chore(deps-dev): bump the dev-dependencies group across 1 directory with 5 updates by dependabot[bot] · Pull Request #12 · camcima/ziggurat

dependabot · 2026-04-30T12:30:28Z

Bumps the dev-dependencies group with 5 updates in the / directory:

Package	From	To
@release-it/conventional-changelog	`10.0.6`	`11.0.0`
release-it	`19.2.4`	`20.0.1`
vite	`6.4.2`	`8.0.10`
vitest	`4.1.4`	`4.1.5`
@opentelemetry/sdk-metrics	`2.7.0`	`2.7.1`

Updates @release-it/conventional-changelog from 10.0.6 to 11.0.0

Release notes

Sourced from @release-it/conventional-changelog's releases.

Release 11.0.0

Fix repository.url (23d3d9cd50fdb4475b8736273a776541833862c0)

docs: fix broken links and remove outdated override warning (#138) (344bad3bf2f90618a86d3e38883a5d5eff12aaf1) - thanks @aarondpn!

fix: support release-it 20 (#142) (043242693e5c88244a25fbcf0dceafcbf955588f) - thanks @twk3!

Update dependencies & bump engines.node (1b746e6b5a26335cf01c314074dcf7e291c260a0)

Commits

981e7b0 Release 11.0.0
1b746e6 Update dependencies & bump engines.node
0432426 fix: support release-it 20 (#142)
344bad3 docs: fix broken links and remove outdated override warning (#138)
23d3d9c Fix repository.url
See full diff in compare view

Updates release-it from 19.2.4 to 20.0.1

Release notes

Sourced from release-it's releases.

Release 20.0.1

fix: allow false as npm config value in types (#1289) (f783e825944cf8114305606116ca61542f0031c6) - thanks @ahippler!

Bump actions/checkout from 5 to 6 (#1262) (19921fc2429b314912a139f66ed43ca12475ffd3) - thanks @dependabot[bot]!

fix: Replace @nodeutils/defaults-deep with defu for deep-default merging (#1297) (8616a216ccf2be474732b1aefbe47dce0e6b4eb0) - thanks @rajnsunny!

Update dependencies (bee31380a2bbdda7aeaffe7658a3900290a1a181)

Release 20.0.0

fix: remove leading slashes from owner (#1288) (5585b720e9389fa857ba50f86161245ccb3b9589) - thanks @driiftkiing!

Fix write: false guard in npm.bump (resolve #1267) (a2d1b99bfe52fff1b6768f904cae5c4aaa78cfb1)

Format (f427a85758999073a5ea4f666c6ddb4cd5586d61)

Release 20.0.0-1

Fix test (56cae4cd441e00a58d3d91fbc15b1503d423a775)

Update changelog & docs for v20 (509e50b043003f8adf3f347af949819e2954b639)

Improve guessPreReleaseTag → getRegistryDistTags (a62509e6c7374e3d6898b17ae9ec8c365296fe64)

Release 20.0.0-0

fix: upgrade undici from 6.23.0 to 7.24.3 to resolve security vulnerabilities (#1285) (cd100eb1368d084f5892a9a2bbad0c14d511125e) - thanks @nbouvrette!

Fix Logger.info() on Node.js 25 (#1284) (dcc0b43fc6bb693b3ec176cd8d77bbb40f454164) - thanks @bidord!

Update proxy-agent to fix DEP0169 (#1287) (c660ef5f34536988abd203807f53ec3ea5c1c742) - thanks @risantos!

Update dependencies (9dc313e29e617af912ace05a5aaa5cc34fdf35a3)

Fix lint issues (a0522ff8777fc6877bf03f5f441e33561c9dc25b)

Bump engines.node (5654b9badae6dd08a3d654772d2f280f6b1d84c3)

Don't roll back if isReleased is set (resolve #1281) (f2a31231f587cb4809415f4eae81a99617177341)

Fix if not running test using npm (332f40536ec32bbd816f9872bb89bc864ee66136)

Migrate to @inquirer/prompts (resolve #1260) (6c21e95c9188e88d41bb30840672cbd5fe99f5b6)

Pop it (c90c4c97e11da8f90b398f045e5337f8ec5e0439)

Changelog

Sourced from release-it's changelog.

Changelog

This document lists breaking changes for each major release.

See the GitHub Releases page for detailed changelogs: [https://github.com/release-it/release-it/releases][1]

v20 (2026-03-24)

Upgraded undici from v6 to v7 to resolve security vulnerabilities.

Upgraded proxy-agent from v6 to v7 to fix DEP0169 (url.parse() deprecation).

Migrated from deprecated inquirer to @inquirer/prompts.

Bumped engines.node to minimum Node.js v20.19.0 (was v20.12.0).

v19 (2025-04-18)

No breaking changes (dependency party)

v18 (2025-01-06)

Removed support for Node.js v18.

v17 (2023-11-11)

Removed support for Node.js v16.

v16 (2023-07-05)

Removed support for Node.js v14.

v15 (2022-04-30)

Removed support for Node.js v10 and v12.

Removed support for GitLab v12.4 and lower.

Removed anonymous metrics (and the option to disable it).

Programmatic usage and plugins only through ES Module syntax (import)

Use release-it v14 in legacy environments.

v14 (2020-09-03)

Removed global property from plugins. Use this.config[key] instead.

Removed deprecated npm.access option. Set this in package.json instead.

v13 (2020-03-07)

Dropped support for Node v8

Dropped support for GitLab v11.6 and lower.

Deprecated scripts are removed (in favor of [hooks][2]).

Removed deprecated --non-interactive (-n) argument. Use --ci instead.

Removed old %s and [REV_RANGE] syntax in command substitutions. Use ${version} and ${latestTag} instead.

... (truncated)

Commits

55701a0 Release 20.0.1
bee3138 Update dependencies
8616a21 fix: Replace @nodeutils/defaults-deep with defu for deep-default merging (#1297)
19921fc Bump actions/checkout from 5 to 6 (#1262)
f783e82 fix: allow false as npm config value in types (#1289)
c03780d Release 20.0.0
f427a85 Format
a2d1b99 Fix write: false guard in npm.bump (resolve #1267)
5585b72 fix: remove leading slashes from owner (#1288)
5a36283 Release 20.0.0-1
Additional commits viewable in compare view

Updates vite from 6.4.2 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

update rolldown to 1.0.0-rc.17 (#22299) (a4d06d9)

Bug Fixes

hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)

css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)

optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)

remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

enable some typecheck rules (#22278) (9437518)

typecheck client directory (#22284) (40a0847)

8.0.9 (2026-04-20)

Features

update rolldown to 1.0.0-rc.16 (#22248) (2947edd)

Bug Fixes

allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)

build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)

bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)

css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)

deps: update all non-major dependencies (#22219) (4cd0d67)

deps: update all non-major dependencies (#22268) (c28e9c1)

detect Deno workspace root (fix #22237) (#22238) (1b793c0)

dev: handle errors in watchChange hook (#22188) (fc08bda)

optimizer: handle more chars that will be sanitized (#22208) (3f24533)

skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

align the descriptions in READMEs (#22231) (44c42b9)

fix reuses wording in dev environment comment (#22173) (9163412)

fix wording in sass error comment (#22214) (bc5c6a7)

update build CLI defaults (#22261) (605bb97)

Miscellaneous Chores

deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)

8.0.8 (2026-04-09)

Features

update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

... (truncated)

Commits

32c2978 release: v8.0.10
a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
40a0847 refactor: typecheck client directory (#22284)
5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
9437518 refactor: enable some typecheck rules (#22278)
ce729f5 release: v8.0.9
605bb97 docs: update build CLI defaults (#22261)
Additional commits viewable in compare view

Updates vitest from 4.1.4 to 4.1.5

Release notes

Sourced from vitest's releases.

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

Commits

e399846 chore: release v4.1.5
7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
9787ded fix: respect diff config options in soft assertions (#8696)
325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
663b99f fix: alias agent reporter to minimal (#10157)
122c25b fix: fix vi.defineHelper called as object method (#10163)
6abd557 feat(api): make test-specification options writable (#10154)
596f739 fix: project color label on html reporter (#10142)
9423dc0 fix: --project negation excludes browser instances (#10131)
Additional commits viewable in compare view

Updates @opentelemetry/sdk-metrics from 2.7.0 to 2.7.1

Release notes

Sourced from @opentelemetry/sdk-metrics's releases.

v2.7.1

2.7.1

🐛 Bug Fixes

fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @david-luna

important: this bug fix may be breaking for certain uses of TraceState

set now returns the same TraceState instance if key/value are invalid or makes the while trace state invalid.

unset now returns the same TraceState instance if key is not present.

best-effort parsing of invalid TraceStates has changed: when multiple keys with the same name are present, the most recent one will win.

🏠 Internal

perf(sdk-trace-base): optimize TraceIdRatioBasedSampler performance #6284 @AbhiPrasad

perf(sdk-metrics): reduce loop overhead in sdk hot paths #6593 @mcollina

Changelog

Sourced from @opentelemetry/sdk-metrics's changelog.

2.7.1

🐛 Bug Fixes

fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @david-luna

important: this bug fix may be breaking for certain uses of TraceState

set now returns the same TraceState instance if key/value are invalid or makes the while trace state invalid.

unset now returns the same TraceState instance if key is not present.

best-effort parsing of invalid TraceStates has changed: when multiple keys with the same name are present, the most recent one will win.

🏠 Internal

perf(sdk-trace-base): optimize TraceIdRatioBasedSampler performance #6284 @AbhiPrasad

Commits

2400d83 chore: prepare next release (#6647)
f7a9b7c fix(otlp-transformer): pin protobufjs to 8.0.1 (#6646)
cb38d7f test(otlp-transformer): add metrics transfrom benchmark (#6628)
a28f12f fix(opentelemetry-core): defer tracestate vaidation (#6459)
b27c514 refactor(opentelemetry-exporter-prometheus): do not call `enforcePrometheusNa...
a2a8186 perf(sdk-trace-base): optimize TraceIdRatioBasedSampler hex parsing (#6284)
4c0f3f1 feat(sdk-node): set TracerProvider in startNodeSDK() (#6607)
417f2f1 fix(instr-xhr): do not unpatch XHR methods (#6611)
47ac523 Revert "chore: allow browser maintainers to approve changelog edits" (#6627)
86c621d fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix pr...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ith 5 updates Bumps the dev-dependencies group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@release-it/conventional-changelog](https://github.com/release-it/conventional-changelog) | `10.0.6` | `11.0.0` | | [release-it](https://github.com/release-it/release-it) | `19.2.4` | `20.0.1` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.4.2` | `8.0.10` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.4` | `4.1.5` | | [@opentelemetry/sdk-metrics](https://github.com/open-telemetry/opentelemetry-js) | `2.7.0` | `2.7.1` | Updates `@release-it/conventional-changelog` from 10.0.6 to 11.0.0 - [Release notes](https://github.com/release-it/conventional-changelog/releases) - [Commits](release-it/conventional-changelog@10.0.6...11.0.0) Updates `release-it` from 19.2.4 to 20.0.1 - [Release notes](https://github.com/release-it/release-it/releases) - [Changelog](https://github.com/release-it/release-it/blob/main/CHANGELOG.md) - [Commits](release-it/release-it@19.2.4...20.0.1) Updates `vite` from 6.4.2 to 8.0.10 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite) Updates `vitest` from 4.1.4 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest) Updates `@opentelemetry/sdk-metrics` from 2.7.0 to 2.7.1 - [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-js@v2.7.0...v2.7.1) --- updated-dependencies: - dependency-name: "@release-it/conventional-changelog" dependency-version: 11.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: dev-dependencies - dependency-name: release-it dependency-version: 20.0.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: dev-dependencies - dependency-name: vite dependency-version: 8.0.10 dependency-type: direct:development update-type: version-update:semver-major dependency-group: dev-dependencies - dependency-name: vitest dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: "@opentelemetry/sdk-metrics" dependency-version: 2.7.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-04T02:42:12Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 30, 2026

dependabot Bot closed this May 4, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/dev-dependencies-f49ef07d6c branch May 4, 2026 02:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps-dev): bump the dev-dependencies group across 1 directory with 5 updates#12

chore(deps-dev): bump the dev-dependencies group across 1 directory with 5 updates#12
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-f49ef07d6c

dependabot Bot commented on behalf of github Apr 30, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release 11.0.0

Release 20.0.1

Release 20.0.0

Release 20.0.0-1

Release 20.0.0-0

Changelog

v20 (2026-03-24)

v19 (2025-04-18)

v18 (2025-01-06)

v17 (2023-11-11)

v16 (2023-07-05)

v15 (2022-04-30)

v14 (2020-09-03)

v13 (2020-03-07)

v8.0.10

v8.0.9

v8.0.8

v8.0.7

v8.0.6

v8.0.5

v8.0.4

create-vite@8.0.3

v8.0.3

create-vite@8.0.2

v8.0.2

create-vite@8.0.1

v8.0.1

plugin-legacy@8.0.1

create-vite@8.0.0

plugin-legacy@8.0.0

v8.0.0

8.0.10 (2026-04-23)

Features

Bug Fixes

Code Refactoring

8.0.9 (2026-04-20)

Features

Bug Fixes

Documentation

Miscellaneous Chores

8.0.8 (2026-04-09)

Features

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v2.7.1

2.7.1

🐛 Bug Fixes

🏠 Internal

2.7.1

🐛 Bug Fixes

🏠 Internal

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Apr 30, 2026 •

edited

Loading