Skip to content

chore(deps): bump the npm_and_yarn group across 2 directories with 8 updates#47

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-e02f505dae
Open

chore(deps): bump the npm_and_yarn group across 2 directories with 8 updates#47
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-e02f505dae

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package From To
vitest 2.1.9 3.2.6
vite 6.4.2 6.4.3
ws 8.20.0 8.21.0
dompurify 3.3.3 3.4.11
mermaid 11.14.0 11.15.0
postcss 8.5.8 8.5.10

Bumps the npm_and_yarn group with 4 updates in the /site directory: dompurify, mermaid, postcss and uuid.

Updates vitest from 2.1.9 to 3.2.6

Release notes

Sourced from vitest's releases.

v3.2.6

   🐞 Bug Fixes

    View changes on GitHub

v3.2.5

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v3.2.4

   🐞 Bug Fixes

    View changes on GitHub

v3.2.3

   🚀 Features

... (truncated)

Commits
  • b6d56f8 chore: release v3.2.6
  • 16f120d fix: pin last supported vite-node version
  • 2cbad0a chore: release v3.2.5
  • 385a1ae fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • af88b1f feat(api): add allowWrite and allowExec options to api [backport to v3]...
  • c666d14 chore: release v3.2.4
  • 8a18c8e fix(cli): throw error when --shard x/\<count> exceeds count of test files (#...
  • 8abd7cc chore(deps): update tinypool (#8174)
  • 93f3200 fix(deps): update all non-major dependencies (#8123)
  • 0c3be6f fix(coverage): ignore SCSS in browser mode (#8161)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Updates vite from 6.4.2 to 6.4.3

Release notes

Sourced from vite's releases.

v6.4.3

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.3 (2026-06-01)

Commits

Updates ws from 8.20.0 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

8.20.1

... (truncated)

Commits
  • bca91ad [dist] 8.21.0
  • 2b2abd4 [security] Limit retained message parts
  • 78eabe2 [security] Add latest vulnerability to SECURITY.md
  • 5d9b316 [dist] 8.20.1
  • c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
  • ce2a3d6 [ci] Test on node 26
  • 58e45b8 [ci] Do not test on node 25
  • 5f26c24 [ci] Run the lint step on node 24
  • See full diff in compare view

Updates dompurify from 3.3.3 to 3.4.11

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.11

  • Fixed an issue with a leaky config for hooks via setConfig, thanks @​trace37labs
  • Bumped vulnerable development dependencies to arrive at plain 0 with npm audit
  • Updated the osv-scanner suppression list as no vulnerable dependencies are left for now
  • Updated up the linting tool-chain and removed now-redundant lint directives
  • Updated the documentation is several spots, README, wiki, etc.
  • Bumped several dependencies where possible

DOMPurify 3.4.10

  • Refactored codebase for clarity: extracted the public type declarations into types.ts
  • Decomposed the three largest sanitizer functions into focused helpers
  • Removed duplicated defaults and dead branches, consolidated SAFE_FOR_TEMPLATES scrubbing into single shared path
  • Improved per-node performance by hoisting the mXSS probe regexes and testing textContent before innerHTML
  • Added a deterministic micro-benchmark harness (npm run bench) with a --compare mode
  • Reduced CI cost by running the full three-engine browser suite once per PR
  • Refreshed the demos/ folder so every demo runs again, and added a SVG-via-<img> demo
  • Documented the bench and test:happydom scripts in the README
  • Completed the Attack Classes & Bypass History wiki page
  • Bumped several dependencies where possible

DOMPurify 3.4.9

  • Further improved the handling of Trusted Types config options, thanks @​offset
  • Further improved the handling of IN_PLACE sanitization, thanks @​mozfreddyb
  • Added more test coverage for IN_PLACE and Trusted Types related usage
  • Bumped several dependencies where possible
  • Updated README and wiki with more accurate documentation & attack samples

DOMPurify 3.4.8

  • Cleaned up the repository root, renamed some and removed unneeded files
  • Fixed an issue with handling of Trusted Types policies, thanks @​fulstadev
  • Fixed the node iterator for better template scrubbing, thanks @​IamLeandrooooo
  • Included formerly missing LICENSE-MPL in published npm package, thanks @​asamuzaK
  • Bumped several dependencies where possible

DOMPurify 3.4.7

  • Hardened the handling of Shadow Roots when using IN_PLACE, thanks @​GameZoneHacker
  • Removed a problem leading to permanent hook pollution, thanks @​offset
  • Refactored the test suite and expanded test coverage significantly

DOMPurify 3.4.6

  • Fixed several issues with DOM Clobbering in IN_PLACE mode, thanks @​offset & @​Bankde
  • Hardened the checks for cross-realm IN_PLACE and Shadow DOM sanitization, thanks @​offset & @​Bankde
  • Added more test coverage for IN_PLACE and general DOM Clobbering attacks
  • Bumped several dependencies where possible

DOMPurify 3.4.5

  • Fixed a bypass caused by the new HTML element selectedcontent added in 3.4.4, thanks @​KabirAcharya

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

... (truncated)

Commits
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates mermaid from 11.14.0 to 11.15.0

Release notes

Sourced from mermaid's releases.

mermaid@11.15.0

Minor Changes

  • #7174 0aca217 Thanks @​milesspencer35! - feat(sequence): Add support for decimal start and increment values in the autonumber directive

  • #7512 8e17492 Thanks @​aruncveli! - feat(flowchart): add datastore shape

    In Data flow diagrams, a datastore/warehouse/file/database is used to represent data persistence. It is denoted by a rectangle with only top and bottom borders, and can be used in flowcharts with A@{ shape: datastore, label: "Datastore" }.

  • #6440 9ad8dde Thanks @​yordis, @​lgazo! - feat: add Event Modeling diagram

  • #7707 27db774 Thanks @​txmxthy! - feat(architecture): expose four fcose layout knobs for architecture-beta diagrams (nodeSeparation, idealEdgeLengthMultiplier, edgeElasticity, numIter) so authors can tune layout density and spread overlapping siblings without changing diagram source

  • #7604 bf9502f Thanks @​M-a-c! - feat(class): add nested namespace support for class diagrams via dot notation and syntactic nesting

    If you have namespaces in class diagrams that use .s already and want to render them without nesting (≤v11.14.0 behaviour), you can use set class.hierarchicalNamespaces=false in your mermaid config:

    config:
      class:
        hierarchicalNamespaces: false
  • #7272 88cdd3d Thanks @​xinbenlv! - feat(sankey): add outlined label style, configurable nodeWidth/nodePadding, and custom node colors

Patch Changes

  • #7737 e9b0f34 Thanks @​ashishjain0512! - fix: prevent unbalanced CSS styles in classDefs

  • #7737 37ff937 Thanks @​ashishjain0512! - fix: create CSS styles using the CSSOM

    This removes some invalid CSS and normalizes some CSS formatting.

  • #7508 bfe60cc Thanks @​biiab! - fix(stateDiagram): end note now only closes a note when used on a new line

  • #7737 faafb5d Thanks @​ashishjain0512! - fix(gantt): add iteration limit for excludes field

  • #7737 65f8be2 Thanks @​ashishjain0512! - fix: disallow some CSS at-rules in custom CSS

  • #7726 1502f32 Thanks @​aloisklink! - fix(wardley): fix unnecessary sanitization of text

  • #7578 1f98db8 Thanks @​Gaston202! - fix(class): self-referential class multiplicity labels no longer rendered multiple times

    Fixes #7560. Resolves an issue where cardinality labels on self-referential class relationships were rendered three times due to edge splitting in the dagre layout. The fix ensures that each sub-edge only carries its relevant label positions.

  • #7592 2343e38 Thanks @​knsv-bot! - fix(sequence): add background box behind alt/else section title labels in sequence diagrams

  • #7589 7fb9509 Thanks @​NYCU-Chung! - fix(block): prevent column widths from shrinking when mixing different column spans

  • #7632 3f9e0f1 Thanks @​ekiauhce! - fix(sequence): correct messageAlign label position for right-to-left arrows in sequence diagrams

... (truncated)

Commits
  • 41646df Merge pull request #7739 from aloisklink/ci/fix-release
  • 2671f5c docs: fix v11.15.0 release
  • f4bf04b Merge pull request #7738 from mermaid-js/changeset-release/master
  • abfb563 Version Packages
  • 60b289f Release Candidate 11.15.0 (#7737)
  • d37c0db Merge pull request #7730 from aloisklink/fix/fix-edgeLabelRightLeft-changes
  • 5ab5a28 docs: improve nested namespace changeset
  • 18f8b4c fix: revert endEdgeLabelLeft/endEdgeLabelRight change
  • 504b2eb Merge pull request #7726 from aloisklink/fix/correct-unnecessary-html-escapes...
  • 1502f32 fix(wardley): fix unnecessary sanitization of text
  • Additional commits viewable in compare view

Updates postcss from 8.5.8 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Changelog

Sourced from postcss's changelog.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Commits

Updates esbuild from 0.21.5 to 0.25.12

Release notes

Sourced from esbuild's releases.

v0.25.12

  • Fix a minification regression with CSS media queries (#4315)

    The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

  • Update the list of known JavaScript globals (#4310)

    This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

    From ES2017:

    • Atomics
    • SharedArrayBuffer

    From ES2020:

    • BigInt64Array
    • BigUint64Array

    From ES2021:

    • FinalizationRegistry
    • WeakRef

    From ES2025:

    • Float16Array
    • Iterator

    Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

    // This can now be tree-shaken by esbuild:
    class ExampleIterator extends Iterator {}
  • Add support for the new @view-transition CSS rule (#4313)

    With this release, esbuild now has improved support for pretty-printing and minifying the new @view-transition rule (which esbuild was previously unaware of):

    /* Original code */
    @view-transition {
      navigation: auto;
      types: check;
    }
    /* Old output */
    @​view-transition { navigation: auto; types: check; }
    /* New output */
    @​view-transition {
    navigation: auto;
    types: check;

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

0.24.2

  • Fix regression with --define and import.meta (#4010, #4012, #4013)

    The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

    This fix was contributed by @​sapphi-red.

0.24.1

  • Allow es2024 as a target in tsconfig.json (#4004)

    TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

    {
      "compilerOptions": {
        "target": "ES2024"
      }
    }

    As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

    This fix was contributed by @​billyjanitsch.

  • Allow automatic semicolon insertion after get/set

    This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

    class Foo {
      get
      *x() {}
      set
      *y() {}
    }

    The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

  • Allow quoted property names in --define and --pure (#4008)

    The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

... (truncated)

Commits
  • 208f539 publish 0.25.12 to npm
  • 5f03afd update release notes
  • 6b2ee78 minify: remove css rules containing empty :is()
  • f361deb add some additional known static methods
  • 07aa646 automatically mark "RegExp.escape()" calls as pure
  • 9039c46 simplify some call expression checks
  • 188944d add some additional known static methods
  • d3c67f9 fix #4310: add Iterator and other known globals
  • 4a51f0b fix: escape dev server breadcrumb hrefs properly (#4316)
  • 26b29ed fix #4315: @media deduplication bug edge case
  • Additional commits viewable in compare view

Updates dompurify from 3.3.3 to 3.4.11

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.11

  • Fixed an issue with a leaky config for hooks via setConfig, thanks @​trace37labs
  • Bumped vulnerable development dependencies to arrive at plain 0 with npm audit
  • Updated the osv-scanner suppression list as no vulnerable dependencies are left for now
  • Updated up the linting tool-chain and removed now-redundant lint directives
  • Updated the documentation is several spots, README, wiki, etc.
  • Bumped several dependencies where possible

DOMPurify 3.4.10

  • Refactored codebase for clarity: extracted the public type declarations into types.ts
  • Decomposed the three largest sanitizer functions into focused helpers
  • Removed duplicated defaults and dead branches, consolidated SAFE_FOR_TEMPLATES scrubbing into single shared path
  • Improved per-node performance by hoisting the mXSS probe regexes and testing textContent before innerHTML
  • Added a deterministic micro-benchmark harness (npm run bench) with a --compare mode
  • Reduced CI cost by running the full three-engine browser suite once per PR
  • Refreshed the demos/ folder so every demo runs again, and added a SVG-via-<img> demo
  • Documented the bench and test:happydom scripts in the README
  • Completed the Attack Classes & Bypass History wiki page
  • Bumped several dependencies where possible

DOMPurify 3.4.9

  • Further improved the handling of Trusted Types config options, thanks @​offset
  • Further improved the handling of IN_PLACE sanitization, thanks @​mozfreddyb
  • Added more test coverage for IN_PLACE and Trusted Types related usage
  • Bumped several dependencies where possible
  • Updated README and wiki with more accurate documentation & attack samples

DOMPurify 3.4.8

  • Cleaned up the repository root, renamed some and removed unneeded files
  • Fixed an issue with handling of Trusted Types policies, thanks @​fulstadev
  • Fixed the node iterator for better template scrubbing, thanks @​IamLeandrooooo
  • Included formerly missing LICENSE-MPL in published npm package, thanks @​asamuzaK
  • Bumped several dependencies where possible

DOMPurify 3.4.7

  • Hardened the handling of Shadow Roots when using IN_PLACE, thanks @​GameZoneHacker
  • Removed a problem leading to permanent hook pollution, thanks @​offset
  • Refactored the test suite and expanded test coverage significantly

DOMPurify 3.4.6

  • Fixed several issues with DOM Clobbering in IN_PLACE mode, thanks @​offset & @​Bankde
  • Hardened the checks for cross-realm IN_PLACE and Shadow DOM sanitization, thanks @​offset & @​Bankde
  • Added more test coverage for IN_PLACE and general DOM Clobbering attacks
  • Bumped several dependencies where possible

DOMPurify 3.4.5

  • Fixed a bypass caused by the new HTML element selectedcontent added in 3.4.4, thanks @​KabirAcharya

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

... (truncated)

Commits
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates mermaid from 11.13.0 to 11.16.0

Release notes

Sourced from mermaid's releases.

mermaid@11.15.0

Minor Changes

  • #7174 0aca217 Thanks @​milesspencer35! - feat(sequence): Add support for decimal start and increment values in the autonumber directive

  • #7512 8e17492 Thanks @​aruncveli! - feat(flowchart): add datastore shape

    In Data flow diagrams, a datastore/warehouse/file/database is used to represent data persistence. It is denoted by a rectangle with only top and bottom borders, and can be used in flowcharts with A@{ shape: datastore, label: "Datastore" }.

  • #6440 9ad8dde Thanks @​yordis, @​lgazo! - feat: add Event Modeling diagram

  • #7707 27db774 Thanks @​txmxthy! - feat(architecture): expose four fcose layout knobs for architecture-beta diagrams (nodeSeparation, idealEdgeLengthMultiplier, edgeElasticity, numIter) so authors can tune layout density and spread overlapping siblings without changing diagram source

  • #7604 bf9502f Thanks @​M-a-c! - feat(class): add nested namespace support for class diagrams via dot notation and syntactic nesting

    If you have namespaces in class diagrams that use .s already and want to render them without nesting (≤v11.14.0 behaviour), you can use set class.hierarchicalNamespaces=false in your mermaid config:

    config:
      class:
        hierarchicalNamespaces: false
  • #7272 88cdd3d Thanks @​xinbenlv! - feat(sankey): add outlined label style, configurable nodeWidth/nodePadding, and custom node colors

Patch Changes

  • #7737 e9b0f34 Thanks @​ashishjain0512! - fix: prevent unbalanced CSS styles in classDefs

  • #7737 37ff937 Thanks @​ashishjain0512! - fix: create CSS styles using the CSSOM

    This removes some invalid CSS and normalizes some CSS formatting.

  • #7508 bfe60cc Thanks @​biiab! - fix(stateDiagram): end note now only closes a note when used on a new line

  • #7737 faafb5d Thanks @​ashishjain0512! - fix(gantt): add iteration limit for excludes field

  • #7737 65f8be2 Thanks @​ashishjain0512! - fix: disallow some CSS at-rules in custom CSS

  • #7726 1502f32 Thanks @​aloisklink! - fix(wardley): fix unnecessary sanitization of text

  • #7578 1f98db8 Thanks @​Gaston202! - fix(class): self-referential class multiplicity labels no longer rendered multiple times

    Fixes #7560. Resolves an issue where cardinality labels on self-referential class relationships were rendered three times due to edge splitting in the dagre layout. The fix ensures that each sub-edge only carries its relevant label positions.

  • #7592 2343e38 Thanks @​knsv-bot! - fix(sequence): add background box behind alt/else section title labels in sequence diagrams

  • #7589 7fb9509 Thanks @​NYCU-Chung! - fix(block): prevent column widths from shrinking when mixing different column spans

  • #7632 3f9e0f1 Thanks @​ekiauhce! - fix(sequence): correct messageAlign label position for right-to-left arrows in sequence diagrams

... (truncated)

Commits
  • 41646df Merge pull request #7739 from aloisklink/ci/fix-release
  • 2671f5c docs: fix v11.15.0 release
  • f4bf04b Merge pull request #7738 from mermaid-js/changeset-release/master
  • abfb563 Version Packages
  • 60b289f Release Candidate 11.15.0 (#7737)
  • d37c0db Merge pull request #7730 from aloisklink/fix/fix-edgeLabelRightLeft-changes
  • 5ab5a28 docs: improve nested namespace changeset
  • 18f8b4c fix: revert endEdgeLabelLeft/endEdgeLabelRight change
  • 504b2eb Merge pull request #7726 from aloisklink/fix/correct-unnecessary-html-escapes...
  • 1502f32 fix(wardley): fix unnecessary sanitization of text
  • Additional commits viewable in compare view

Updates postcss from 8.5.8 to 8.5.16

Release notes

Sourced from postcss's releases.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Changelog

Sourced from postcss's changelog.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Commits

…updates

Bumps the npm_and_yarn group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `2.1.9` | `3.2.6` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.4.2` | `6.4.3` |
| [ws](https://github.com/websockets/ws) | `8.20.0` | `8.21.0` |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.3` | `3.4.11` |
| [mermaid](https://github.com/mermaid-js/mermaid) | `11.14.0` | `11.15.0` |
| [postcss](https://github.com/postcss/postcss) | `8.5.8` | `8.5.10` |

Bumps the npm_and_yarn group with 4 updates in the /site directory: [dompurify](https://github.com/cure53/DOMPurify), [mermaid](https://github.com/mermaid-js/mermaid), [postcss](https://github.com/postcss/postcss) and [uuid](https://github.com/uuidjs/uuid).


Updates `vitest` from 2.1.9 to 3.2.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest)

Updates `vite` from 6.4.2 to 6.4.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.4.3/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.4.3/packages/vite)

Updates `ws` from 8.20.0 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.0...8.21.0)

Updates `dompurify` from 3.3.3 to 3.4.11
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.3...3.4.11)

Updates `mermaid` from 11.14.0 to 11.15.0
- [Release notes](https://github.com/mermaid-js/mermaid/releases)
- [Commits](https://github.com/mermaid-js/mermaid/compare/mermaid@11.14.0...mermaid@11.15.0)

Updates `postcss` from 8.5.8 to 8.5.10
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.8...8.5.10)

Updates `esbuild` from 0.21.5 to 0.25.12
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](evanw/esbuild@v0.21.5...v0.25.12)

Updates `dompurify` from 3.3.3 to 3.4.11
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.3...3.4.11)

Updates `mermaid` from 11.13.0 to 11.16.0
- [Release notes](https://github.com/mermaid-js/mermaid/releases)
- [Commits](https://github.com/mermaid-js/mermaid/compare/mermaid@11.14.0...mermaid@11.15.0)

Updates `postcss` from 8.5.8 to 8.5.16
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.8...8.5.10)

Updates `uuid` from 11.1.0 to 14.0.1
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v11.1.0...v14.0.1)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 3.2.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.4.3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.4.11
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: mermaid
  dependency-version: 11.15.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.25.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.4.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mermaid
  dependency-version: 11.16.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: uuid
  dependency-version: 14.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies javascript Pull requests that update javascript code labels Jun 30, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 30, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs
synapse-fleet-sim-demo db42ada Jun 30 2026, 02:28 AM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants