Bump the npm_and_yarn group across 12 directories with 5 updates by dependabot[bot] · Pull Request #14722 · microsoft/aspire

dependabot · 2026-02-26T05:28:10Z

Bumps the npm_and_yarn group with 3 updates in the /extension directory: webpack, minimatch and qs.
Bumps the npm_and_yarn group with 4 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Angular directory: minimatch, qs, rollup and tar.
Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.NodeApp directory: minimatch and qs.
Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.React directory: webpack and qs.
Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Vite directory: minimatch and rollup.
Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Vue directory: minimatch and rollup.
Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithNode/NodeFrontend directory: minimatch and qs.
Bumps the npm_and_yarn group with 1 update in the /playground/BrowserTelemetry/BrowserTelemetry.Web directory: webpack.
Bumps the npm_and_yarn group with 1 update in the /playground/PostgresEndToEnd/PostgresEndToEnd.NodeService directory: qs.
Bumps the npm_and_yarn group with 1 update in the /playground/TypeScriptAppHost/express-api directory: qs.
Bumps the npm_and_yarn group with 1 update in the /playground/TypeScriptAppHost/vite-frontend directory: rollup.
Bumps the npm_and_yarn group with 2 updates in the /src/Aspire.ProjectTemplates/templates/aspire-py-starter/frontend directory: minimatch and rollup.

Updates webpack from 5.99.9 to 5.105.2

Release notes

Sourced from webpack's releases.

v5.105.2

Patch Changes

Fixed WebpackPluginInstance type regression. (by @alexander-akait in #20440)

v5.105.1

Patch Changes

Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @xiaoxiaojx in #20424)

Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @hai-x in #20433)

Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @hai-x in #20433)

v5.105.0

Minor Changes

Allow resolving worker module by export condition name when using new Worker() (by @hai-x in #20353)

Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @hai-x in #20320)

Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @alexander-akait in #20400)

Support import.defer() for context modules. (by @ahabhgk in #20399)

Added support for array values to the devtool option. (by @hai-x in #20191)

Improve rendering node built-in modules for ECMA module output. (by @hai-x in #20255)

Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by @xiaoxiaojx in #20312)

Patch Changes

Fixed ESM default export handling for .mjs files in Module Federation (by @y-okt in #20189)

Optimized import.meta.env handling in destructuring assignments by using cached stringified environment definitions. (by @xiaoxiaojx in #20313)

Respect the stats.errorStack option in stats output. (by @samarthsinh2660 in #20258)

Fixed a bug where declaring a module variable in module scope would conflict with the default moduleArgument. (by @xiaoxiaojx in #20265)

Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., virtual:routes), which is not a valid filesystem path, causing subsequent resolve operations to fail. (by @xiaoxiaojx in #20390)

Fixed Worker self-import handling to support various URL patterns (e.g., import.meta.url, new URL(import.meta.url), new URL(import.meta.url, import.meta.url), new URL("./index.js", import.meta.url)). Workers that resolve to the same module are now properly deduplicated, regardless of the URL syntax used. (by @xiaoxiaojx in #20381)

Reuse the same async entrypoint for the same Worker URL within a module to avoid circular dependency warnings when multiple Workers reference the same resource. (by @xiaoxiaojx in #20345)

Fixed a bug where a self-referencing dependency would have an unused export name when imported inside a web worker. (by @samarthsinh2660 in #20251)

Fix missing export generation when concatenated modules in different chunks share the same runtime in module library bundles. (by @hai-x in #20346)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.2

Patch Changes

Fixed WebpackPluginInstance type regression. (by @alexander-akait in #20440)

5.105.1

Patch Changes

Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @xiaoxiaojx in #20424)

Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @hai-x in #20433)

Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @hai-x in #20433)

5.105.0

Minor Changes

Allow resolving worker module by export condition name when using new Worker() (by @hai-x in #20353)

Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @hai-x in #20320)

Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @alexander-akait in #20400)

Support import.defer() for context modules. (by @ahabhgk in #20399)

Added support for array values to the devtool option. (by @hai-x in #20191)

Improve rendering node built-in modules for ECMA module output. (by @hai-x in #20255)

Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by @xiaoxiaojx in #20312)

Patch Changes

Fixed ESM default export handling for .mjs files in Module Federation (by @y-okt in #20189)

Optimized import.meta.env handling in destructuring assignments by using cached stringified environment definitions. (by @xiaoxiaojx in #20313)

Respect the stats.errorStack option in stats output. (by @samarthsinh2660 in #20258)

Fixed a bug where declaring a module variable in module scope would conflict with the default moduleArgument. (by @xiaoxiaojx in #20265)

Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., virtual:routes), which is not a valid filesystem path, causing subsequent resolve operations to fail. (by @xiaoxiaojx in #20390)

Fixed Worker self-import handling to support various URL patterns (e.g., import.meta.url, new URL(import.meta.url), new URL(import.meta.url, import.meta.url), new URL("./index.js", import.meta.url)). Workers that resolve to the same module are now properly deduplicated, regardless of the URL syntax used. (by @xiaoxiaojx in #20381)

Reuse the same async entrypoint for the same Worker URL within a module to avoid circular dependency warnings when multiple Workers reference the same resource. (by @xiaoxiaojx in #20345)

... (truncated)

Commits

0756c7e chore(release): new release (#20441)
ff28476 chore(deps): bump CodSpeedHQ/action in the dependencies group (#20442)
4d3ed66 ci: discord using curl
004550a ci: discord fix
44bf97b ci: emulate release for discord using other approach
9c71a09 ci: emulate release for discord
02d3bc9 ci: allow to run release announcement
6c62c28 ci: fix discord
900219d fix: type regression (#20440)
8e50ef2 chore(release): new release (#20429)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack since your current version.

Updates minimatch from 3.1.2 to 3.1.4

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates qs from 6.14.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.4

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 10.1.1 to 10.2.3

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 9.0.5 to 9.0.7

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates qs from 6.14.1 to 6.14.2

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates rollup from 4.53.3 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

#6252: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6253: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6254: Fully include dynamic imports in a try-catch (@lukastaegert)

... (truncated)

Commits

ae84695 4.59.0
b39616e Update audit-resolve
c60770d Validate bundle stays within output dir (#6275)
33f39c1 4.58.0
b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
7f00689 Extend agent instructions
e7b2b85 chore(deps): lock file maintenance (#6270)
2aa5da9 fix(deps): update minor/patch updates (#6267)
4319837 chore(deps): update dependency lru-cache to v11 (#6269)
c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
Additional commits viewable in compare view

Updates tar from 7.5.4 to 7.5.9

Commits

1f0c2c9 7.5.9
fbb0851 build minified version as default export
6b8eba0 7.5.8
2cb1120 fix(unpack): improve UnpackSync symlink error "into" path accuracy
d18e4e1 fix: do not write linkpaths through symlinks
4a37eb9 7.5.7
f4a7aa9 fix: properly sanitize hard links containing ..
394ece6 7.5.6
7d4cc17 fix race puting a Link ahead of its target File
26ab904 7.5.5
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates minimatch from 3.1.2 to 3.1.4

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates qs from 6.14.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates webpack from 5.103.0 to 5.105.2

Release notes

Sourced from webpack's releases.

v5.105.2

Patch Changes

Fixed WebpackPluginInstance type regression. (by @alexander-akait in #20440)

v5.105.1

Patch Changes

Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @xiaoxiaojx in #20424)

Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @hai-x in #20433)

Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @hai-x in #20433)

v5.105.0

Minor Changes

Allow resolving worker module by export condition name when using new Worker() (by @hai-x in #20353)

Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @hai-x in #20320)

Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @alexander-akait in #20400)

Support import.defer() for context modules. (by @ahabhgk in #20399)

Added support for array values to the devtool option. (by @hai-x in #20191)

Improve rendering node built-in modules for ECMA module output. (by @hai-x in #20255)

Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by @xiaoxiaojx in #20312)

Patch Changes

Fixed ESM default export handling for .mjs files in Module Federation (by @y-okt in #20189)

Optimized import.meta.env handling in destructuring assignments by using cached stringified environment definitions. (by @xiaoxiaojx in #20313)

Respect the stats.errorStack option in stats output. (by @samarthsinh2660 in #20258)

Fixed a bug where declaring a module variable in module scope would conflict with the default moduleArgument. (by @xiaoxiaojx in #20265)

Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., virtual:routes), which is not a valid filesystem path, causing subsequent resolve operations to fail. (by @xiaoxiaojx in #20390)

Fixed Worker self-import handling to support various URL patterns (e.g., import.meta.url, new URL(import.meta.url), new URL(import.meta.url, import.meta.url), new URL("./index.js", import.meta.url)). Workers that resolve to the same module are now properly deduplicated, regardless of the URL syntax used. (by @xiaoxiaojx in #20381)

Reuse the same async entrypoint for the same Worker URL within a module to avoid circular dependency warnings when multiple Workers reference the same resource. (by @xiaoxiaojx in #20345)

Fixed a bug where a self-referencing dependency would have an unused export name when imported inside a web worker. (by @samarthsinh2660 in #20251)

Fix missing export generation when concatenated modules in different chunks share the same runtime in module library bundles. (by @hai-x in #20346)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.2

Patch Changes

Fixed WebpackPluginInstance type regression. (by @alexander-akait in #20440)

5.105.1

Patch Changes

Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @xiaoxiaojx in #20424)

Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @hai-x in #20433)

Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @hai-x in #20433)

5.105.0

Minor Changes

Allow resolving worker module by export condition name when using new Worker() (by @hai-x in #20353)

Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @hai-x in #20320)

Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @alexander-akait in #20400)

Support import.defer() for context modules. (by @ahabhgk in #20399)

Added support for array values to the devtool option. (by @hai-x in #20191)

Improve rendering node built-in modules for ECMA module output. (by @hai-x in #20255)

Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by @xiaoxiaojx in #20312)

Patch Changes

Fixed ESM default export handling for .mjs files in Module Federation (by @y-okt in #20189)

Optimized import.meta.env handling in destructuring assignments by using cached stringified environment definitions. (by @xiaoxiaojx in #20313)

Respect the stats.errorStack option in stats output. (by @samarthsinh2660 in #20258)

Fixed a bug where declaring a module variable in module scope would conflict with the default moduleArgument. (by @xiaoxiaojx in #20265)

Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., virtual:routes), which is not a valid filesystem path, causing subsequent resolve operations to fail. (by @xiaoxiaojx in Description has been truncated

Bumps the npm_and_yarn group with 3 updates in the /extension directory: [webpack](https://github.com/webpack/webpack), [minimatch](https://github.com/isaacs/minimatch) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 4 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Angular directory: [minimatch](https://github.com/isaacs/minimatch), [qs](https://github.com/ljharb/qs), [rollup](https://github.com/rollup/rollup) and [tar](https://github.com/isaacs/node-tar). Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.NodeApp directory: [minimatch](https://github.com/isaacs/minimatch) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.React directory: [webpack](https://github.com/webpack/webpack) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Vite directory: [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Vue directory: [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithNode/NodeFrontend directory: [minimatch](https://github.com/isaacs/minimatch) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 1 update in the /playground/BrowserTelemetry/BrowserTelemetry.Web directory: [webpack](https://github.com/webpack/webpack). Bumps the npm_and_yarn group with 1 update in the /playground/PostgresEndToEnd/PostgresEndToEnd.NodeService directory: [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 1 update in the /playground/TypeScriptAppHost/express-api directory: [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 1 update in the /playground/TypeScriptAppHost/vite-frontend directory: [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 2 updates in the /src/Aspire.ProjectTemplates/templates/aspire-py-starter/frontend directory: [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Updates `webpack` from 5.99.9 to 5.105.2 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.99.9...v5.105.2) Updates `minimatch` from 3.1.2 to 3.1.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `minimatch` from 3.1.2 to 3.1.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 10.1.1 to 10.2.3 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 9.0.5 to 9.0.7 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `rollup` from 4.53.3 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.0) Updates `tar` from 7.5.4 to 7.5.9 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.4...v7.5.9) Updates `minimatch` from 3.1.2 to 3.1.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `webpack` from 5.103.0 to 5.105.2 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.99.9...v5.105.2) Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `minimatch` from 3.1.2 to 3.1.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `rollup` from 4.53.3 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.0) Updates `minimatch` from 3.1.2 to 3.1.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `rollup` from 4.53.3 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.0) Updates `minimatch` from 3.1.2 to 3.1.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `webpack` from 5.103.0 to 5.105.2 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.99.9...v5.105.2) Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `rollup` from 4.55.1 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.0) Updates `minimatch` from 3.1.2 to 3.1.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `rollup` from 4.53.3 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.0) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.105.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 10.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.105.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.105.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-02-26T05:28:20Z

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 14722

Or

Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 14722"

dependabot · 2026-02-26T05:28:49Z

Superseded by #14723.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 26, 2026

dependabot Bot mentioned this pull request Feb 26, 2026

Bump the npm_and_yarn group across 8 directories with 3 updates #14567

Closed

dotnet-policy-service Bot added the community-contribution Indicates that the PR has been added by a community member label Feb 26, 2026

dependabot Bot closed this Feb 26, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/extension/npm_and_yarn-542ebf3eaf branch February 26, 2026 05:28

dotnet-policy-service Bot added this to the 13.3 milestone Feb 26, 2026

github-actions Bot locked and limited conversation to collaborators Mar 28, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 12 directories with 5 updates#14722

Bump the npm_and_yarn group across 12 directories with 5 updates#14722
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/extension/npm_and_yarn-542ebf3eaf

dependabot Bot commented on behalf of github Feb 26, 2026

Uh oh!

github-actions Bot commented Feb 26, 2026

Uh oh!

dependabot Bot commented on behalf of github Feb 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Feb 26, 2026

v5.105.2

Patch Changes

v5.105.1

Patch Changes

v5.105.0

Minor Changes

Patch Changes

5.105.2

Patch Changes

5.105.1

Patch Changes

5.105.0

Minor Changes

Patch Changes

6.15.0

6.14.2

6.15.0

6.14.2

v4.59.0

4.59.0

Features

Pull Requests

v4.58.0

4.58.0

Features

Pull Requests

v4.57.1

4.57.1

Bug Fixes

Pull Requests

4.59.0

Features

Pull Requests

4.58.0

Features

Pull Requests

4.57.1

Bug Fixes

Pull Requests

6.15.0

6.14.2

v5.105.2

Patch Changes

v5.105.1

Patch Changes

v5.105.0

Minor Changes

Patch Changes

5.105.2

Patch Changes

5.105.1

Patch Changes

5.105.0

Minor Changes

Patch Changes

Uh oh!

github-actions Bot commented Feb 26, 2026

Uh oh!

dependabot Bot commented on behalf of github Feb 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants