Bump the npm_and_yarn group across 1 directory with 5 updates by dependabot[bot] · Pull Request #25 · jzills/HmacManager

dependabot · 2026-06-09T00:12:47Z

Bumps the npm_and_yarn group with 3 updates in the /client/lib directory: vite, vitest and minimatch.

Updates vite from 5.4.11 to 8.0.16

Release notes

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

deps: reject UNC paths for launch-editor-middleware (#22571) (50b9512)

reject windows alternate paths (#22572) (dc245c7)

8.0.15 (2026-06-01)

Features

send 408 on request timeout (#22476) (c85c9ee)

update rolldown to 1.0.3 (#22538) (646dbed)

Bug Fixes

capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)

deps: update all non-major dependencies (#22511) (2686d7d)

dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)

glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)

optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)

resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

deps: update rolldown-related dependencies (#22566) (3052a67)

Code Refactoring

correct logic in collectAllModules function (#22562) (6978a9c)

8.0.14 (2026-05-21)

Features

update rolldown to 1.0.2 (#22484) (96efc88)

Bug Fixes

deps: update all non-major dependencies (#22471) (98b8163)

dev: handle errors when sending messages to vite server (#22450) (e8e9a34)

html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)

optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

deps: update rolldown-related dependencies (#22470) (7cb728e)

remove irrelevant commits from changelog (2c69495)

Code Refactoring

glob: do not rewrite import path for absolute base (#22310) (0ae2844)

... (truncated)

Commits

f94df87 release: v8.0.16
dc245c7 fix: reject windows alternate paths (#22572)
50b9512 fix(deps): reject UNC paths for launch-editor-middleware (#22571)
8d1b019 release: v8.0.15
2686d7d fix(deps): update all non-major dependencies (#22511)
3052a67 chore(deps): update rolldown-related dependencies (#22566)
e3cfb9d fix(optimizer): close the rolldown bundle when write() rejects (#22528)
6978a9c refactor: correct logic in collectAllModules function (#22562)
646dbed feat: update rolldown to 1.0.3 (#22538)
85a0eff fix: capitalize error messages and remove spurious space in parse error (#22488)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vite since your current version.

Updates vitest from 2.0.3 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

browser:

Disable client cdp API when allowWrite/allowExec: false [backport to v4] - by @hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)

Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4] - by @toxik and @Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

runner: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by @hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

browser: Provide project reference in ToMatchScreenshotResolvePath - by @macarie and @sheremet-va in vitest-dev/vitest#10138 (31882)

Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options - by @hi-ogawa, Codex and @sheremet-va in vitest-dev/vitest#10196 (2847d)

browser: Simplify orchestrator otel carrier - by @hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

Stringify diff objects only once - by @sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

... (truncated)

Commits

e61f2dd chore: release v4.1.8
e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
a09d472 chore: release v4.1.7
a8fd24c chore: release v4.1.6
18af98c fix(browser): simplify orchestrator otel carrier (#10285)
3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
e399846 chore: release v4.1.5
7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
9787ded fix: respect diff config options in soft assertions (#8696)
325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.

Updates vitest from 2.0.3 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

browser:

Disable client cdp API when allowWrite/allowExec: false [backport to v4] - by @hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)

Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4] - by @toxik and @Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

runner: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by @hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

browser: Provide project reference in ToMatchScreenshotResolvePath - by @macarie and @sheremet-va in vitest-dev/vitest#10138 (31882)

Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options - by @hi-ogawa, Codex and @sheremet-va in vitest-dev/vitest#10196 (2847d)

browser: Simplify orchestrator otel carrier - by @hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

Stringify diff objects only once - by @sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

... (truncated)

Commits

e61f2dd chore: release v4.1.8
e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
a09d472 chore: release v4.1.7
a8fd24c chore: release v4.1.6
18af98c fix(browser): simplify orchestrator otel carrier (#10285)
3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
e399846 chore: release v4.1.5
7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
9787ded fix: respect diff config options in soft assertions (#8696)
325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.

Removes minimatch

Updates picomatch from 4.0.2 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

4.0.3

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

New Contributors

@Jason3S made their first contribution in micromatch/picomatch#144

Full Changelog: micromatch/picomatch@4.0.2...4.0.3

Commits

e5474fc Publish 4.0.4
4516eb5 Merge commit from fork
5eceecd Merge commit from fork
0db7dd7 Run benchmark again against latest minimatch version (#161)
9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
2661f23 fix typo in globstars.js test name (#138)
1798b07 docs: fix makeRe example (#143)
9d76bc5 chore: undocument removed options (#146)
e4d718b Remove unused time-require (#160)
38dffeb chore(deps): pin dependencies (#158)
Additional commits viewable in compare view

Updates postcss from 8.4.49 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

Fixed ContainerWithChildren type discriminating (by @Goodwine).

8.5.5

Fixed package.json→exports compatibility with some tools (by @JounQin).

8.5.4

Fixed Parcel compatibility issue (by @git-sumitchaudhary).

8.5.3

Added more details to Unknown word error (by @hiepxanh).

Fixed types (by @romainmenke).

Fixed docs (by @catnipan).

8.5.2

Fixed end position of rules with semicolon (by @romainmenke).

8.5.1

Fixed backwards compatibility for complex cases (by @romainmenke).

8.5 “Duke Alloces”

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

Fixed ContainerWithChildren type discriminating (by @Goodwine).

8.5.5

Fixed package.json→exports compatibility with some tools (by @JounQin).

8.5.4

Fixed Parcel compatibility issue (by @git-sumitchaudhary).

8.5.3

... (truncated)

Commits

eae46db Release 8.5.15 version
79508ff Update CI actions
b128e21 Speed up declaration parsing by avoiding creating new array on each token
9825dca Fix code format
55789c8 Update dependencies
84fbbe9 Install older pnpm action for old Node.js
9f860bd Revert pnpm action for old Node.js
0877198 Update CI actions
b2d1a33 Fix linter warnings
0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
Additional commits viewable in compare view

Bumps the npm_and_yarn group with 3 updates in the /client/lib directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [minimatch](https://github.com/isaacs/minimatch). Updates `vite` from 5.4.11 to 8.0.16 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite) Updates `vitest` from 2.0.3 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `vitest` from 2.0.3 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Removes `minimatch` Updates `picomatch` from 4.0.2 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.2...4.0.4) Updates `postcss` from 8.4.49 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.49...8.5.15) --- updated-dependencies: - dependency-name: minimatch dependency-version: dependency-type: indirect - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect - dependency-name: vite dependency-version: 8.0.16 dependency-type: direct:development - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 9, 2026

dependabot Bot mentioned this pull request Jun 9, 2026

Bump the npm_and_yarn group across 1 directory with 5 updates #21

Closed

dependabot Bot force-pushed the dependabot/npm_and_yarn/client/lib/npm_and_yarn-5fd3a3dc3a branch from 6dd55e4 to 7d7f78b Compare June 14, 2026 04:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 5 updates#25

Bump the npm_and_yarn group across 1 directory with 5 updates#25
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/client/lib/npm_and_yarn-5fd3a3dc3a

dependabot Bot commented on behalf of github Jun 9, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v8.0.16

v8.0.15

v8.0.14

v8.0.13

v8.0.12

v8.0.11

v8.0.10

v8.0.9

v8.0.8

v8.0.7

v8.0.6

v8.0.5

v8.0.4

create-vite@8.0.3

v8.0.3

create-vite@8.0.2

v8.0.2

8.0.16 (2026-06-01)

Bug Fixes

8.0.15 (2026-06-01)

Features

Bug Fixes

Miscellaneous Chores

Code Refactoring

8.0.14 (2026-05-21)

Features

Bug Fixes

Miscellaneous Chores

Code Refactoring

v4.1.8

🐞 Bug Fixes

v4.1.7

🐞 Bug Fixes

v4.1.6

🐞 Bug Fixes

🏎 Performance

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

v4.1.8

🐞 Bug Fixes

v4.1.7

🐞 Bug Fixes

v4.1.6

🐞 Bug Fixes

🏎 Performance

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

4.0.4

What's Changed

4.0.3

What's Changed

New Contributors

8.5.15

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

8.5.8

8.5.7

8.5.6

8.5.5

8.5.4

8.5.3

8.5.2

8.5.1

8.5 “Duke Alloces”

8.5.15

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

dependabot Bot commented on behalf of github Jun 9, 2026 •

edited

Loading