` | `4.7.9` |
| [joi](https://github.com/hapijs/joi) | `17.6.0` | `17.13.4` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.15.0` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |
| [qs](https://github.com/ljharb/qs) | `6.10.3` | `6.15.3` |
| [react-devtools-core](https://github.com/facebook/react/tree/HEAD/packages/react-devtools-core) | `4.24.6` | `4.28.5` |
| [serve-static](https://github.com/expressjs/serve-static) | `1.15.0` | `1.16.3` |
| [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.0.0` | `4.1.4` |
| [vm2](https://github.com/patriksimek/vm2) | `3.9.9` | `3.11.5` |

Bumps the npm_and_yarn group with 9 updates in the /example directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.18.0` | `7.29.6` |
| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.18.0` | `7.29.7` |
| [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.5` |
| [joi](https://github.com/hapijs/joi) | `17.6.0` | `17.13.4` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |
| [react-devtools-core](https://github.com/facebook/react/tree/HEAD/packages/react-devtools-core) | `4.24.6` | `4.28.5` |
| [serve-static](https://github.com/expressjs/serve-static) | `1.15.0` | `1.16.3` |



Updates `@babel/core` from 7.18.0 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core)

Updates `@babel/plugin-transform-modules-systemjs` from 7.18.0 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs)

Updates `flatted` from 3.2.5 to 3.4.2
- [Commits](WebReflection/flatted@v3.2.5...v3.4.2)

Updates `handlebars` from 4.7.7 to 4.7.9
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.7.7...v4.7.9)

Updates `joi` from 17.6.0 to 17.13.4
- [Commits](hapijs/joi@v17.6.0...v17.13.4)

Updates `js-yaml` from 3.14.1 to 3.15.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.15.0)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

Updates `qs` from 6.10.3 to 6.15.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.10.3...v6.15.3)

Updates `react-devtools-core` from 4.24.6 to 4.28.5
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/HEAD/packages/react-devtools-core)

Updates `serve-static` from 1.15.0 to 1.16.3
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...v1.16.3)

Updates `tough-cookie` from 4.0.0 to 4.1.4
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v4.0.0...v4.1.4)

Updates `vm2` from 3.9.9 to 3.11.5
- [Release notes](https://github.com/patriksimek/vm2/releases)
- [Changelog](https://github.com/patriksimek/vm2/blob/main/CHANGELOG.md)
- [Commits](patriksimek/vm2@3.9.9...v3.11.5)

Updates `@babel/core` from 7.18.0 to 7.29.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core)

Updates `@babel/plugin-transform-modules-systemjs` from 7.18.0 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs)

Updates `@babel/traverse` from 7.18.0 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-traverse)

Updates `form-data` from 3.0.1 to 3.0.5
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v3.0.1...v3.0.5)

Updates `joi` from 17.6.0 to 17.13.4
- [Commits](hapijs/joi@v17.6.0...v17.13.4)

Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.18.1)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

Updates `react-devtools-core` from 4.24.6 to 4.28.5
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/HEAD/packages/react-devtools-core)

Updates `serve-static` from 1.15.0 to 1.16.3
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...v1.16.3)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: joi
  dependency-version: 17.13.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.15.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: react-devtools-core
  dependency-version: 4.28.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-version: 4.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vm2
  dependency-version: 3.11.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/core"
  dependency-version: 7.29.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 3.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: joi
  dependency-version: 17.13.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: react-devtools-core
  dependency-version: 4.28.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants