Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates#1958

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/js/examples/ai-sdk/next-openai-app/npm_and_yarn-22e06f9568
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates#1958
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/js/examples/ai-sdk/next-openai-app/npm_and_yarn-22e06f9568

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 6, 2026

Bumps the npm_and_yarn group with 3 updates in the /js/examples/ai-sdk/next-openai-app directory: next, valibot and postcss.

Updates next from 15.5.14 to 15.5.15

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

Commits

Updates valibot from 1.1.0 to 1.2.0

Release notes

Sourced from valibot's releases.

v1.2.0

Many thanks to @​EskiMojo14, @​makenowjust, @​ysknsid25 and @​jacekwilczynski for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

  • Add toBigint, toBoolean, toDate, toNumber and toString transformation actions (pull request #1212)
  • Add examples action to add example values to a schema (pull request #1199)
  • Add getExamples method to extract example values from a schema (pull request #1199)
  • Add isbn validation action to validate ISBN-10 and ISBN-13 strings (pull request #1097)
  • Add exports for RawCheckAddIssue, RawCheckContext, RawCheckIssueInfo, RawTransformAddIssue, RawTransformContext and RawTransformIssueInfo types for better developer experience with rawCheck and rawTransform actions (pull request #1359)
  • Change build step to tsdown
  • Fix ReDoS vulnerability in EMOJI_REGEX used by emoji action

v1.2.0 (to-json-schema)

Many thanks to @​cruzdanilo and @​Xiot for contributing to this release.

  • Add support for title, description and examples in metadata action (pull request #1189)
  • Add new override configurations to override default behaviour of JSON Schema conversion (pull request #1197)
  • Add storage for global definitions with addGlobalDefs and getGlobalDefs (pull request #1197)
  • Add new toJsonSchemaDefs function to convert Valibot schema definitions to JSON Schema definitions (pull request #1197)

v1.2.0 (i18n)

  • Add Uzbek (uz) translations (pull request #1452)
  • Change Valibot peer dependency to ^1.4.0
Commits
  • 053ae97 Bump version to 1.2.0 and update changelog
  • de76d7c Merge pull request #1361 from open-circle/v1.2-blog-post
  • c14f092 Add security fix for ReDoS vulnerability in emoji action and update release n...
  • cfb799d Merge commit from fork
  • 36fafd0 Add release notes blog post for Valibot v1.2 to website
  • 83c07ca Merge pull request #1097 from ysknsid25/feat/add-isbn-validation
  • 6957e0d Add beta annotation to JSDoc comment of isbn action
  • 6c7f9c0 Add docs for new isbn action to website
  • ca902e6 Refactor ISBN regex constants and update validation logic
  • e7a4f17 Refactor and improve new isbn action and update changelog
  • Additional commits viewable in compare view

Updates postcss from 8.5.8 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Changelog

Sourced from postcss's changelog.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 3 up…
c906da3 
…dates

Bumps the npm_and_yarn group with 3 updates in the /js/examples/ai-sdk/next-openai-app directory: [next](https://github.com/vercel/next.js), [valibot](https://github.com/open-circle/valibot) and [postcss](https://github.com/postcss/postcss).


Updates `next` from 15.5.14 to 15.5.15
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.14...v15.5.15)

Updates `valibot` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/open-circle/valibot/releases)
- [Commits](open-circle/valibot@v1.1.0...v1.2.0)

Updates `postcss` from 8.5.8 to 8.5.10
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.8...8.5.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.15
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: valibot
  dependency-version: 1.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants