build(deps): bump the npm_and_yarn group across 5 directories with 14 updates by dependabot[bot] · Pull Request #2273 · helixml/helix

dependabot · 2026-04-24T16:13:10Z

Bumps the npm_and_yarn group with 2 updates in the /demos/compliance-analyzer directory: vite and picomatch.
Bumps the npm_and_yarn group with 1 update in the /for-mac/frontend directory: vite.
Bumps the npm_and_yarn group with 9 updates in the /frontend directory:

Package	From	To
vite	`7.3.1`	`7.3.2`
vite	`6.2.2`	`6.4.2`
picomatch	`4.0.3`	`4.0.4`
rollup	`4.57.1`	`4.60.3`
axios	`1.7.9`	`1.15.0`
lodash	`4.17.21`	`4.18.1`
yaml	`1.10.2`	`1.10.3`
yaml	`2.7.0`	`2.8.4`
dompurify	`3.3.1`	`3.4.2`
jspdf	`3.0.4`	`4.2.1`
qs	`6.14.0`	`6.15.1`

Bumps the npm_and_yarn group with 1 update in the /integration-test/frontend directory: basic-ftp.
Bumps the npm_and_yarn group with 6 updates in the /mcp-servers/drone-ci directory:

Package	From	To
axios	`1.13.4`	`1.15.0`
qs	`6.14.1`	`6.15.1`
@hono/node-server	`1.19.9`	`1.19.14`
ajv	`8.17.1`	`8.20.0`
hono	`4.11.7`	`4.12.16`
path-to-regexp	`8.3.0`	`8.4.2`

Updates vite from 5.4.21 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

update rolldown to 1.0.0-rc.17 (#22299) (a4d06d9)

Bug Fixes

hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)

css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)

optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)

remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

enable some typecheck rules (#22278) (9437518)

typecheck client directory (#22284) (40a0847)

8.0.9 (2026-04-20)

Features

update rolldown to 1.0.0-rc.16 (#22248) (2947edd)

Bug Fixes

allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)

build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)

bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)

css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)

deps: update all non-major dependencies (#22219) (4cd0d67)

deps: update all non-major dependencies (#22268) (c28e9c1)

detect Deno workspace root (fix #22237) (#22238) (1b793c0)

dev: handle errors in watchChange hook (#22188) (fc08bda)

optimizer: handle more chars that will be sanitized (#22208) (3f24533)

skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

align the descriptions in READMEs (#22231) (44c42b9)

fix reuses wording in dev environment comment (#22173) (9163412)

fix wording in sass error comment (#22214) (bc5c6a7)

update build CLI defaults (#22261) (605bb97)

Miscellaneous Chores

deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)

8.0.8 (2026-04-09)

Features

update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

... (truncated)

Commits

32c2978 release: v8.0.10
a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
40a0847 refactor: typecheck client directory (#22284)
5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
9437518 refactor: enable some typecheck rules (#22278)
ce729f5 release: v8.0.9
605bb97 docs: update build CLI defaults (#22261)
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Fix bad text values in parse #126, thanks to @connor4312

Changed

Remove process global to work outside of node #129, thanks to @styfle

Add sideEffects to package.json #128, thanks to @frandiox

Removed os, make compatible browser environment. See #124, thanks to @gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

81cba8d Publish 2.3.2
fc1f6b6 Merge commit from fork
eec17ae Merge commit from fork
78f8ca4 Merge pull request #156 from micromatch/backport-144
3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
See full diff in compare view

Updates vite from 5.4.21 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

update rolldown to 1.0.0-rc.17 (#22299) (a4d06d9)

Bug Fixes

hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)

css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)

optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)

remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

enable some typecheck rules (#22278) (9437518)

typecheck client directory (#22284) (40a0847)

8.0.9 (2026-04-20)

Features

update rolldown to 1.0.0-rc.16 (#22248) (2947edd)

Bug Fixes

allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)

build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)

bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)

css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)

deps: update all non-major dependencies (#22219) (4cd0d67)

deps: update all non-major dependencies (#22268) (c28e9c1)

detect Deno workspace root (fix #22237) (#22238) (1b793c0)

dev: handle errors in watchChange hook (#22188) (fc08bda)

optimizer: handle more chars that will be sanitized (#22208) (3f24533)

skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

align the descriptions in READMEs (#22231) (44c42b9)

fix reuses wording in dev environment comment (#22173) (9163412)

fix wording in sass error comment (#22214) (bc5c6a7)

update build CLI defaults (#22261) (605bb97)

Miscellaneous Chores

deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)

8.0.8 (2026-04-09)

Features

update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

... (truncated)

Commits

32c2978 release: v8.0.10
a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
40a0847 refactor: typecheck client directory (#22284)
5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
9437518 refactor: enable some typecheck rules (#22278)
ce729f5 release: v8.0.9
605bb97 docs: update build CLI defaults (#22261)
Additional commits viewable in compare view

Updates vite from 5.4.21 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

update rolldown to 1.0.0-rc.17 (#22299) (a4d06d9)

Bug Fixes

hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)

css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)

optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)

remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

enable some typecheck rules (#22278) (9437518)

typecheck client directory (#22284) (40a0847)

8.0.9 (2026-04-20)

Features

update rolldown to 1.0.0-rc.16 (#22248) (2947edd)

Bug Fixes

allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)

build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)

bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)

css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)

deps: update all non-major dependencies (#22219) (4cd0d67)

deps: update all non-major dependencies (#22268) (c28e9c1)

detect Deno workspace root (fix #22237) (#22238) (1b793c0)

dev: handle errors in watchChange hook (#22188) (fc08bda)

optimizer: handle more chars that will be sanitized (#22208) (3f24533)

skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

align the descriptions in READMEs (#22231) (44c42b9)

fix reuses wording in dev environment comment (#22173) (9163412)

fix wording in sass error comment (#22214) (bc5c6a7)

update build CLI defaults (#22261) (605bb97)

Miscellaneous Chores

deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)

8.0.8 (2026-04-09)

Features

update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

... (truncated)

Commits

32c2978 release: v8.0.10
a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
40a0847 refactor: typecheck client directory (#22284)
5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
9437518 refactor: enable some typecheck rules (#22278)
ce729f5 release: v8.0.9
605bb97 docs: update build CLI defaults (#22261)
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Fix bad text values in parse #126, thanks to @connor4312

Changed

Remove process global to work outside of node #129, thanks to @styfle

Add sideEffects to package.json #128, thanks to @frandiox

Removed os, make compatible browser environment. See #124, thanks to @gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

81cba8d Publish 2.3.2
fc1f6b6 Merge commit from fork
eec17ae Merge commit from fork
78f8ca4 Merge pull request #156 from micromatch/backport-144
3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
See full diff in compare view

Updates vite from 5.4.21 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

update rolldown to 1.0.0-rc.17 (#22299) (a4d06d9)

Bug Fixes

hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)

css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)

optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)

remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

enable some typecheck rules (#22278) (9437518)

typecheck client directory (#22284) (40a0847)

8.0.9 (2026-04-20)

Features

update rolldown to 1.0.0-rc.16 (#22248) (2947edd)

Bug Fixes

allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)

build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)

bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)

css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)

deps: update all non-major dependencies (#22219) (4cd0d67)

deps: update all non-major dependencies (#22268) (c28e9c1)

detect Deno workspace root (fix #22237) (#22238) (1b793c0)

dev: handle errors in watchChange hook (#22188) (fc08bda)

optimizer: handle more chars that will be sanitized (#22208) (3f24533)

skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

align the descriptions in READMEs (#22231) (44c42b9)

fix reuses wording in dev environment comment (#22173) (9163412)

fix wording in sass error comment (#22214) (bc5c6a7)

update build CLI defaults (#22261) (605bb97)

Miscellaneous Chores

deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)

8.0.8 (2026-04-09)

Features

update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

... (truncated)

Commits

32c2978 release: v8.0.10
a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
40a0847 refactor: typecheck client directory (#22284)
5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
9437518 refactor: enable some typecheck rules (#22278)
ce729f5 release: v8.0.9
605bb97 docs: update build CLI defaults (#22261)
Additional commits viewable in compare view

Updates vite from 5.4.21 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

update rolldown to 1.0.0-rc.17 (#22299) (a4d06d9)

Bug Fixes

hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)

css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)

optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)

remove format sniffing module resolution from JS resolver (#22297) (

… updates Bumps the npm_and_yarn group with 2 updates in the /demos/compliance-analyzer directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [picomatch](https://github.com/micromatch/picomatch). Bumps the npm_and_yarn group with 1 update in the /for-mac/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 9 updates in the /frontend directory: | Package | From | To | | --- | --- | --- | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.2.2` | `6.4.2` | | [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` | | [rollup](https://github.com/rollup/rollup) | `4.57.1` | `4.60.3` | | [axios](https://github.com/axios/axios) | `1.7.9` | `1.15.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` | | [yaml](https://github.com/eemeli/yaml) | `2.7.0` | `2.8.4` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.2` | | [jspdf](https://github.com/parallax/jsPDF) | `3.0.4` | `4.2.1` | | [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.1` | Bumps the npm_and_yarn group with 1 update in the /integration-test/frontend directory: [basic-ftp](https://github.com/patrickjuchli/basic-ftp). Bumps the npm_and_yarn group with 6 updates in the /mcp-servers/drone-ci directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.13.4` | `1.15.0` | | [qs](https://github.com/ljharb/qs) | `6.14.1` | `6.15.1` | | [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` | | [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` | | [hono](https://github.com/honojs/hono) | `4.11.7` | `4.12.16` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` | Updates `vite` from 5.4.21 to 8.0.10 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `vite` from 5.4.21 to 8.0.10 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite) Updates `vite` from 5.4.21 to 8.0.10 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `vite` from 5.4.21 to 8.0.10 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite) Updates `vite` from 5.4.21 to 8.0.10 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite) Updates `vite` from 5.4.21 to 8.0.10 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite) Updates `vite` from 7.3.1 to 7.3.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite) Updates `vite` from 6.2.2 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite) Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `rollup` from 4.57.1 to 4.60.3 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.57.1...v4.60.3) Updates `vite` from 7.3.1 to 7.3.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite) Updates `rollup` from 4.57.1 to 4.60.3 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.57.1...v4.60.3) Updates `axios` from 1.7.9 to 1.15.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.9...v1.15.0) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `yaml` from 1.10.2 to 1.10.3 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v1.10.2...v1.10.3) Updates `yaml` from 2.7.0 to 2.8.4 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v1.10.2...v1.10.3) Updates `vite` from 7.3.1 to 7.3.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite) Updates `dompurify` from 3.3.1 to 3.4.2 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.3.1...3.4.2) Updates `jspdf` from 3.0.4 to 4.2.1 - [Release notes](https://github.com/parallax/jsPDF/releases) - [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md) - [Commits](parallax/jsPDF@v3.0.4...v4.2.1) Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `qs` from 6.14.0 to 6.15.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.1) Updates `rollup` from 4.57.1 to 4.60.3 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.57.1...v4.60.3) Updates `axios` from 1.7.9 to 1.15.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.9...v1.15.0) Updates `qs` from 6.14.0 to 6.15.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.1) Updates `basic-ftp` from 5.0.5 to 5.3.1 - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.0.5...v5.3.1) Updates `basic-ftp` from 5.0.5 to 5.3.1 - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.0.5...v5.3.1) Updates `axios` from 1.13.4 to 1.15.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.9...v1.15.0) Updates `qs` from 6.14.1 to 6.15.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.1) Updates `axios` from 1.13.4 to 1.15.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.9...v1.15.0) Updates `@hono/node-server` from 1.19.9 to 1.19.14 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.9...v1.19.14) Updates `ajv` from 8.17.1 to 8.20.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.20.0) Updates `hono` from 4.11.7 to 4.12.16 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.11.7...v4.12.16) Updates `path-to-regexp` from 8.3.0 to 8.4.2 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.2) Updates `qs` from 6.14.1 to 6.15.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.1) --- updated-dependencies: - dependency-name: "@hono/node-server" dependency-version: 1.19.14 dependency-type: indirect - dependency-name: ajv dependency-version: 8.20.0 dependency-type: indirect - dependency-name: axios dependency-version: 1.15.0 dependency-type: direct:production - dependency-name: axios dependency-version: 1.15.0 dependency-type: direct:production - dependency-name: axios dependency-version: 1.15.0 dependency-type: direct:production - dependency-name: axios dependency-version: 1.15.0 dependency-type: direct:production - dependency-name: basic-ftp dependency-version: 5.3.0 dependency-type: indirect - dependency-name: basic-ftp dependency-version: 5.3.0 dependency-type: indirect - dependency-name: dompurify dependency-version: 3.4.1 dependency-type: indirect - dependency-name: hono dependency-version: 4.12.15 dependency-type: indirect - dependency-name: jspdf dependency-version: 4.2.1 dependency-type: indirect - dependency-name: lodash dependency-version: 4.18.1 dependency-type: direct:production - dependency-name: path-to-regexp dependency-version: 8.4.2 dependency-type: indirect - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect - dependency-name: qs dependency-version: 6.15.1 dependency-type: indirect - dependency-name: qs dependency-version: 6.15.1 dependency-type: indirect - dependency-name: qs dependency-version: 6.15.1 dependency-type: indirect - dependency-name: qs dependency-version: 6.15.1 dependency-type: indirect - dependency-name: rollup dependency-version: 4.60.2 dependency-type: indirect - dependency-name: rollup dependency-version: 4.60.2 dependency-type: indirect - dependency-name: rollup dependency-version: 4.60.2 dependency-type: indirect - dependency-name: vite dependency-version: 6.4.2 dependency-type: indirect - dependency-name: vite dependency-version: 7.3.2 dependency-type: direct:development - dependency-name: vite dependency-version: 7.3.2 dependency-type: direct:development - dependency-name: vite dependency-version: 7.3.2 dependency-type: direct:development - dependency-name: vite dependency-version: 8.0.10 dependency-type: direct:development - dependency-name: vite dependency-version: 8.0.10 dependency-type: direct:development - dependency-name: vite dependency-version: 8.0.10 dependency-type: direct:development - dependency-name: vite dependency-version: 8.0.10 dependency-type: direct:development - dependency-name: vite dependency-version: 8.0.10 dependency-type: direct:development - dependency-name: vite dependency-version: 8.0.10 dependency-type: direct:development - dependency-name: yaml dependency-version: 1.10.3 dependency-type: indirect - dependency-name: yaml dependency-version: 2.8.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 24, 2026

dependabot Bot changed the title ~~chore(deps): bump the npm_and_yarn group across 5 directories with 14 updates~~ build(deps): bump the npm_and_yarn group across 5 directories with 14 updates May 4, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/demos/compliance-analyzer/npm_and_yarn-417d992dd2 branch from fd9fb9a to 9222974 Compare May 4, 2026 20:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 5 directories with 14 updates#2273

build(deps): bump the npm_and_yarn group across 5 directories with 14 updates#2273
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/demos/compliance-analyzer/npm_and_yarn-417d992dd2

dependabot Bot commented on behalf of github Apr 24, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v8.0.10

v8.0.9

v8.0.8

v8.0.7

v8.0.6

v8.0.5

v8.0.4

create-vite@8.0.3

v8.0.3

create-vite@8.0.2

v8.0.2

create-vite@8.0.1

v8.0.1

plugin-legacy@8.0.1

create-vite@8.0.0

plugin-legacy@8.0.0

v8.0.0

8.0.10 (2026-04-23)

Features

Bug Fixes

Code Refactoring

8.0.9 (2026-04-20)

Features

Bug Fixes

Documentation

Miscellaneous Chores

8.0.8 (2026-04-09)

Features

2.3.2

What's Changed

Release history

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

v8.0.10

v8.0.9

v8.0.8

v8.0.7

v8.0.6

v8.0.5

v8.0.4

create-vite@8.0.3

v8.0.3

create-vite@8.0.2

v8.0.2

create-vite@8.0.1

v8.0.1

plugin-legacy@8.0.1

create-vite@8.0.0

plugin-legacy@8.0.0

v8.0.0

8.0.10 (2026-04-23)

Features

Bug Fixes

Code Refactoring

8.0.9 (2026-04-20)

Features

Bug Fixes

Documentation

Miscellaneous Chores

8.0.8 (2026-04-09)

Features

v8.0.10

v8.0.9

v8.0.8

v8.0.7

v8.0.6

v8.0.5

v8.0.4

create-vite@8.0.3

v8.0.3

create-vite@8.0.2

v8.0.2

create-vite@8.0.1

v8.0.1

dependabot Bot commented on behalf of github Apr 24, 2026 •

edited

Loading