Skip to content

Bump the npm_and_yarn group across 1 directory with 13 updates#1

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-f05c458d5e
Open

Bump the npm_and_yarn group across 1 directory with 13 updates#1
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-f05c458d5e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Nov 15, 2025

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 4 updates in the / directory: @babel/helpers, axios, brace-expansion and katex.

Updates @babel/helpers from 7.26.9 to 7.28.4

Release notes

Sourced from @​babel/helpers's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

🐛 Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

🐛 Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

📝 Documentation

... (truncated)

Commits

Updates axios from 1.7.9 to 1.13.2

Release notes

Sourced from axios's releases.

Release v1.13.2

Release notes:

Bug Fixes

  • http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)
  • http: use default export for http2 module to support stubs; (#7196) (0588880)

Performance Improvements

Contributors to this release

Release v1.13.1

Release notes:

Bug Fixes

  • http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

Release v1.13.0

Release notes:

Bug Fixes

  • fetch: prevent TypeError when config.env is undefined (#7155) (015faec)
  • resolve issue #7131 (added spacing in mergeConfig.js) (#7133) (9b9ec98)

Features

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.13.2 (2025-11-04)

Bug Fixes

  • http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)
  • http: use default export for http2 module to support stubs; (#7196) (0588880)

Performance Improvements

Contributors to this release

1.13.1 (2025-10-28)

Bug Fixes

  • http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

1.13.0 (2025-10-27)

Bug Fixes

  • fetch: prevent TypeError when config.env is undefined (#7155) (015faec)
  • resolve issue #7131 (added spacing in mergeConfig.js) (#7133) (9b9ec98)

Features

Contributors to this release

... (truncated)

Commits
  • 08b84b5 chore(release): v1.13.2 (#7207)
  • 8d37233 fix(http): fix 'socket hang up' bug for keep-alive requests when using timeou...
  • 12c314b perf(http): fix early loop exit; (#7202)
  • f6d79e7 chore(sponsor): update sponsor block (#7203)
  • 0588880 fix(http): use default export for http2 module to support stubs; (#7196)
  • 1ef8e72 chore(release): v1.13.1 (#7194)
  • bcd5581 fix(http): fixed a regression that caused the data stream to be interrupted f...
  • c9b3371 chore: enhance styling and responsiveness in client.html (#7173)
  • 9ead04d [Release] v1.13.0 (#7189)
  • d000fbf fix(http2): fix possible race condition when handling http2 stream on almost ...
  • Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates dompurify from 2.4.3 to 3.3.0

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.0

  • Added the SVG mask-type attribute to default allow-list, thanks @​prasadrajandran
  • Added support for ADD_ATTR and ADD_TAGS to accept functions, thanks @​nelstrom
  • Fixed an issue with the slot element being in both SVG and HTML allow-list, thanks @​Wim-Valgaeren

DOMPurify 3.2.7

  • Added new attributes and elements to default allow-list, thanks @​elrion018
  • Added tagName parameter to custom element attributeNameCheck, thanks @​nelstrom
  • Added better check for animated href attributes, thanks @​llamakko
  • Updated and improved the bundled types, thanks @​ssi02014
  • Updated several tests to better align with new browser encoding behaviors
  • Improved the handling of potentially risky content inside CDATA elements, thanks @​securityMB & @​terjanq
  • Improved the regular expression for raw-text elements to cover textareas, thanks @​securityMB & @​terjanq

DOMPurify 3.2.6

DOMPurify 3.2.5

  • Added a check to the mXSS detection regex to be more strict, thanks @​masatokinugawa
  • Added ESM type imports in source, removes patch function, thanks @​donmccurdy
  • Added script to verify various TypeScript configurations, thanks @​reduckted
  • Added more modern browsers to the Karma launchers list
  • Added Node 23.x to tested runtimes, removed Node 17.x
  • Fixed the generation of source maps, thanks @​reduckted
  • Fixed an unexpected behavior with ALLOWED_URI_REGEXP using the 'g' flag, thanks @​hhk-png
  • Fixed a few typos in the README file

DOMPurify 3.2.4

  • Fixed a conditional and config dependent mXSS-style bypass reported by @​nsysean
  • Added a new feature to allow specific hook removal, thanks @​davecardwell
  • Added purify.js and purify.min.js to exports, thanks @​Aetherinox
  • Added better logic in case no window object is president, thanks @​yehuya
  • Updated some dependencies called out by dependabot
  • Updated license files etc to show the correct year

DOMPurify 3.2.3

DOMPurify 3.2.2

  • Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @​yaniv-git
  • Fixed several minor issues with the type definitions, thanks again @​reduckted
  • Fixed a minor issue with the types reference for trusted types, thanks @​reduckted
  • Fixed a minor problem with the template detection regex on some systems, thanks @​svdb99

... (truncated)

Commits
  • 36d1fbc Getting 3.x branch ready for 3.3.0 release (#1157)
  • eaa0bdb Merge pull request #1144 from cure53/main
  • f712593 fix: removed a possibly dossy regex
  • eb9b3b6 Merge branch 'main' of github.com:cure53/DOMPurify
  • ce006f7 chore: Preparing 3.2.7 release
  • ef0e0cb chore: Preparing 3.2.6 release
  • 2f09cd3 Update README.md
  • 6a795bc Merge pull request #1142 from cure53/dependabot/github_actions/actions/setup-...
  • 2458bbd build(deps): bump actions/setup-node from 4 to 5
  • e43d3f3 Merge pull request #1136 from cure53/dependabot/github_actions/actions/checko...
  • Additional commits viewable in compare view

Updates form-data from 4.0.2 to 4.0.4

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13
Changelog

Sourced from form-data's changelog.

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13
Commits
  • 41996f5 v4.0.4
  • 316c82b [meta] actually ensure the readme backup isn’t published
  • 2300ca1 [meta] fix readme capitalization
  • 811f682 [meta] add auto-changelog
  • 5e34080 [Tests] fix linting errors
  • 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
  • 58c25d7 [Dev Deps] update @ljharb/eslint-config
  • 3d17230 [Fix] Switch to using crypto random for boundary values
  • d8d67dc v4.0.3
  • e6e83cc [meta] remove local commit hooks
  • Additional commits viewable in compare view

Updates got from 9.6.0 to 12.6.1

Release notes

Sourced from got's releases.

v12.6.1

  • Fix get-stream import statement (#2266) 67d5039

sindresorhus/got@v12.6.0...v12.6.1

v12.6.0

  • Update dependencies 88c88fb 979272e
  • Loosen URL validation strictness (#2200) 0ca0b7f

sindresorhus/got@v12.5.3...v12.6.0

v12.5.3

  • Fix abort event listeners not always being cleaned up (#2162) 3cc40b5

sindresorhus/got@v12.5.2...v12.5.3

v12.5.2

  • Improve TypeScript 4.9 compatibility (#2163) 39f83b6

sindresorhus/got@v12.5.1...v12.5.2

v12.5.1

  • Fix compatibility with TypeScript and ESM 3b3ea67
  • Fix request body not being properly cached (#2150) 3e9d3af

sindresorhus/got@v12.5.0...v12.5.1

v12.5.0

  • Disable method rewriting on 307 and 308 status codes (#2145) e049e94
  • Upgrade dependencies 8630815 f0ac0b3 4c3762a

sindresorhus/got@v12.4.1...v12.5.0

v12.4.1

Fixes

  • Fix options.context being not extensible b671480715dbbff908e9a385f5e714570c663cd7
  • Don't emit uploadProgress after promise cancelation 693de217b030816f574d6e4cb505ee2e77b21c29

sindresorhus/got@v12.4.0...v12.4.1

v12.4.0

Improvements

  • Support FormData without known length (#2120) 850773c

Fixes

  • Don&#39;t call beforeError hooks with HTTPError if the throwHttpErrors option is false (#2104) 3927348

... (truncated)

Commits

Updates http-proxy-middleware from 2.0.7 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

  • fix(fixRequestBody): check readableLength

v2.0.8

  • fix(fixRequestBody): prevent multiple .write() calls
  • fix(fixRequestBody): handle invalid request
Commits

Updates image-size from 1.2.0 to 2.0.2

Release notes

Sourced from image-size's releases.

v2.0.2

Fixes

Full Changelog: image-size/image-size@v2.0.1...v2.0.2

v2.0.1

Full Changelog: image-size/image-size@v2.0.0...v2.0.1

v2.0.0

The release

  • Adds dual support for CJS and ESM, switches from Buffer to UInt8Array, uses DataView for reads, and can therefore now also be used in browsers
  • Removes all dependencies
  • Introduces some performance improvements
  • Drops synchronous API.

Please see the Readme for the usage examples.

Full Changelog: image-size/image-size@v1.2.0...v2.0.0

v1.2.1

Fixes

Full Changelog: image-size/image-size@v1.2.0...v1.2.1

Commits

Updates katex from 0.13.24 to 0.16.25

Release notes

Sourced from katex's releases.

v0.16.25

0.16.25 (2025-10-13)

Features

  • css: provide katex-swap.css that uses font-display: swap (#3940) (b3f9ce6), closes #2242

v0.16.24

0.16.24 (2025-10-12)

Features

v0.16.23

0.16.23 (2025-10-03)

Bug Fixes

  • Support \def with arguments via macros option (#4087) (80a8158)

v0.16.22

0.16.22 (2025-04-09)

Bug Fixes

  • \relax in base or exponent of super/subscript (#4045) (1f43c84)

v0.16.21

0.16.21 (2025-01-17)

Bug Fixes

v0.16.20

0.16.20 (2025-01-12)

Bug Fixes

... (truncated)

Changelog

Sourced from katex's changelog.

0.16.25 (2025-10-13)

Features

  • css: provide katex-swap.css that uses font-display: swap (#3940) (b3f9ce6), closes #2242

0.16.24 (2025-10-12)

Features

0.16.23 (2025-10-03)

Bug Fixes

  • Support \def with arguments via macros option (#4087) (80a8158)

0.16.22 (2025-04-09)

Bug Fixes

  • \relax in base or exponent of super/subscript (#4045) (1f43c84)

0.16.21 (2025-01-17)

Bug Fixes

  • escape \htmlData attribute name (57914ad)

0.16.20 (2025-01-12)

Bug Fixes

0.16.19 (2024-12-29)

Bug Fixes

0.16.18 (2024-12-18)

... (truncated)

Commits
  • d2f1084 chore(release): 0.16.25 [ci skip]
  • b3f9ce6 feat(css): provide katex-swap.css that uses font-display: swap (#3940)
  • c6c78de chore(release): 0.16.24 [ci skip]
  • 8c9b306 feat: support hex colors with alpha (#4090)
  • adad68c chore: remove polyfill for Array.prototype.includes (#4061)
  • fcd458b chore(vscode): update Yarn SDKs for Prettier and tooling (#4071)
  • eed3ea5 chore(release): 0.16.23 [ci skip]
  • 80a8158 fix: Support \def with arguments via macros option (#4087)
  • 049ed98 docs: Update Delimiters table to add / and correct \lt, \gt rendering (...
  • 9fb6313 docs: correct closing tag and fix some spelling errors (#4063)
  • Additional commits viewable in compare view

Updates mermaid from 9.4.3 to 11.12.1

Release notes

Sourced from mermaid's releases.

mermaid@11.12.1

Patch Changes

@dependabot
Bump the npm_and_yarn group across 1 directory with 13 updates
4aed2eb 
Bumps the npm_and_yarn group with 4 updates in the / directory: [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers), [axios](https://github.com/axios/axios), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [katex](https://github.com/KaTeX/KaTeX).


Updates `@babel/helpers` from 7.26.9 to 7.28.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-helpers)

Updates `axios` from 1.7.9 to 1.13.2
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.7.9...v1.13.2)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `dompurify` from 2.4.3 to 3.3.0
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@2.4.3...3.3.0)

Updates `form-data` from 4.0.2 to 4.0.4
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.2...v4.0.4)

Updates `got` from 9.6.0 to 12.6.1
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](sindresorhus/got@v9.6.0...v12.6.1)

Updates `http-proxy-middleware` from 2.0.7 to 2.0.9
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v2.0.7...v2.0.9)

Updates `image-size` from 1.2.0 to 2.0.2
- [Release notes](https://github.com/image-size/image-size/releases)
- [Commits](image-size/image-size@v1.2.0...v2.0.2)

Updates `katex` from 0.13.24 to 0.16.25
- [Release notes](https://github.com/KaTeX/KaTeX/releases)
- [Changelog](https://github.com/KaTeX/KaTeX/blob/main/CHANGELOG.md)
- [Commits](KaTeX/KaTeX@v0.13.24...v0.16.25)

Updates `mermaid` from 9.4.3 to 11.12.1
- [Release notes](https://github.com/mermaid-js/mermaid/releases)
- [Commits](https://github.com/mermaid-js/mermaid/compare/v9.4.3...mermaid@11.12.1)

Updates `on-headers` from 1.0.2 to 1.1.0
- [Release notes](https://github.com/jshttp/on-headers/releases)
- [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md)
- [Commits](jshttp/on-headers@v1.0.2...v1.1.0)

Updates `prismjs` from 1.29.0 to 1.30.0
- [Release notes](https://github.com/PrismJS/prism/releases)
- [Changelog](https://github.com/PrismJS/prism/blob/v2/CHANGELOG.md)
- [Commits](PrismJS/prism@v1.29.0...v1.30.0)

Updates `webpack-dev-server` from 4.15.2 to 5.2.2
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v4.15.2...v5.2.2)

---
updated-dependencies:
- dependency-name: "@babel/helpers"
  dependency-version: 7.28.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.13.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: got
  dependency-version: 12.6.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-proxy-middleware
  dependency-version: 2.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: image-size
  dependency-version: 2.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: katex
  dependency-version: 0.16.25
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mermaid
  dependency-version: 11.12.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: on-headers
  dependency-version: 1.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: prismjs
  dependency-version: 1.30.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-server
  dependency-version: 5.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants