Bump the npm_and_yarn group across 20 directories with 5 updates by dependabot[bot] · Pull Request #14791 · microsoft/aspire

dependabot · 2026-02-28T01:53:05Z

Bumps the npm_and_yarn group with 3 updates in the /extension directory: webpack, minimatch and qs.
Bumps the npm_and_yarn group with 4 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Angular directory: minimatch, qs, rollup and tar.
Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.NodeApp directory: minimatch and qs.
Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.React directory: webpack and qs.
Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Vite directory: minimatch and rollup.
Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Vue directory: minimatch and rollup.
Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithNode/NodeFrontend directory: minimatch and qs.
Bumps the npm_and_yarn group with 1 update in the /playground/BrowserTelemetry/BrowserTelemetry.Web directory: webpack.
Bumps the npm_and_yarn group with 1 update in the /playground/PostgresEndToEnd/PostgresEndToEnd.NodeService directory: qs.
Bumps the npm_and_yarn group with 1 update in the /playground/TypeScriptAppHost directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /playground/TypeScriptAppHost/express-api directory: qs.
Bumps the npm_and_yarn group with 1 update in the /playground/TypeScriptAppHost/vite-frontend directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.Azure.CosmosDB/ValidationAppHost directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.Azure.OperationalInsights/ValidationAppHost directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.Azure.ServiceBus/ValidationAppHost directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.Azure.Storage/ValidationAppHost directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.RabbitMQ/ValidationAppHost directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.SqlServer directory: minimatch.
Bumps the npm_and_yarn group with 2 updates in the /src/Aspire.ProjectTemplates/templates/aspire-py-starter/frontend directory: minimatch and rollup.
Bumps the npm_and_yarn group with 2 updates in the /src/Aspire.ProjectTemplates/templates/aspire-ts-cs-starter/frontend directory: minimatch and rollup.

Updates webpack from 5.99.9 to 5.105.3

Release notes

Sourced from webpack's releases.

v5.105.3

Patch Changes

Context modules now handle rejections correctly. (by @alexander-akait in #20455)

Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @hai-x in #20535)

Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @hai-x in #20463)

Fixed HMR failure for CSS modules with @import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @import CSS to work correctly during hot module replacement. (by @xiaoxiaojx in #20514)

Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @xiaoxiaojx in #20454)

Do not crash when a referenced chunk is not a runtime chunk. (by @alexander-akait in #20461)

Fix some types. (by @alexander-akait in #20412)

Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @hai-x in #20510)

Added createRequire support for ECMA modules. (by @stefanbinoj in #20497)

Added category for CJS reexport dependency to fix issues with ECMA modules. (by @hai-x in #20444)

Implement immutable bytes for bytes import attribute to match tc39 spec. (by @alexander-akait in #20481)

Fixed deterministic search for graph roots regardless of edge order. (by @veeceey in #20452)

v5.105.2

Patch Changes

Fixed WebpackPluginInstance type regression. (by @alexander-akait in #20440)

v5.105.1

Patch Changes

Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @xiaoxiaojx in #20424)

Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @hai-x in #20433)

Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @hai-x in #20433)

v5.105.0

Minor Changes

Allow resolving worker module by export condition name when using new Worker() (by @hai-x in #20353)

Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @hai-x in #20320)

Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @alexander-akait in #20400)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.3

Patch Changes

Context modules now handle rejections correctly. (by @alexander-akait in #20455)

Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @hai-x in #20535)

Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @hai-x in #20463)

Fixed HMR failure for CSS modules with @import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @import CSS to work correctly during hot module replacement. (by @xiaoxiaojx in #20514)

Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @xiaoxiaojx in #20454)

Do not crash when a referenced chunk is not a runtime chunk. (by @alexander-akait in #20461)

Fix some types. (by @alexander-akait in #20412)

Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @hai-x in #20510)

Added createRequire support for ECMA modules. (by @stefanbinoj in #20497)

Added category for CJS reexport dependency to fix issues with ECMA modules. (by @hai-x in #20444)

Implement immutable bytes for bytes import attribute to match tc39 spec. (by @alexander-akait in #20481)

Fixed deterministic search for graph roots regardless of edge order. (by @veeceey in #20452)

5.105.2

Patch Changes

Fixed WebpackPluginInstance type regression. (by @alexander-akait in #20440)

5.105.1

Patch Changes

Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @xiaoxiaojx in #20424)

Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @hai-x in #20433)

Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @hai-x in #20433)

5.105.0

Minor Changes

Allow resolving worker module by export condition name when using new Worker() (by @hai-x in #20353)

... (truncated)

Commits

714a0e3 chore(release): new release (#20448)
c323b39 chore(deps-dev): bump nyc from 17.1.0 to 18.0.0 (#20539)
8a01dfe refactor: deduplicate export presence logic in Harmony dependency classes (#2...
b9fc7b3 chore(deps): bump test/test262-cases in the dependencies group (#20541)
f8a5ac3 test: add coverage for nwjs exports condition and CSS modules with webworker ...
59bf024 test: add coverage for external script in EnvironmentNotSupportAsyncWarning (...
4c79ac2 test: add missing coverage for formatLocation and formatSize (#20534)
4f5c0a8 fix: mark asset module as side-effect-free when futureDefaults (#20535)
87987ca test: add test
67c5aae test: add configCase for ESM prefetch/preload under neutral target (#20524)
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates qs from 6.14.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates minimatch from 10.1.1 to 10.2.4

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates minimatch from 9.0.5 to 9.0.9

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates qs from 6.14.1 to 6.14.2

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates rollup from 4.53.3 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

#6252: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6253: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6254: Fully include dynamic imports in a try-catch (@lukastaegert)

... (truncated)

Commits

ae84695 4.59.0
b39616e Update audit-resolve
c60770d Validate bundle stays within output dir (#6275)
33f39c1 4.58.0
b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
7f00689 Extend agent instructions
e7b2b85 chore(deps): lock file maintenance (#6270)
2aa5da9 fix(deps): update minor/patch updates (#6267)
4319837 chore(deps): update dependency lru-cache to v11 (#6269)
c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
Additional commits viewable in compare view

Updates tar from 7.5.4 to 7.5.9

Commits

1f0c2c9 7.5.9
fbb0851 build minified version as default export
6b8eba0 7.5.8
2cb1120 fix(unpack): improve UnpackSync symlink error "into" path accuracy
d18e4e1 fix: do not write linkpaths through symlinks
4a37eb9 7.5.7
f4a7aa9 fix: properly sanitize hard links containing ..
394ece6 7.5.6
7d4cc17 fix race puting a Link ahead of its target File
26ab904 7.5.5
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates qs from 6.14.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates webpack from 5.103.0 to 5.105.3

Release notes

Sourced from webpack's releases.

v5.105.3

Patch Changes

Context modules now handle rejections correctly. (by @alexander-akait in #20455)

Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @hai-x in #20535)

Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @hai-x in #20463)

Fixed HMR failure for CSS modules with @import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @import CSS to work correctly during hot module replacement. (by @xiaoxiaojx in #20514)

Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @xiaoxiaojx in #20454)

Do not crash when a referenced chunk is not a runtime chunk. (by @alexander-akait in #20461)

Fix some types. (by @alexander-akait in #20412)

Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @hai-x in #20510)

Added createRequire support for ECMA modules. (by @stefanbinoj in #20497)

Added category for CJS reexport dependency to fix issues with ECMA modules. (by @hai-x in #20444)

Implement immutable bytes for bytes import attribute to match tc39 spec. (by @alexander-akait in #20481)

Fixed deterministic search for graph roots regardless of edge order. (by @veeceey in #20452)

v5.105.2

Patch Changes

Fixed WebpackPluginInstance type regression. (by @alexander-akait in #20440)

v5.105.1

Patch Changes

Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @xiaoxiaojx in #20424)

Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @hai-x in #20433)

Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @hai-x in #20433)

v5.105.0

Minor Changes

Allow resolving worker module by export condition name when using new Worker() (by @hai-x in #20353)

Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @hai-x in #20320)

Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @alexander-akait in #20400)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.3

Patch Changes

Context modules now handle rejections correctly. (by @alexander-akait in #20455)

Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @hai-x in #20535)

Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @hai-x in #20463)

Fixed HMR failure for CSS modules with @import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @import CSS to work correctly during hot module replacement. (by @xiaoxiaojx in #20514)

Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @xiaoxiaojx in #20454)

Do not crash when a referenced chunk is not a runtime chunk. (by @alexander-akait in #20461)

Fix some types. (by @alexander-akait in #20412)

Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @hai-x in #20510)

Added createRequire support for ECMA modules. (by @stefanbinoj in #20497)

Added category for CJS reexport dependency to fix issues with ECMA modules. (by @hai-x in #20444)

Implement immutable bytes for bytes import attribute to match tc39 spec. (by @alexander-akait in #20481)

Fixed deterministic search for graph roots regardless of edge order. (by @veeceey in #20452)

5.105.2

Patch Changes

Fixed WebpackPluginInstance type regression. (by @alexander-akait in #20440)

5.105.1

Patch Changes

Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @xiaoxiaojx in #20424)

Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @hai-x in #20433)

...
Description has been truncated

Bumps the npm_and_yarn group with 3 updates in the /extension directory: [webpack](https://github.com/webpack/webpack), [minimatch](https://github.com/isaacs/minimatch) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 4 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Angular directory: [minimatch](https://github.com/isaacs/minimatch), [qs](https://github.com/ljharb/qs), [rollup](https://github.com/rollup/rollup) and [tar](https://github.com/isaacs/node-tar). Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.NodeApp directory: [minimatch](https://github.com/isaacs/minimatch) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.React directory: [webpack](https://github.com/webpack/webpack) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Vite directory: [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Vue directory: [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithNode/NodeFrontend directory: [minimatch](https://github.com/isaacs/minimatch) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 1 update in the /playground/BrowserTelemetry/BrowserTelemetry.Web directory: [webpack](https://github.com/webpack/webpack). Bumps the npm_and_yarn group with 1 update in the /playground/PostgresEndToEnd/PostgresEndToEnd.NodeService directory: [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 1 update in the /playground/TypeScriptAppHost directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /playground/TypeScriptAppHost/express-api directory: [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 1 update in the /playground/TypeScriptAppHost/vite-frontend directory: [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.Azure.CosmosDB/ValidationAppHost directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.Azure.OperationalInsights/ValidationAppHost directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.Azure.ServiceBus/ValidationAppHost directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.Azure.Storage/ValidationAppHost directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.RabbitMQ/ValidationAppHost directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /playground/polyglot/TypeScript/Aspire.Hosting.SqlServer directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 2 updates in the /src/Aspire.ProjectTemplates/templates/aspire-py-starter/frontend directory: [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 2 updates in the /src/Aspire.ProjectTemplates/templates/aspire-ts-cs-starter/frontend directory: [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Updates `webpack` from 5.99.9 to 5.105.3 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.99.9...v5.105.3) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 10.1.1 to 10.2.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 9.0.5 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `rollup` from 4.53.3 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.0) Updates `tar` from 7.5.4 to 7.5.9 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.4...v7.5.9) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `webpack` from 5.103.0 to 5.105.3 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.99.9...v5.105.3) Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `rollup` from 4.53.3 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `rollup` from 4.53.3 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `webpack` from 5.103.0 to 5.105.3 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.99.9...v5.105.3) Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `rollup` from 4.55.1 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 10.2.2 to 10.2.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `rollup` from 4.53.3 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `rollup` from 4.53.3 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.0) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.105.3 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 10.2.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.105.3 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.105.3 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 10.2.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-02-28T01:53:26Z

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 14791

Or

Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 14791"

dependabot · 2026-03-02T02:08:25Z

Superseded by #14833.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 28, 2026

dependabot Bot mentioned this pull request Feb 28, 2026

Bump the npm_and_yarn group across 19 directories with 5 updates #14757

Closed

dotnet-policy-service Bot added the community-contribution Indicates that the PR has been added by a community member label Feb 28, 2026

dependabot Bot closed this Mar 2, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/extension/npm_and_yarn-a754f3bde5 branch March 2, 2026 02:08

dotnet-policy-service Bot added this to the 13.3 milestone Mar 2, 2026

github-actions Bot locked and limited conversation to collaborators Apr 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 20 directories with 5 updates#14791

Bump the npm_and_yarn group across 20 directories with 5 updates#14791
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/extension/npm_and_yarn-a754f3bde5

dependabot Bot commented on behalf of github Feb 28, 2026

Uh oh!

github-actions Bot commented Feb 28, 2026

Uh oh!

dependabot Bot commented on behalf of github Mar 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Feb 28, 2026

v5.105.3

Patch Changes

v5.105.2

Patch Changes

v5.105.1

Patch Changes

v5.105.0

Minor Changes

5.105.3

Patch Changes

5.105.2

Patch Changes

5.105.1

Patch Changes

5.105.0

Minor Changes

6.15.0

6.14.2

6.15.0

6.14.2

v4.59.0

4.59.0

Features

Pull Requests

v4.58.0

4.58.0

Features

Pull Requests

v4.57.1

4.57.1

Bug Fixes

Pull Requests

4.59.0

Features

Pull Requests

4.58.0

Features

Pull Requests

4.57.1

Bug Fixes

Pull Requests

6.15.0

6.14.2

v5.105.3

Patch Changes

v5.105.2

Patch Changes

v5.105.1

Patch Changes

v5.105.0

Minor Changes

5.105.3

Patch Changes

5.105.2

Patch Changes

5.105.1

Patch Changes

Uh oh!

github-actions Bot commented Feb 28, 2026

Uh oh!

dependabot Bot commented on behalf of github Mar 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants