Skip to content

Bump the npm_and_yarn group across 1 directory with 19 updates#11

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-8dd9879e17
Open

Bump the npm_and_yarn group across 1 directory with 19 updates#11
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-8dd9879e17

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 14 updates in the / directory:

Package From To
@opentelemetry/core 2.5.1 2.9.0
http-proxy-middleware 3.0.5 3.0.7
js-cookie 3.0.5 3.0.7
js-yaml 4.1.1 4.3.0
liquidjs 10.25.5 10.26.0
next 16.2.3 16.2.6
vitest 4.0.18 4.1.0
form-data 4.0.5 4.0.6
form-data 2.5.5 2.5.6
axios 1.15.0 1.18.1
undici 6.24.0 6.27.0
undici 7.24.1 7.28.0
fast-uri 3.0.1 3.1.3
markdown-it 14.1.0 removed
qs 6.14.2 6.15.3
tmp 0.2.5 0.2.7

Updates @opentelemetry/core from 2.5.1 to 2.9.0

Release notes

Sourced from @​opentelemetry/core's releases.

v2.9.0

2.9.0

💥 Breaking Changes

  • docs(shim-opentracing): Notice: The @opentelemetry/shim-opentracing package will be removed in SDK 3.x, planned for approximately September 2026.
    • The OpenCensus and OpenTracing compatibility requirements in the OpenTelemetry specification have been deprecated.

🚀 Features

  • feat(sdk-metrics): add maxExportBatchSize option to PeriodicExportingMetricReader #6655 @​psx95
    • Optimized PeriodicExportingMetricReader.forceFlush to prevent redundant concurrent export cycles. Concurrent calls to forceFlush will now await any ongoing export and reuse a fresh export cycle if one is started concurrently by another caller. This ensures the latest metrics are always exported efficiently without triggering duplicate collection and export cycles.
  • feat(sdk-trace): implement span processor metrics #6504 @​anuraaga
  • feat(sdk-trace): add a new "sdk-trace" package to hold the Trace SDK, without environment variable configuration handling that belongs elsewhere #6775 @​trentm
    • "sdk-trace" will eventually replace all of "sdk-trace-base", "sdk-trace-node", and "sdk-trace-web".
    • The BatchSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new BatchSpanProcessor(exporter, { maxQueueSize: 1000 }), after new BatchSpanProcessor({ exporter, maxQueueSize: 1000 }). #6817
    • The SimpleSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new SimpleSpanProcessor(exporter), after new SimpleSpanProcessor({ exporter, selfObsMeterProvider: ... }). #6504
  • feat(sdk-trace): add AlwaysRecordSampler #6188 @​majanjua-amzn

🐛 Bug Fixes

  • fix(propagator-jaeger): do not throw on malformed percent-encoded uber-trace-id / uberctx-* headers during extract @​pichlermarc

🏠 Internal

  • perf(sdk-metrics): defer allocation of HrTime to accumulation creation #6839 @​legendecas
  • chore(*): migrate use of sdk-trace-base and sdk-trace-node to sdk-trace #6851 @​trentm
  • perf(sdk-metrics): optionally capture active context for sync instruments #6848 @​legendecas

v2.8.0

2.8.0

🚀 Features

  • feat(sdk-trace-base): pretty-print SpanImpl, Tracer, and BasicTracerProvider via util.inspect so they render through diag and console.log #6690 @​mcollina
  • feat(sdk-metrics): implement metric reader self-observability metrics #6449 @​anuraaga
  • feat(core): add hrTimeToSeconds #6449 @​anuraaga

🐛 Bug Fixes

  • fix(core): limit processing of incoming "baggage" header to 8192 bytes @​pichlermarc

v2.7.1

2.7.1

🐛 Bug Fixes

  • fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @​david-luna

... (truncated)

Changelog

Sourced from @​opentelemetry/core's changelog.

2.9.0

💥 Breaking Changes

  • docs(shim-opentracing): Notice: The @opentelemetry/shim-opentracing package will be removed in SDK 3.x, planned for approximately September 2026.
    • The OpenCensus and OpenTracing compatibility requirements in the OpenTelemetry specification have been deprecated.

🚀 Features

  • feat(sdk-metrics): add maxExportBatchSize option to PeriodicExportingMetricReader #6655 @​psx95
    • Optimized PeriodicExportingMetricReader.forceFlush to prevent redundant concurrent export cycles. Concurrent calls to forceFlush will now await any ongoing export and reuse a fresh export cycle if one is started concurrently by another caller. This ensures the latest metrics are always exported efficiently without triggering duplicate collection and export cycles.
  • feat(sdk-trace): implement span processor metrics #6504 @​anuraaga
  • feat(sdk-trace): add a new "sdk-trace" package to hold the Trace SDK, without environment variable configuration handling that belongs elsewhere #6775 @​trentm
    • "sdk-trace" will eventually replace all of "sdk-trace-base", "sdk-trace-node", and "sdk-trace-web".
    • The BatchSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new BatchSpanProcessor(exporter, { maxQueueSize: 1000 }), after new BatchSpanProcessor({ exporter, maxQueueSize: 1000 }). #6817
    • The SimpleSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new SimpleSpanProcessor(exporter), after new SimpleSpanProcessor({ exporter, selfObsMeterProvider: ... }). #6504
  • feat(sdk-trace): add AlwaysRecordSampler #6188 @​majanjua-amzn

🐛 Bug Fixes

  • fix(propagator-jaeger): do not throw on malformed percent-encoded uber-trace-id / uberctx-* headers during extract @​pichlermarc

🏠 Internal

  • perf(sdk-metrics): defer allocation of HrTime to accumulation creation #6839 @​legendecas
  • chore(*): migrate use of sdk-trace-base and sdk-trace-node to sdk-trace #6851 @​trentm
  • perf(sdk-metrics): optionally capture active context for sync instruments #6848 @​legendecas

2.8.0

🚀 Features

  • feat(sdk-trace-base): pretty-print SpanImpl, Tracer, and BasicTracerProvider via util.inspect so they render through diag and console.log #6690 @​mcollina
  • feat(sdk-metrics): implement metric reader self-observability metrics #6449 @​anuraaga
  • feat(core): add hrTimeToSeconds #6449 @​anuraaga

🐛 Bug Fixes

  • fix(core): limit processing of incoming "baggage" header to 8192 bytes @​pichlermarc

2.7.1

🐛 Bug Fixes

  • fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @​david-luna
    • important: this bug fix may be breaking for certain uses of TraceState
      • set now returns the same TraceState instance if key/value are invalid or makes the while trace state invalid.
      • unset now returns the same TraceState instance if key is not present.
      • best-effort parsing of invalid TraceStates has changed: when multiple keys with the same name are present, the most recent one will win.

... (truncated)

Commits
  • 40d67b7 chore: prepare next release (#6869)
  • b1c196d Merge commit from fork
  • d375c08 fix(instrumentation,instrumentation-http): fix codecov under-reporting (#6867)
  • d61ab5f perf(sdk-metrics): optionally capture active context for sync instruments (#6...
  • 9e6475e fix(core): guard timeInputToHrTime against clock-skew misclassification (#677...
  • c989308 feat(sdk-node): wire up tracer_provider.sampler from declarative config (#6847)
  • dddbc0e feat(sdk-trace): add AlwaysRecordSampler (#6168)
  • 991434c chore(deps): update dependency @​bufbuild/buf to v1.71.0 (#6863)
  • 69303d0 chore(deps): update all patch versions (#6862)
  • 6690b03 chore(sdk-node)!: Drop support for deprecated OpenCensusMetricProducer from d...
  • Additional commits viewable in compare view

Updates http-proxy-middleware from 3.0.5 to 3.0.7

Release notes

Sourced from http-proxy-middleware's releases.

v3.0.7

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v3.0.6...v3.0.7

v3.0.6

What's Changed

... (truncated)

Changelog

Sourced from http-proxy-middleware's changelog.

v3.0.7

  • fix(fixRequestBody): harden form-data stringification

v3.0.6

  • fix(types): fix Logger type
  • fix(error-response-plugin): sanitize input
  • fix(router): harden proxy-table matching (exact host for host+path keys, prefix-only path matching) to prevent routing bypass
Commits
  • 8cc4eba chore(package.json): v3.0.7 (#1261)
  • c13a99c fix(fixRequestBody): harden form-data stringification (#1259)
  • ea0bb98 chore(package.json): v3.0.6 (#1256)
  • f377520 fix(router): harden proxy-table matching (#1254)
  • f6be2c6 chore(yarn.lock): bump to follow-redirects 1.16.0
  • a36f009 ci(publish.yml): npm stage publish
  • 3471790 ci(github actions): update publish.yml for 3.x branch
  • bcf1864 build(vscode): use workspace version of TypeScript (#1173)
  • 48ed092 docs(examples): fix websocket example (#1170)
  • 0fe7c24 chore(package.json): bump dev-deps (#1171)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for http-proxy-middleware since your current version.


Updates js-cookie from 3.0.5 to 3.0.7

Release notes

Sourced from js-cookie's releases.

v3.0.7

  • Prevent cookie attribute injection: CVE-2026-46625 (eb3c40e)
  • Add Partitioned attribute to readme (b994768)
  • Publish to npm registry via trusted publisher exclusively (4dc71be)
  • Ensure consistent behaviour for get('name') + get() (1953d30)
Commits
  • 17bacba Craft v3.0.7 release
  • adb823c Fix release workflow halting at git tag
  • 5f9e759 May remove Git user config from release workflow
  • 6ac9211 Fix release workflow not able to push commit + tag
  • 2278bc5 Fix missing package version bump
  • eb3c40e Prevent cookie attribute injection
  • f6f157f Bump globals from 17.5.0 to 17.6.0
  • f409d02 Bump eslint from 10.2.0 to 10.3.0
  • a686883 Bump protobufjs in the npm_and_yarn group across 1 directory
  • c6112d2 Bump @​protobufjs/utf8 in the npm_and_yarn group across 1 directory
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for js-cookie since your current version.


Updates js-yaml from 4.1.1 to 4.3.0

Changelog

Sourced from js-yaml's changelog.

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.

... (truncated)

Commits
  • 33d05b5 4.3.0 released
  • 663bfab Drop demo publish, to not override new v5 one.
  • 1cb8c7b Add v4-legacy tag for publish
  • 02f27af Restore umd builds back to es5
  • 8be84ed Fix es5 compatibility
  • 59423c6 Replace maxMergeSeqLength option with maxTotalMergeKeys (more robust). Ba...
  • 6842ef6 doc polish
  • 590dbab 4.2.0 released
  • f944dc5 Add package.json funding field
  • f692719 Changelog update
  • Additional commits viewable in compare view

Updates liquidjs from 10.25.5 to 10.26.0

Release notes

Sourced from liquidjs's releases.

v10.26.0

10.26.0 (2026-05-14)

Bug Fixes

  • date: cap strftime widths and account padding in memoryLimit (#895) (3129d46)
  • enforce renderLimit for empty renderTemplates calls (#894) (5b9c346)
  • propagate ownPropertyOnly into Context.spawn() for {% render %} (#893) (dbbf628)
  • security: block Object.prototype filter/tag lookups (RCE) (#897) (457fae0)
  • strip html newline tags (#892) (26ea285)
  • strip_html: rewrite as linear single-pass scan to avoid ReDoS (#896) (3616a74)

Features

  • add sha256 and hmac_sha256 filters for cryptographic operations (#889) (1c816d4)

v10.25.7

10.25.7 (2026-04-23)

Bug Fixes

  • filters: support Buffer input in base64_encode to prevent binary data corruption (#881) (0ee6dbb)

v10.25.6

10.25.6 (2026-04-19)

Bug Fixes

Changelog

Sourced from liquidjs's changelog.

10.26.0 (2026-05-14)

Bug Fixes

  • date: cap strftime widths and account padding in memoryLimit (#895) (3129d46)
  • enforce renderLimit for empty renderTemplates calls (#894) (5b9c346)
  • propagate ownPropertyOnly into Context.spawn() for {% render %} (#893) (dbbf628)
  • security: block Object.prototype filter/tag lookups (RCE) (#897) (457fae0)
  • strip html newline tags (#892) (26ea285)
  • strip_html: rewrite as linear single-pass scan to avoid ReDoS (#896) (3616a74)

Features

  • add sha256 and hmac_sha256 filters for cryptographic operations (#889) (1c816d4)

10.25.7 (2026-04-23)

Bug Fixes

  • filters: support Buffer input in base64_encode to prevent binary data corruption (#881) (0ee6dbb)

10.25.6 (2026-04-19)

Bug Fixes

Commits
  • c20c0af chore(release): 10.26.0 [skip ci]
  • 457fae0 fix(security): block Object.prototype filter/tag lookups (RCE) (#897)
  • 3616a74 fix(strip_html): rewrite as linear single-pass scan to avoid ReDoS (#896)
  • 3129d46 fix(date): cap strftime widths and account padding in memoryLimit (#895)
  • 5b9c346 fix: enforce renderLimit for empty renderTemplates calls (#894)
  • dbbf628 fix: propagate ownPropertyOnly into Context.spawn() for {% render %} (#893)
  • 26ea285 fix: strip html newline tags (#892)
  • a55f543 docs(readme): add Freshet to Who's Using LiquidJS (#888)
  • d1d517d docs: add VladimirFilonov as a contributor for code (#891)
  • 1c816d4 feat: add sha256 and hmac_sha256 filters for cryptographic operations (#889)
  • Additional commits viewable in compare view

Updates next from 16.2.3 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

Low:

Core Changes

  • fix: preserve HTTP access fallbacks during prerender recovery (#92231)
  • Fix fallback route params case in app-page handler (#91737)
  • Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)
  • Patch setHeader for direct route handlers (#93101)
  • Include deployment id in cacheHandlers keys (#93453)
  • Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

... (truncated)

Commits
  • ee6e79b v16.2.6
  • afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
  • 97a154e Turbopack: Fix middleware matcher suffix (#93590)
  • 83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
  • 7b222b9 [backport][test] Pin package manager to patch versions (#93595)
  • a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
  • 766148f v16.2.5
  • 0dd9483 fix: add explicit checks for RSC header (#83) (#98)
  • d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
  • 9d50c0b Strip next-resume header from incoming requests (#92)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.


Updates vitest from 4.0.18 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

Bumps the npm_and_yarn group with 14 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@opentelemetry/core](https://github.com/open-telemetry/opentelemetry-js) | `2.5.1` | `2.9.0` |
| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `3.0.5` | `3.0.7` |
| [js-cookie](https://github.com/js-cookie/js-cookie) | `3.0.5` | `3.0.7` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.3.0` |
| [liquidjs](https://github.com/harttle/liquidjs) | `10.25.5` | `10.26.0` |
| [next](https://github.com/vercel/next.js) | `16.2.3` | `16.2.6` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.18` | `4.1.0` |
| [form-data](https://github.com/form-data/form-data) | `4.0.5` | `4.0.6` |
| [form-data](https://github.com/form-data/form-data) | `2.5.5` | `2.5.6` |
| [axios](https://github.com/axios/axios) | `1.15.0` | `1.18.1` |
| [undici](https://github.com/nodejs/undici) | `6.24.0` | `6.27.0` |
| [undici](https://github.com/nodejs/undici) | `7.24.1` | `7.28.0` |
| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.1` | `3.1.3` |
| [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `removed` |
| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.3` |
| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |



Updates `@opentelemetry/core` from 2.5.1 to 2.9.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.5.1...v2.9.0)

Updates `http-proxy-middleware` from 3.0.5 to 3.0.7
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v3.0.7/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v3.0.5...v3.0.7)

Updates `js-cookie` from 3.0.5 to 3.0.7
- [Release notes](https://github.com/js-cookie/js-cookie/releases)
- [Commits](js-cookie/js-cookie@v3.0.5...v3.0.7)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `liquidjs` from 10.25.5 to 10.26.0
- [Release notes](https://github.com/harttle/liquidjs/releases)
- [Changelog](https://github.com/harttle/liquidjs/blob/master/CHANGELOG.md)
- [Commits](harttle/liquidjs@v10.25.5...v10.26.0)

Updates `next` from 16.2.3 to 16.2.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v16.2.3...v16.2.6)

Updates `vitest` from 4.0.18 to 4.1.0
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest)

Updates `@grpc/grpc-js` from 1.14.3 to 1.14.4
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.14.3...@grpc/grpc-js@1.14.4)

Updates `protobufjs` from 7.5.4 to 7.6.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.5/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.6.5)

Updates `@opentelemetry/exporter-prometheus` from 0.211.0 to 0.220.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.211.0...experimental/v0.220.0)

Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `form-data` from 2.5.5 to 2.5.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `axios` from 1.15.0 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.0...v1.18.1)

Updates `undici` from 6.24.0 to 6.27.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.24.0...v6.27.0)

Updates `undici` from 7.24.1 to 7.28.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.24.0...v6.27.0)

Updates `fast-uri` from 3.0.1 to 3.1.3
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.0.1...v3.1.3)

Updates `follow-redirects` from 1.15.11 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0)

Removes `markdown-it`

Updates `qs` from 6.14.2 to 6.15.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.2...v6.15.3)

Updates `tmp` from 0.2.5 to 0.2.7
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.5...v0.2.7)

Updates `vite` from 7.3.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

---
updated-dependencies:
- dependency-name: "@opentelemetry/core"
  dependency-version: 2.9.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: http-proxy-middleware
  dependency-version: 3.0.7
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: js-cookie
  dependency-version: 3.0.7
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: liquidjs
  dependency-version: 10.26.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 16.2.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 4.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@grpc/grpc-js"
  dependency-version: 1.14.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: protobufjs
  dependency-version: 7.6.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@opentelemetry/exporter-prometheus"
  dependency-version: 0.220.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 2.5.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 7.28.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-uri
  dependency-version: 3.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: markdown-it
  dependency-version:
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 0.2.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants