Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates#5937

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-7e8e81614b
Closed

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates#5937
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-7e8e81614b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 11, 2026

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
storybook 10.1.11 10.2.10
vite 7.2.2 7.3.2
simple-git 3.30.0 3.32.3
dompurify 3.3.1 3.3.2
next 16.1.6 16.2.3

Updates storybook from 10.1.11 to 10.2.10

Release notes

Sourced from storybook's releases.

v10.2.10

10.2.10

v10.2.9

10.2.9

v10.2.8

10.2.8

v10.2.7

10.2.7

v10.2.6

10.2.6

v10.2.5

10.2.5

v10.2.4

10.2.4

... (truncated)

Changelog

Sourced from storybook's changelog.

10.2.10

10.2.9

10.2.8

10.2.7

10.2.6

10.2.5

10.2.4

10.2.3

... (truncated)

Commits
  • c812573 Bump version from "10.2.9" to "10.2.10" [skip ci]
  • fd275fb Merge pull request #33820 from storybookjs/harden-websocket-security
  • 4cdde82 Bump version from "10.2.8" to "10.2.9" [skip ci]
  • 719b6ca Bump version from "10.2.7" to "10.2.8" [skip ci]
  • 78f274b Merge pull request #33773 from storybookjs/valentin/add-exit-telemetry
  • 0ca7278 Merge pull request #33766 from storybookjs/norbert/share-channel-events
  • 1c96212 Merge pull request #33783 from storybookjs/copilot/add-expo-telemetry-patch-l...
  • 8d687ec Bump version from "10.2.6" to "10.2.7" [skip ci]
  • 711e245 Merge pull request #33776 from LouisLau-art/fix/loglevel-flag-works
  • 3802165 Merge pull request #33284 from ia319/bug/33281-dynamic-title-select
  • Additional commits viewable in compare view

Updates vite from 7.2.2 to 7.3.2

Release notes

Sourced from vite's releases.

v7.3.2

Please refer to CHANGELOG.md for details.

v7.3.1

Please refer to CHANGELOG.md for details.

v7.3.0

Please refer to CHANGELOG.md for details.

v7.2.7

Please refer to CHANGELOG.md for details.

v7.2.6

Please refer to CHANGELOG.md for details.

v7.2.5

Please refer to CHANGELOG.md for details.

Note: 7.2.5 failed to publish so it is skipped on npm

v7.2.4

Please refer to CHANGELOG.md for details.

v7.2.3

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.3.2 (2026-04-06)

Bug Fixes

7.3.1 (2026-01-07)

Features

  • add ignoreOutdatedRequests option to optimizeDeps (#21364) (9d39d37)

7.3.0 (2025-12-15)

Features

  • deps: update esbuild from ^0.25.0 to ^0.27.0 (#21183) (cff26ec)

7.2.7 (2025-12-08)

Bug Fixes

7.2.6 (2025-12-01)

7.2.5 (2025-12-01)

Bug Fixes

Performance Improvements

Documentation

  • clarify manifest.json imports field is JS chunks only (#21136) (46d3077)

Miscellaneous Chores

7.2.4 (2025-11-20)

Bug Fixes

  • revert "perf(deps): replace debug with obug (#21107)" (2d66b7b)

7.2.3 (2025-11-20)

... (truncated)

Commits

Updates simple-git from 3.30.0 to 3.32.3

Release notes

Sourced from simple-git's releases.

simple-git@3.32.3

Patch Changes

  • f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

    Thanks to @​CodeAnt-AI-Security for identifying the issue

simple-git@3.32.2

Patch Changes

  • 8d02097: Enhanced clone unsafe switch detection.

simple-git@3.32.1

Patch Changes

  • 23b070f: Fix regex for detecting unsafe clone options

    Thanks to @​stevenwdv for reporting this issue.

simple-git@3.32.0

Minor Changes

  • 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

    Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

  • d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

simple-git@3.31.1

Patch Changes

  • a44184f: Resolve NPM publish steps
Changelog

Sourced from simple-git's changelog.

3.32.3

Patch Changes

  • f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

    Thanks to @​CodeAnt-AI-Security for identifying the issue

3.32.2

Patch Changes

  • 8d02097: Enhanced clone unsafe switch detection.

3.32.1

Patch Changes

  • 23b070f: Fix regex for detecting unsafe clone options

    Thanks to @​stevenwdv for reporting this issue.

3.32.0

Minor Changes

  • 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

    Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

  • d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

3.31.1

Patch Changes

  • a44184f: Resolve NPM publish steps

3.31.0

Minor Changes

  • 22dc93f: Custom binary plugin should support the use of ~ character, used by Windows to shorten long folder names and folder names that have spaces in them (eg: C:\Program Files might become C:\PROGRA~1).

    Thanks to @​skyshineb for reporting this issue.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for simple-git since your current version.


Updates dompurify from 3.3.1 to 3.3.2

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.2

  • Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
  • Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
  • Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
  • Bumped and removed several dependencies, thanks @​Rotzbua
  • Fixed the test suite after bumping dependencies, thanks @​Rotzbua
Commits

Updates next from 16.1.6 to 16.2.3

Release notes

Sourced from next's releases.

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

  • Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
  • Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
  • Deduplicate output assets and detect content conflicts on emit (#92292)
  • Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
  • turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • backport: Move expanded adapters docs to API reference (#92115) (#92129)
  • Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
  • [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
  • next.config.js: Accept an option for serverFastRefresh (#91968)
  • Turbopack: enable server HMR for app route handlers (#91466)
  • Turbopack: exclude metadata routes from server HMR (#92034)
  • Fix CI for glibc linux builds
  • Backport: disable bmi2 in qfilter #92177
  • [backport] Fix CSS HMR on Safari (#92174)

Credits

Huge thanks to @​nextjs-bot, @​icyJoseph, @​ijjk, @​gaojude, @​wbinnssmith, @​lukesandberg, and @​bgw for helping!

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • docs: post release amends (#91715)
  • docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
  • Fix adapter outputs for dynamic metadata routes (#91680)
  • Turbopack: fix webpack loader runner layer (#91727)
  • Fix server actions in standalone mode with cacheComponents (#91711)
  • turbo-persistence: remove Unmergeable mmap advice (#91713)
  • Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
  • Turbopack: lazy require metadata and handle TLA (#91705)
  • [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

... (truncated)

Commits
  • d5f649b v16.2.3
  • 2873928 [16.x] Avoid consuming cyclic models multiple times (#75)
  • d7c7765 [backport]: Ensure app-page reports stale ISR revalidation errors via onReque...
  • c573e8c fix(server-hmr): metadata routes overwrite page runtime HMR handler (#92273)
  • 57b8f65 next-core: deduplicate output assets and detect content conflicts on emit (#9...
  • f158df1 Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
  • 356d605 turbo-tasks-backend: stability fixes for task cancellation and error handling...
  • 3b77a6e Fix DashMap read-write self-deadlock in task_cache causing hangs (#92210)
  • b2f208a Backport: new view-transitions guide, update and fixes (#92264)
  • 52faae3 v16.2.2
  • Additional commits viewable in compare view

Updates rollup from 4.53.2 to 4.60.1

Release notes

Sourced from rollup's releases.

v4.60.1

4.60.1

2026-03-30

Bug Fixes

  • Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

v4.60.0

4.60.0

2026-03-22

Features

  • Support source phase imports as long as they are external (#6279)

Pull Requests

v4.59.1

4.59.1

2026-03-21

Bug Fixes

  • Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.60.1

2026-03-30

Bug Fixes

  • Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

4.60.0

2026-03-22

Features

  • Support source phase imports as long as they are external (#6279)

Pull Requests

4.59.1

2026-03-21

Bug Fixes

  • Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

... (truncated)

Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 6 up…
c367b83 
…dates

Bumps the npm_and_yarn group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `10.1.11` | `10.2.10` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.3.2` |
| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.30.0` | `3.32.3` |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.3.2` |
| [next](https://github.com/vercel/next.js) | `16.1.6` | `16.2.3` |



Updates `storybook` from 10.1.11 to 10.2.10
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.10/code/core)

Updates `vite` from 7.2.2 to 7.3.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)

Updates `simple-git` from 3.30.0 to 3.32.3
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.32.3/simple-git)

Updates `dompurify` from 3.3.1 to 3.3.2
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.1...3.3.2)

Updates `next` from 16.1.6 to 16.2.3
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.1.6...v16.2.3)

Updates `rollup` from 4.53.2 to 4.60.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.53.2...v4.60.1)

---
updated-dependencies:
- dependency-name: storybook
  dependency-version: 10.2.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: simple-git
  dependency-version: 3.32.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.3.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 16.2.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.60.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner April 11, 2026 00:44
@dependabot dependabot bot requested a review from piofinn April 11, 2026 00:44
@piofinn piofinn closed this Apr 16, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 16, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-7e8e81614b branch April 16, 2026 10:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@piofinn piofinn Awaiting requested review from piofinn piofinn is a code owner automatically assigned from fremtind/jokul

@zenabii zenabii Awaiting requested review from zenabii zenabii is a code owner automatically assigned from fremtind/jokul

@kristianulv23 kristianulv23 Awaiting requested review from kristianulv23 kristianulv23 is a code owner automatically assigned from fremtind/jokul

@lmfaole lmfaole Awaiting requested review from lmfaole lmfaole is a code owner automatically assigned from fremtind/jokul

@fremtindelise fremtindelise Awaiting requested review from fremtindelise fremtindelise is a code owner automatically assigned from fremtind/jokul

Assignees

No one assigned

Labels

🔗 dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@piofinn