Bump the npm_and_yarn group across 1 directory with 13 updates by dependabot[bot] · Pull Request #1 · admin-world/docs

dependabot · 2026-03-05T21:56:48Z

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
ajv	`8.17.1`	`8.18.0`
ajv	`6.12.6`	`6.14.0`
glob	`11.0.2`	`11.1.0`
js-yaml	`4.1.0`	`4.1.1`
lodash	`4.17.21`	`4.17.23`
mdast-util-to-hast	`13.2.0`	`13.2.1`
next	`16.0.1`	`16.1.5`
minimatch	`3.1.1`	`3.1.5`
axios	`1.12.1`	`1.13.6`
body-parser	`2.2.0`	`2.2.2`
immutable	`5.1.1`	`5.1.5`
jws	`3.2.2`	`3.2.3`
rollup	`4.52.5`	`4.59.0`

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates ajv from 6.12.6 to 6.14.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates glob from 11.0.2 to 11.1.0

Changelog

Sourced from glob's changelog.

changeglob

13

Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)

Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.

Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

Drop support for node before v20

10.4

Add includeChildMatches: false option

Export the Ignore class

10.3

Add --default -p flag to provide a default pattern

exclude symbolic links to directories when follow and nodir are both set

10.2

Add glob cli

10.1

Return '.' instead of the empty string '' when the current working directory is returned as a match.

Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

2551fb5 11.1.0
47473c0 bin: Do not expose filenames to shell expansion
bc33fe1 skip tilde test on systems that lack tilde expansion
59bf9ca fix notes
dde4fa6 docs(README): add #anchor and improve notes
0559b0e docs: add better links to path-scurry docs
c9773c2 fix: correct typos in README.md
13e68ea Fix punctuation in traversal function documentation
1527e2b fix repo url
7e190e8 fix typo maths → paths
Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates mdast-util-to-hast from 13.2.0 to 13.2.1

Release notes

Sourced from mdast-util-to-hast's releases.

13.2.1

Fix

ab3a795 Fix support for spaces in class names

Types

efb5312 Refactor to use @imports

a5bc210 Add declaration maps

Full Changelog: syntax-tree/mdast-util-to-hast@13.2.0...13.2.1

Commits

174795b 13.2.1
3d05b3a Update Node in Actions
ab3a795 Fix support for spaces in class names
efb5312 Refactor to use @imports
a5bc210 Add declaration maps
b54955d Add .tsbuildinfo to .gitignore
See full diff in compare view

Updates next from 16.0.1 to 16.1.5

Release notes

Sourced from next's releases.

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Fix linked list bug in LRU deleteFromLru (#88652)

Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @acdlite and @ijjk for helping!

v16.1.1-canary.36

Core Changes

Rename rewroteURL to rewrittenPathname in request metadata: #88751

Simplify getImplicitTags to accept pathname instead of url object: #88753

Add NEXT_DEPLOYMENT_ID global: #86738

Turbopack: remove deployment id suffix from client reference manifest chunks: #88741

Inject <html data-dpl-id> and don't inline it into JS anymore: #88761

[metadata] match the Metadata and ResolvedMetadata type: #88739

Example Changes

Update with-mysql example to Next.js 15, Tailwind 4, Prisma 7: #88475

Misc Changes

[ci] Ensure Turbo Remote Cache can be written to: #88794

perf(turbopack): optimize resolve plugin handling: #88639

Fix buildManifest.js deployment tests: #88806

... (truncated)

Commits

acba4a6 v16.1.5
e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
522ed84 Sync DoS mitigations for React Flight
8cad197 [backport][cna] Ensure created app is not considered the workspace root in pn...
2718661 Backport/docs fixes (#89031)
5333625 Backport/docs fixes 16.1.5 (#88916)
60de6c2 v16.1.4
5f75d22 backport: Only filter next config if experimental flag is enabled (#88733) (#...
Additional commits viewable in compare view

Updates minimatch from 3.1.1 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates axios from 1.12.1 to 1.13.6

Release notes

Sourced from axios's releases.

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

Breaking Changes: None identified in this release.

Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @moh3n9595 for the initial implementation. (#5764)

Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

Environment Compatibility:

Fixed module exports for React Native and Browserify environments. (#7386)

Added safe FormData detection for the WeChat Mini Program environment. (#7324)

Error Handling:

AxiosError.message is now correctly enumerable. (#7392)

AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#7403)

🔧 Maintenance & Chores

Dependencies: Updated the development_dependencies group (5 updates). (#7432)

Infrastructure: Migrated @rollup/plugin-babel from v5.3.1 to v6.1.0. (#7424)

Documentation: Added missing JSDoc comments to utilities. (#7427)

🌟 New Contributors

We are thrilled to welcome our new contributors! Thank you for helping improve the project:

@Gudahtt (#7386)

@ybbus (#7392)

@Shiwaangee (#7324)

@skrtheboss (#7403)

@Janaka66 (#7427)

@moh3n9595 (#5764)

@digital-wizard48 (#7424)

Full Changelog: v1.13.5...v1.13.6

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

7108c88 chore(release): prepare release 1.13.6 (#7446)
20a0ba3 refactor(deps): migrate @rollup/plugin-babel from v5.3.1 to v6.1.0 (#7424)
885b4af feat: support react native blob objects (#5764)
00d97b9 docs(utils): add missing JSDoc comments (#7427)
9712548 chore(deps-dev): bump the development_dependencies group across 1 directory w...
d51accb fix(core): copy status from source error in AxiosError.from (#7403)
3e30bbf chore: fix publish to only run on v1 tags
672491d fix: safe FormData detection for WeChat Mini Program (#7306) (#7324)
822e3e4 fix: make AxiosError.message property enumerable (#7392)
ef3711d feat: implement prettier and fix all issues (#7385)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates body-parser from 2.2.0 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

docs: update README links by @efekrskl in expressjs/body-parser#673

docs: release notes for the v1.20.4 release by @Phillip9587 in expressjs/body-parser#674

docs: update URL-encoded parser description to include ISO-8859-1 encoding support by @Phillip9587 in expressjs/body-parser#679

docs: use standard jsdoc tags everywhere by @Phillip9587 in expressjs/body-parser#677

deps: qs@^6.14.1 by @UlisesGascon in expressjs/body-parser#689

refactor(json): simplify strict mode error string construction by @jonchurch in expressjs/body-parser#693

Release: 2.2.2 by @UlisesGascon in expressjs/body-parser#691

New Contributors

@efekrskl made their first contribution in expressjs/body-parser#673

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

ci: add dependabot by @Phillip9587 in expressjs/body-parser#593

ci: use full SHAs for github action versions by @Phillip9587 in expressjs/body-parser#594

deps: type-is@^2.0.1 by @Phillip9587 in expressjs/body-parser#599

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/body-parser#609

build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in expressjs/body-parser#610

build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in expressjs/body-parser#611

build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in expressjs/body-parser#613

build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in expressjs/body-parser#612

ci: add codeql github workflows scanning by @Phillip9587 in expressjs/body-parser#614

ci: update CodeQL config to ignore the test directory by @Phillip9587 in expressjs/body-parser#615

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/body-parser#620

build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in expressjs/body-parser#619

chore(deps): unpin devDependencies by @Phillip9587 in expressjs/body-parser#616

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/body-parser#621

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/body-parser#623

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/body-parser#624

chore: add funding to package.json by @Phillip9587 in expressjs/body-parser#617

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/body-parser#625

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/body-parser#630

refactor: move common request validation to read function by @Phillip9587 in expressjs/body-parser#600

deps: bump iconv-lite by @bjohansebas in expressjs/body-parser#631

doc: pull beta changelog forward into 2.0.0 by @jonchurch in expressjs/body-parser#629

refactor: optimize raw and text parsers with shared passthrough function by @Phillip9587 in expressjs/body-parser#634

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#640

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in expressjs/body-parser#639

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#636

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#637

build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in expressjs/body-parser#638

deps: raw-body@^3.0.1 by @Phillip9587 in expressjs/body-parser#641

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.2 / 2026-01-07

deps: qs@^6.14.1

refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

Security fix for GHSA-wqch-xfxh-vrr4

deps:

type-is@^2.0.1

iconv-lite@^0.7.0

Handle split surrogate pairs when encoding UTF-8

Avoid false positives in encodingExists by using prototype-less objects

raw-body@^3.0.1

debug@^4.4.3

Commits

3d24866 2.2.2 (#691)
8474a98 refactor(json): simplify strict mode error string construction (#693)
03f17c2 deps: qs@^6.14.1 (#689)
ea1f25e docs: use standard jsdoc tags everywhere (#677)
d7deef8 docs: update URL-encoded parser description to include ISO-8859-1 encoding su...
b6f52aa docs: release notes for the v1.20.4 release (#674)
2965ca4 docs: update links (#673)
d96b63d 2.2.1 (#659)
b204886 sec: security patch for CVE-2025-13466
e20e351 feat: remove history.md from being packaged on publish (#660)
Additional commits viewable in compare view

Updates immutable from 5.1.1 to 5.1.5

Release notes

Sourced from immutable's releases.

v5.1.5

What's Changed

Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Upgrade devtools and use immutable version by @jdeniau in immutable-js/immutable-js#2158

Full Changelog: immutable-js/immutable-js@v5.1.4...v5.1.5

v5.1.4

What's Changed

Migrate some files to TS by @jdeniau in immutable-js/immutable-js#2125

Iterator.ts

PairSorting.ts

toJS.ts

Math.ts

Hash.ts

Extract CollectionHelperMethods and convert to TS by @jdeniau in immutable-js/immutable-js#2131

Use npm trusted publishing only to avoid token stealing.

Documentation

Fix/a11y issues by @lyannel in immutable-js/immutable-js#2136

Doc add Map.get signature update by @borracciaBlu in immutable-js/immutable-js#2138

fix(doc):minor-issues#2132 by @JayMeDotDot in immutable-js/immutable-js#2133

Fix algolia search by @jdeniau in immutable-js/immutable-js#2135

Typo in OrderedMap by @jdeniau in immutable-js/immutable-js#2144

Internal

chore: Sort all imports and activate eslint import rule by @jdeniau in immutable-js/immutable-js#2119

New Contributors

@JayMeDotDot made their first contribution in immutable-js/immutable-js#2133

@lyannel made their first contribution in immutable-js/immutable-js#2136

@borracciaBlu made their first contribution in immutable-js/immutable-js#2138

Full Changelog: immutable-js/immutable-js@v5.1.3...v5.1.4

v5.1.3

What's Changed

TypeScript

fix: allow readonly map entry constructor by @septs in immutable-js/immutable-js#2123

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples.

... (truncated)

Changelog

Sourced from immutable's changelog.

5.1.5

Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

5.1.4

Migrate some files to TS by @jdeniau in immutable-js/immutable-js#2125

Iterator.ts

PairSorting.ts

toJS.ts

Math.ts

Hash.ts

Extract CollectionHelperMethods and convert to TS by @jdeniau in immutable-js/immutable-js#2131

Use npm trusted publishing only to avoid token stealing.

Documentation

Fix/a11y issues by @lyannel in immutable-js/immutable-js#2136

Doc add Map.get signature update by @borracciaBlu in immutable-js/immutable-js#2138

fix(doc):minor-issues#2132 by @JayMeDotDot in immutable-js/immutable-js#2133

Fix algolia search by @jdeniau in immutable-js/immutable-js#2135

Typo in OrderedMap by @jdeniau in immutable-js/immutable-js#2144

Internal

chore: Sort all imports and activate eslint import rule by @jdeniau in immutable-js/immutable-js#2119

5.1.3

TypeScript

fix: allow readonly map entry constructor by @septs in immutable-js/immutable-js#2123

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples. We added a page about browser extensions too: https://immutable-js.com/browser-extension/

Internal

replace rimraf by a node script by @jdeniau in immutable-js/immutable-js#2113

remove warning for tseslint config by @jdeniau in immutable-js/immutable-js#2114

Use default tsconfig for tests by @jdeniau in immutable-js/immutable-js#2055

add tests for arrCopy by @jdeniau in immutable-js/immutable-js#2120

5.1.2

Revert previous assertion as it introduced a regression #2102 by @giggo1604

Merge should work with empty record #2103 by @jdeniau

Commits

b37b855 5.1.5
16b3313 Merge commit from fork
fd2ef49 fix new proto key injection
6734b7b fix Prototype Pollution in mergeDeep, toJS, etc.
6f772de Merge pull request

Bumps the npm_and_yarn group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [glob](https://github.com/isaacs/node-glob) | `11.0.2` | `11.1.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` | | [next](https://github.com/vercel/next.js) | `16.0.1` | `16.1.5` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.1` | `3.1.5` | | [axios](https://github.com/axios/axios) | `1.12.1` | `1.13.6` | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.2` | | [immutable](https://github.com/immutable-js/immutable-js) | `5.1.1` | `5.1.5` | | [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` | | [rollup](https://github.com/rollup/rollup) | `4.52.5` | `4.59.0` | Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `glob` from 11.0.2 to 11.1.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v11.0.2...v11.1.0) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) Updates `next` from 16.0.1 to 16.1.5 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.1...v16.1.5) Updates `minimatch` from 3.1.1 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.1...v3.1.5) Updates `axios` from 1.12.1 to 1.13.6 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.12.1...v1.13.6) Updates `body-parser` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.2) Updates `immutable` from 5.1.1 to 5.1.5 - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](immutable-js/immutable-js@v5.1.1...v5.1.5) Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) Updates `rollup` from 4.52.5 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.52.5...v4.59.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 11.1.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: immutable dependency-version: 5.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 5, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 13 updates#1

Bump the npm_and_yarn group across 1 directory with 13 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-71917c2456

dependabot bot commented on behalf of github Mar 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 5, 2026

v8.18.0

What's Changed

New Contributors

v8.18.0

What's Changed

New Contributors

changeglob

13

12

11.1

11.0

10.4

10.3

10.2

10.1

[4.1.1] - 2025-11-12

Security

13.2.1

Fix

Types

v16.1.5

v16.1.4

Core Changes

Credits

v16.1.3

Core Changes

Credits

v16.1.1-canary.36

Core Changes

Example Changes

Misc Changes

v1.13.6

⚠️ Important Changes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Changelog

1.13.3 (2026-01-20)

Bug Fixes

Features

Reverts

Contributors to this release

v2.2.2

What's Changed

New Contributors

v2.2.1

Important: Security

What's Changed

2.2.2 / 2026-01-07

2.2.1 / 2025-11-24

v5.1.5

What's Changed

v5.1.4

What's Changed

Documentation

Internal

New Contributors

v5.1.3

What's Changed

TypeScript

Documentation

5.1.5

5.1.4

Documentation

Internal

5.1.3

TypeScript

Documentation

Internal

5.1.2

Uh oh!

Reviewers