Skip to content

chore(deps): bump the npm_and_yarn group across 3 directories with 13 updates#18

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-aa943691a8
Open

chore(deps): bump the npm_and_yarn group across 3 directories with 13 updates#18
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-aa943691a8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 20, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package From To
turbo 2.6.0 2.9.14
@sveltejs/kit 2.55.0 2.60.1
@tanstack/start-server-core 1.134.20 1.167.30
drizzle-orm 0.38.4 0.45.2
happy-dom 20.0.11 20.8.9
postcss 8.5.6 8.5.10
vite 7.2.2 7.3.5
hono 4.12.8 4.12.25
defu 6.1.4 6.1.5
kysely 0.28.14 0.28.17
next 16.1.7 16.2.6
vitest 3.2.4 3.2.6
fast-xml-parser 5.5.8 5.7.0

Bumps the npm_and_yarn group with 2 updates in the /templates/cloudflare-deploy directory: drizzle-orm and hono.
Bumps the npm_and_yarn group with 2 updates in the /templates/vercel-deploy directory: drizzle-orm and hono.

Updates turbo from 2.6.0 to 2.9.14

Release notes

Sourced from turbo's releases.

Turborepo v2.9.14

[!NOTE] This release contains important security fixes.

High:

Low:

What's Changed

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

Turborepo v2.9.13-canary.1

What's Changed

Changelog

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for turbo since your current version.


Updates @sveltejs/kit from 2.55.0 to 2.60.1

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.60.1

Patch Changes

  • chore: bump svelte and devalue (#15836)

  • fix: prevent query.batch cross-talk (dadaefc)

@​sveltejs/kit@​2.60.0

Minor Changes

  • feat: allow 'submit' and 'hidden' form fields to accept numbers and booleans (#15802)

  • feat: warn on unread form remote function validation issues (#15653)

Patch Changes

  • fix: abort navigation after async rendering if obsolete (#15811)

  • fix: skip refreshing queries on full-page reload form submissions (#15803)

@​sveltejs/kit@​2.59.1

Patch Changes

  • fix: resolve paths to route files with the letter drive on Windows (#15793)

@​sveltejs/kit@​2.59.0

Minor Changes

  • feat: support query.batch in requested(...) (#15751)

  • breaking: on the server, make the promise returned from refresh represent adding the refresh to the map, not the time it takes to run the remote function (#15705)

  • feat: experimental query.live function (#15705)

Patch Changes

  • fix: unwrap Promise in RemoteCommand output type (#15771)

  • fix: empty call to .updates() on a command/form invocation means "don't update anything" (#15705)

  • fix: form.fields.foo.as('checkbox', default_value) now works (#15752)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.60.1

Patch Changes

  • chore: bump svelte and devalue (#15836)

  • fix: prevent query.batch cross-talk (dadaefc)

2.60.0

Minor Changes

  • feat: allow 'submit' and 'hidden' form fields to accept numbers and booleans (#15802)

  • feat: warn on unread form remote function validation issues (#15653)

Patch Changes

  • fix: abort navigation after async rendering if obsolete (#15811)

  • fix: skip refreshing queries on full-page reload form submissions (#15803)

2.59.1

Patch Changes

  • fix: resolve paths to route files with the letter drive on Windows (#15793)

2.59.0

Minor Changes

  • feat: support query.batch in requested(...) (#15751)

  • breaking: on the server, make the promise returned from refresh represent adding the refresh to the map, not the time it takes to run the remote function (#15705)

  • feat: experimental query.live function (#15705)

Patch Changes

  • fix: unwrap Promise in RemoteCommand output type (#15771)

... (truncated)

Commits

Updates @tanstack/start-server-core from 1.134.20 to 1.167.30

Changelog

Sourced from @​tanstack/start-server-core's changelog.

1.167.30

Patch Changes

  • Update seroval dependencies to version 1.5.4. (#7340)

  • Updated dependencies [35e88f0]:

    • @​tanstack/router-core@​1.169.2
    • @​tanstack/start-client-core@​1.168.2
    • @​tanstack/start-storage-context@​1.166.35

1.167.29

Patch Changes

  • fix(start-server-core): fall back HEAD requests to GET then ANY per RFC 9110 §9.3.2 (#7325)

1.167.28

Patch Changes

  • Add opt-in Start response Link headers for collected Early Hints. (#7327)

1.167.27

Patch Changes

  • Add experimental HTTP 103 Early Hints support to Start server handlers. (#7324)

1.167.26

Patch Changes

  • Updated dependencies [4a1e63f]:
    • @​tanstack/router-core@​1.169.1
    • @​tanstack/start-client-core@​1.168.1
    • @​tanstack/start-storage-context@​1.166.34

1.167.25

Patch Changes

  • Updated dependencies [82b0613]:
    • @​tanstack/start-client-core@​1.168.0

1.167.24

Patch Changes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tanstack/start-server-core since your current version.


Updates drizzle-orm from 0.38.4 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

  • Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

0.45.1

  • Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

0.45.0

  • Fixed pg-native Pool detection in node-postgres transactions
  • Allowed subqueries in select fields
  • Updated typo algorythm => algorithm
  • Fixed $onUpdate not handling SQL values (fixes #2388, tests implemented by L-Mario564 in #2911)
  • Fixed pg mappers not handling Date instances in bun-sql:postgresql driver responses for date, timestamp types (fixes #4493)

0.44.7

0.44.6

  • feat: add $replicas reference #4874

0.44.5

  • Fixed invalid usage of .one() in durable-sqlite session
  • Fixed spread operator related crash in sqlite blob columns
  • Better browser support for sqlite blob columns
  • Improved sqlite blob mapping

0.44.4

0.44.3

  • Fixed types of $client for clients created by drizzle function
await db.$client.[...]
  • Added the updated_at column to the neon_auth.users_sync table definition.

0.44.2

  • [BUG]: Fixed type issues with joins with certain variations of tsconfig: #4535, #4457

0.44.1

0.44.0

Error handling

Starting from this version, we’ve introduced a new DrizzleQueryError that wraps all errors from database drivers and provides a set of useful information:

... (truncated)

Commits
  • 273c780 + 0.45.2 (#5534)
  • 4aa6ecf Kit updates (#5490)
  • e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
  • a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
  • c445637 Merge pull request #5095 from drizzle-team/main-workflows
  • e7b3aaa Merge branch 'main' into main-workflows
  • 0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
  • 45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
  • 6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
  • 53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for drizzle-orm since your current version.


Updates happy-dom from 20.0.11 to 20.8.9

Release notes

Sourced from happy-dom's releases.

v20.8.9

👷‍♂️ Patch fixes

  • Fixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By @​capricorn86 in task #2117

v20.8.8

👷‍♂️ Patch fixes

  • Fixes issue where export names can be interpolated as executable code in ESM - By @​capricorn86 in task #2113
    • A security advisory (GHSA-6q6h-j7hj-3r64) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to @​tndud042713 for reporting this!

v20.8.7

👷‍♂️ Patch fixes

  • Replace implementing Node.js Console with common IConsole interface to support latest version of Bun - By @​YevheniiKotyrlo in task #1845

v20.8.6

👷‍♂️ Patch fixes

v20.8.5

👷‍♂️ Patch fixes

  • Fixes error thrown when modifying DOM structure in connectedCallback() - By @​capricorn86 in task #2110

v20.8.4

👷‍♂️ Patch fixes

v20.8.3

👷‍♂️ Patch fixes

  • Throw error if event is not of type Event in EventTarget.dispatchEvent() - By @​capricorn86 in task #2054

v20.8.2

👷‍♂️ Patch fixes

  • Resets Event.cancelBubble and Event.defaultPrevented when calling Event.initEvent() - By @​capricorn86 in task #2090

v20.8.1

👷‍♂️ Patch fixes

v20.8.0

🎨 Features

  • Adds support for setPointerCapture, hasPointerCapture, and releasePointerCapture to Element - By @​coffeeandwork in task #1733

v20.7.2

👷‍♂️ Patch fixes

  • Properly decode CSS escape sequences in attribute selector values - By @​silverwind

v20.7.1

👷‍♂️ Patch fixes

  • Fixes issue related to parsing direct descendants (>) and universal (*) query selectors - By @​Cherry in task #2078

... (truncated)

Commits
  • 68324c2 fix: #2117 Fixes issue related to cookies from the current origin being for...
  • 5437fdf fix: #2113 Fixes issue where export names can be interpolated as executable...
  • 7e97acb fix: #1845 Replace implementing Node js Console with common IConsole interf...
  • 3373929 fix: #2106 Request.formData() should honor Content-Type header (#2107)
  • 55c17ba fix: #2110 Fixes error thrown when modifying DOM structure in connectedCall...
  • 82a0888 fix: #1845 Replace ConsoleConstructor import with indexed access type (#2095)
  • 5998eea fix: #2054 Throw error if event is not of type Event in dispatchEvent (#2092)
  • 7a11238 fix: #2090 Resets cancelBubble and defaultPrevented when calling initEvent ...
  • 7d27984 fix: #1422 Make inert attribute block focus interactions (#2083)
  • 53e4ec9 feat: #1733 Adds support for setPointerCapture, hasPointerCapture, and rele...
  • Additional commits viewable in compare view

Updates postcss from 8.5.6 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Changelog

Sourced from postcss's changelog.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Commits

Updates vite from 7.2.2 to 7.3.5

Release notes

Sourced from vite's releases.

v7.3.5

Please refer to CHANGELOG.md for details.

v7.3.3

Please refer to CHANGELOG.md for details.

v7.3.2

Please refer to CHANGELOG.md for details.

v7.3.1

Please refer to CHANGELOG.md for details.

v7.3.0

Please refer to CHANGELOG.md for details.

v7.2.7

Please refer to CHANGELOG.md for details.

v7.2.6

Please refer to CHANGELOG.md for details.

v7.2.5

Please refer to CHANGELOG.md for details.

Note: 7.2.5 failed to publish so it is skipped on npm

v7.2.4

Please refer to CHANGELOG.md for details.

v7.2.3

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.3.5 (2026-06-01)

Bug Fixes

Miscellaneous Chores

7.3.4 (2026-06-01)

Bug Fixes

7.3.3 (2026-05-07)

Bug Fixes

7.3.2 (2026-04-06)

Bug Fixes

7.3.1 (2026-01-07)

Features

  • add ignoreOutdatedRequests option to optimizeDeps (#21364) (9d39d37)

7.3.0 (2025-12-15)

Features

  • deps: update esbuild from ^0.25.0 to ^0.27.0 (#21183) (cff26ec)

7.2.7 (2025-12-08)

Bug Fixes

7.2.6 (2025-12-01)

7.2.5 (2025-12-01)

Bug Fixes

... (truncated)

Commits

Updates hono from 4.12.8 to 4.12.25

Release notes

Sourced from hono's releases.

v4.12.25

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

Affects: hono/aws-lambda. Fixes multiple Set-Cookie response headers being joined into one comma-separated value for ALB single-header responses and VPC Lattice v2, where the value could not be split back into individual cookies and clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf

Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Affects: hono/lambda-edge. Fixes repeated request headers being written with overwrite instead of append, where only the last value of a header such as X-Forwarded-For reached the application and the remaining values were silently dropped. GHSA-wgpf-jwqj-8h8p

v4.12.24

What's Changed

Full Changelog: honojs/hono@v4.12.23...v4.12.24

v4.12.23

What's Changed

Full Changelog: honojs/hono@v4.12.22...v4.12.23

v4.12.22

What's Changed

... (truncated)

Commits

Updates defu from 6.1.4 to 6.1.5

Release notes

Sourced from defu's releases.

v6.1.5

compare changes

🩹 Fixes

  • Prevent prototype pollution via __proto__ in defaults (#156)
  • Ignore inherited enumerable properties (11ba022)

✅ Tests

  • Add more tests for plain objects (b65f603)

❤️ Contributors

Changelog

Sourced from defu's changelog.

v6.1.5

compare changes

🩹 Fixes

  • Prevent prototype pollution via __proto__ in defaults (#156)
  • Ignore inherited enumerable properties (11ba022)

🏡 Chore

✅ Tests

  • Add more tests for plain objects (b65f603)

🤖 CI

❤️ Contributors

Commits
  • 23e59e6 chore(release): v6.1.5
  • 11ba022 fix: ignore inherited enumerable properties
  • 3942bfb fix: prevent prototype pollution via __proto__ in defaults (#156)
  • d3ef16d chore(deps): update actions/checkout action to v6 (#151)
  • 869a053 chore(deps): update actions/setup-node action to v6 (#149)
  • a97310c chore(deps): update codecov/codecov-action action to v6 (#154)
  • 89df6bb chore: fix typecheck
  • 9237d9c ci: bump node
  • 23cc432 chore: update repo
  • 70cffe5 chore: add t...

    Description has been truncated

… updates

Bumps the npm_and_yarn group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [turbo](https://github.com/vercel/turborepo) | `2.6.0` | `2.9.14` |
| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.55.0` | `2.60.1` |
| [@tanstack/start-server-core](https://github.com/TanStack/router/tree/HEAD/packages/start-server-core) | `1.134.20` | `1.167.30` |
| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.38.4` | `0.45.2` |
| [happy-dom](https://github.com/capricorn86/happy-dom) | `20.0.11` | `20.8.9` |
| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.10` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.3.5` |
| [hono](https://github.com/honojs/hono) | `4.12.8` | `4.12.25` |
| [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.5` |
| [kysely](https://github.com/kysely-org/kysely) | `0.28.14` | `0.28.17` |
| [next](https://github.com/vercel/next.js) | `16.1.7` | `16.2.6` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.2.4` | `3.2.6` |
| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.5.8` | `5.7.0` |

Bumps the npm_and_yarn group with 2 updates in the /templates/cloudflare-deploy directory: [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) and [hono](https://github.com/honojs/hono).
Bumps the npm_and_yarn group with 2 updates in the /templates/vercel-deploy directory: [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) and [hono](https://github.com/honojs/hono).


Updates `turbo` from 2.6.0 to 2.9.14
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.6.0...v2.9.14)

Updates `@sveltejs/kit` from 2.55.0 to 2.60.1
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.60.1/packages/kit)

Updates `@tanstack/start-server-core` from 1.134.20 to 1.167.30
- [Release notes](https://github.com/TanStack/router/releases)
- [Changelog](https://github.com/TanStack/router/blob/main/packages/start-server-core/CHANGELOG.md)
- [Commits](https://github.com/TanStack/router/commits/@tanstack/start-server-core@1.167.30/packages/start-server-core)

Updates `drizzle-orm` from 0.38.4 to 0.45.2
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.38.4...0.45.2)

Updates `happy-dom` from 20.0.11 to 20.8.9
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v20.0.11...v20.8.9)

Updates `postcss` from 8.5.6 to 8.5.10
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.6...8.5.10)

Updates `vite` from 7.2.2 to 7.3.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.5/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.5/packages/vite)

Updates `hono` from 4.12.8 to 4.12.25
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.8...v4.12.25)

Updates `defu` from 6.1.4 to 6.1.5
- [Release notes](https://github.com/unjs/defu/releases)
- [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md)
- [Commits](unjs/defu@v6.1.4...v6.1.5)

Updates `kysely` from 0.28.14 to 0.28.17
- [Release notes](https://github.com/kysely-org/kysely/releases)
- [Commits](kysely-org/kysely@v0.28.14...v0.28.17)

Updates `next` from 16.1.7 to 16.2.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.1.7...v16.2.6)

Updates `vitest` from 3.2.4 to 3.2.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest)

Updates `fast-xml-parser` from 5.5.8 to 5.7.0
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.5.8...v5.7.0)

Updates `drizzle-orm` from 0.38.4 to 0.45.2
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.38.4...0.45.2)

Updates `hono` from 4.12.8 to 4.12.25
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.8...v4.12.25)

Updates `drizzle-orm` from 0.38.4 to 0.45.2
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.38.4...0.45.2)

Updates `hono` from 4.12.8 to 4.12.25
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.8...v4.12.25)

---
updated-dependencies:
- dependency-name: turbo
  dependency-version: 2.9.14
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.60.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@tanstack/start-server-core"
  dependency-version: 1.167.30
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: happy-dom
  dependency-version: 20.8.9
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.25
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: defu
  dependency-version: 6.1.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: kysely
  dependency-version: 0.28.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 16.2.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 3.2.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-version: 5.7.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.25
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.25
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants