chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates by dependabot[bot] · Pull Request #311 · nexoral/AxioDB

dependabot · 2026-05-06T17:43:26Z

Bumps the npm_and_yarn group with 3 updates in the / directory: @fastify/static, fastify and ip-address.
Bumps the npm_and_yarn group with 4 updates in the /Document directory: brace-expansion, picomatch, postcss and vite.
Bumps the npm_and_yarn group with 8 updates in the /GUI directory:

Package	From	To
brace-expansion	`1.1.12`	`1.1.14`
picomatch	`4.0.3`	`4.0.4`
picomatch	`2.3.1`	`2.3.2`
postcss	`8.5.6`	`8.5.14`
vite	`6.3.5`	`6.4.2`
axios	`1.12.0`	`1.15.2`
follow-redirects	`1.15.11`	`1.16.0`
lodash	`4.17.21`	`4.18.1`
serialize-javascript	`6.0.2`	`7.0.5`

Updates @fastify/static from 8.2.0 to 9.1.1

Release notes

Sourced from @fastify/static's releases.

v9.1.1

⚠️ Security Release

This fixes CVE CVE-2026-6410 GHSA-pr96-94w5-mx2h. This fixes CVE CVE-2026-6414 GHSA-x428-ghpx-8j92.

What's Changed

ci: add lock-threads workflow by @Fdawgs in fastify/fastify-static#570

Full Changelog: fastify/fastify-static@v9.1.0...v9.1.1

v9.1.0

What's Changed

build(deps-dev): bump @types/node from 24.10.4 to 25.0.3 by @dependabot[bot] in fastify/fastify-static#552

test: move ignoreTrailingSlash under routerOptions by @lraveri in fastify/fastify-static#553

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in fastify/fastify-static#543

chore: bump pino and borp dependencies, delete stale.yml by @Tony133 in fastify/fastify-static#557

chore: update syntax typescript by @Tony133 in fastify/fastify-static#558

chore(license): standardise license notice by @Fdawgs in fastify/fastify-static#560

fix: sendFile ignoring option overrides in some cases by @bakugo in fastify/fastify-static#559

chore: upgrade c8 to v11.0.0 and improvements test by @Tony133 in fastify/fastify-static#564

build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by @dependabot[bot] in fastify/fastify-static#566

New Contributors

@lraveri made their first contribution in fastify/fastify-static#553

@Tony133 made their first contribution in fastify/fastify-static#557

@bakugo made their first contribution in fastify/fastify-static#559

Full Changelog: fastify/fastify-static@v9.0.0...v9.1.0

v9.0.0

What's Changed

build(deps): bump content-disposition from 0.5.4 to 1.0.1 by @dependabot[bot] in fastify/fastify-static#547

Update glob@13 by @mcollina in fastify/fastify-static#550

Full Changelog: fastify/fastify-static@v8.3.0...v9.0.0

v8.3.0

What's Changed

docs: use cross-platform compatible info emoji by @Fdawgs in fastify/fastify-static#522

docs: fix typo by @9w in fastify/fastify-static#523

chore(license): update date ranges; standardise style by @Fdawgs in fastify/fastify-static#525

chore: remove reference to simple-get by @ilteoood in fastify/fastify-static#528

build(deps-dev): bump @types/node from 22.15.34 to 24.0.8 by @dependabot[bot] in fastify/fastify-static#527

test(types): add missing anchors by @Fdawgs in fastify/fastify-static#529

docs(readme): correct compatibility table by @Fdawgs in fastify/fastify-static#531

refactor: remove usage of deprecated request.routeConfig by @inyourtime in fastify/fastify-static#530

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in fastify/fastify-static#532

... (truncated)

Commits

48b136f Bumped v9.1.1
cc7b7f7 Merge commit from fork
9921faa Merge commit from fork
4183d2d ci: add lock-threads workflow (#570)
a3a8cd6 Bumped v9.1.0
8423c80 build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#566)
475dce1 chore: upgrade c8 to v11.0.0 and improvements test (#564)
3ff0f39 fix: sendFile ignoring option overrides in some cases (#559)
663baa7 chore(license): standardise license notice (#560)
51bb66e chore: update syntax typescript (#558)
Additional commits viewable in compare view

Updates fastify from 5.4.0 to 5.8.5

Release notes

Sourced from fastify's releases.

v5.8.5

⚠️ Security Release

This fixes CVE CVE-2026-33806 GHSA-247c-9743-5963.

What's Changed

chore: Fix port parsing by @jsumners in fastify/fastify#6603

chore: upgrade to typescript v6.0.2 by @Tony133 in fastify/fastify#6605

fix: restore trustProxy function for number and string types, add null check for socketAddr by @mcollina in fastify/fastify#6613

ci: reduce cron scheduled workflows from daily/weekly to monthly by @Fdawgs in fastify/fastify#6623

chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by @dependabot[bot] in fastify/fastify#6629

chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by @dependabot[bot] in fastify/fastify#6632

chore: Bump borp from 0.21.0 to 1.0.0 by @dependabot[bot] in fastify/fastify#6633

chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @dependabot[bot] in fastify/fastify#6630

docs(ecosystem): add @pompelmi/fastify-plugin by @SonoTommy in fastify/fastify#6610

New Contributors

@SonoTommy made their first contribution in fastify/fastify#6610

Full Changelog: fastify/fastify@v5.8.4...v5.8.5

v5.8.4

Full Changelog: fastify/fastify@v5.8.3...v5.8.4

v5.8.3

⚠️ Security Release

This fixes CVE CVE-2026-3635 GHSA-444r-cwp2-x5xf.

What's Changed

docs(readme): add @Tony133 to plugin team by @Tony133 in fastify/fastify#6565

Updated Plugins-Guide.md; Changed "fastify" to "instance" during plugin registration to showcase that it's added as a child by @kyrylchenko in fastify/fastify#6566

test: use fastify.test in test case by @climba03003 in fastify/fastify#6568

docs: use fastify.example in documentation by @climba03003 in fastify/fastify#6567

docs: add common performance degradation guidance by @maxpetrusenko in fastify/fastify#6520

docs(server): fix camelCase anchor links in TOC by @Deepvamja in fastify/fastify#6530

ci(link-checker): fix root-relative links resolution by @barba-rossa in fastify/fastify#6535

docs: update syntax markdown, absolute paths and links by @Tony133 in fastify/fastify#6569

docs: clarify content-type parser/schema mismatch is outside threat model by @mcollina in fastify/fastify#6537

docs: fix incorrect code examples in Reply and Request reference by @mahmoodhamdi in fastify/fastify#6582

docs: replace redirected npm.im http-errors link by @mcollina in fastify/fastify#6588

types: Allow port to be null in request type definition by @TristanBarlow in fastify/fastify#6589

docs: update links by @Tony133 in fastify/fastify#6593

ci(lock-threads): use shared lock-threads workflow by @Fdawgs in fastify/fastify#6592

New Contributors

@kyrylchenko made their first contribution in fastify/fastify#6566

@maxpetrusenko made their first contribution in fastify/fastify#6520

@Deepvamja made their first contribution in fastify/fastify#6530

@barba-rossa made their first contribution in fastify/fastify#6535

... (truncated)

Commits

3983cce Bumped v5.8.5
3ce3ae6 Merge commit from fork
b06a196 docs(ecosystem): add @pompelmi/fastify-plugin (#6610)
909c5d5 chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#6630)
4db21a3 chore: Bump borp from 0.21.0 to 1.0.0 (#6633)
0f4e544 chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (#6632)
33a2fcd chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (#6629)
fd35d82 ci: reduce cron schedules from daily/weekly to monthly (#6623)
8dee9be fix: restore trustProxy function for number and string types, add null check ...
d457aed chore: upgrade to typescript v6.0.2 (#6605)
Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 5.0.5

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

10c05fc 1.1.14
1afa1b2 Add opt-in { max } mitigation to v1 legacy line (#103)
2fbb6a2 Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)
0d7652e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)
6c353ca 1.1.13
7fd684f Backport fix for GHSA-f886-m6hf-6m8v (#95)
44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates ip-address from 9.0.5 to 10.2.0

Commits

See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.14

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

10c05fc 1.1.14
1afa1b2 Add opt-in { max } mitigation to v1 legacy line (#103)
2fbb6a2 Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)
0d7652e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)
6c353ca 1.1.13
7fd684f Backport fix for GHSA-f886-m6hf-6m8v (#95)
44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates picomatch from 4.0.2 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

4.0.3

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

New Contributors

@Jason3S made their first contribution in micromatch/picomatch#144

Full Changelog: micromatch/picomatch@4.0.2...4.0.3

Commits

e5474fc Publish 4.0.4
4516eb5 Merge commit from fork
5eceecd Merge commit from fork
0db7dd7 Run benchmark again against latest minimatch version (#161)
9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
2661f23 fix typo in globstars.js test name (#138)
1798b07 docs: fix makeRe example (#143)
9d76bc5 chore: undocument removed options (#146)
e4d718b Remove unused time-require (#160)
38dffeb chore(deps): pin dependencies (#158)
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

4.0.3

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

New Contributors

@Jason3S made their first contribution in micromatch/picomatch#144

Full Changelog: micromatch/picomatch@4.0.2...4.0.3

Commits

e5474fc Publish 4.0.4
4516eb5 Merge commit from fork
5eceecd Merge commit from fork
0db7dd7 Run benchmark again against latest minimatch version (#161)
9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
2661f23 fix typo in globstars.js test name (#138)
1798b07 docs: fix makeRe example (#143)
9d76bc5 chore: undocument removed options (#146)
e4d718b Remove unused time-require (#160)
38dffeb chore(deps): pin dependencies (#158)
Additional commits viewable in compare view

Updates postcss from 8.5.3 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

Fixed ContainerWithChildren type discriminating (by @Goodwine).

8.5.5

Fixed package.json→exports compatibility with some tools (by @JounQin).

8.5.4

Fixed Parcel compatibility issue (by @git-sumitchaudhary).

Changelog

Sourced from postcss's changelog.

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

Fixed ContainerWithChildren type discriminating (by @Goodwine).

8.5.5

Fixed package.json→exports compatibility with some tools (by @JounQin).

8.5.4

Fixed Parcel compatibility issue (by @git-sumitchaudhary).

Commits

3ec1394 Release 8.5.14 version
f2bb827 Update dependencies
d75953d Merge pull request #2084 from 43081j/raw-raws-rawing
68bd213 fix: always call raw to retrieve raw values
af58cf1 Release 8.5.13 version
f227dbd Temporary ignore pnpm 11 config
d3abd40 Update dependencies
dd06c3e Revert stringifier changes because of the conflict with postcss-scss
ae889c8 Try to fix CI
e0093e4 Move to pnpm 11
Additional commits viewable in compare view

Updates vite from 6.3.6 to 6.4.2

Release notes

Sourced from vite's releases.

v6.4.2

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.2 (2026-04-06)

fix: apply server.fs check to env transport (#22159) (#22163) (fe28e47), closes #22159 #22163

fix: avoid path traversal with optimize deps sourcemap handler (#22161) (ca4da5d), closes #22161

6.4.1 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969) (1114b5d), closes #20968 #20969

6.4.0 (2025-10-15)

feat: allow passing down resolved config to vite's createServer (#20932) (ca6455e), closes #20932

6.3.7 (2025-10-14)

fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940) (c59a222), closes #20940

Commits

6b3fad0 release: v6.4.2
ca4da5d fix: avoid path traversal with optimize deps sourcemap handler (#22161)
fe28e47 fix: apply server.fs check to env transport (#22159) (#22163)
5487f4f release: v6.4.1
1114b5d fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969)
f12697c release: v6.4.0
ca6455e feat: allow passing down resolved config to vite's createServer (#20932)
0e173d8 release: v6.3.7
c59a222 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)
See full diff in compare view

Updates brace-expansion from 1.1.12 to 1.1.14

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

10c05fc 1.1.14
1afa1b2 Add opt-in { max } mitigation to v1 legacy line (#103)
2fbb6a2 Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)
0d7652e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)
6c353ca 1.1.13
7fd684f Backport fix for GHSA-f886-m6hf-6m8v (#95)
44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates picomatch from 4.0.3 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

4.0.3

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

New Contributors

@Jason3S made their first contribution in micromatch/picomatch#144

Full Changelog: micromatch/picomatch@4.0.2...4.0.3

Commits

e5474fc Publish 4.0.4
4516eb5 Merge commit from fork
5eceecd Merge commit from fork
0db7dd7 Run benchmark again against latest minimatch version (#161)
9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
2661f23 fix typo in globstars.js test name (#138)
1798b07 docs: fix makeRe example (#143)
9d76bc5 chore: undocument removed options (#146)
e4d718b Remove unused time-require (#160)
38dffeb chore(deps): pin dependencies (#158)
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

4.0.3

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

New Contributors

@Jason3S made their first contribution in micromatch/picomatch#144

Full Changelog: micromatch/picomatch@4.0.2...4.0.3

Commits

e5474fc Publish 4.0.4
4516eb5 Merge commit from fork
5eceecd Merge commit from fork
0db7dd7 Run benchmark again against latest minimatch version (#161)
9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
2661f23 fix typo in globstars.js test name (#138)
1798b07 docs: fix makeRe example (#143)
9d76bc5 chore: undocument removed options (#146)
e4d718b Remove unused time-require (#160)
38dffeb chore(deps): pin dependencies (#158)
Additional commits viewable in compare view

Updates postcss from 8.5.6 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

Fixed ContainerWithChildren type discriminating (by @Goodwine).

8.5.5

Fixed package.json→exports compatibility with some tools (by @JounQin).

8.5.4

Fixed Parcel compatibility issue (by @git-sumitchaudhary).

Changelog

Sourced from postcss's changelog.

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

Fixed ContainerWithChildren type discriminating (by @Goodwine).

8.5.5

Fixed package.json→exports compatibility with some tools (by @JounQin).

8.5.4

Fixed Parcel compatibility issue (by @git-sumitchaudhary).

Commits

3ec1394 Release 8.5.14 version
f2bb827 Update dependencies
d75953d Merge pull request #2084 from 43081j/raw-raws-rawing
68bd213 fix: always call raw to retrieve raw values
af58cf1 Release 8.5.13 version
f227dbd Temporary ignore pnpm 11 config
d3abd40 Update dependencies
dd06c3e Revert stringifier changes because of the conflict with postcss-scss
ae889c8 Try to fix CI
e0093e4 Move to pnpm 11
Additional commits viewable in compare view

Updates vite from 6.3.5 to 6.4.2

Release notes

Sourced from vite's releases.

v6.4.2

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.2 (2026-04-06)

fix: apply server.fs check to env transport (#22159) (#22163) (fe28e47), closes #22159 #22163

fix: avoid path traversal with optimize deps sourcemap handler (#22161) (ca4da5d), closes #22161

6.4.1 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969) (1114b5d), closes #20968 #20969

6.4.0 (2025-10-15)

feat: allow passing down resolved config to vite's createServer (#20932) (ca6455e), closes #20932

6.3.7 (2025-10-14)

fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)...
Description has been truncated

… updates Bumps the npm_and_yarn group with 3 updates in the / directory: [@fastify/static](https://github.com/fastify/fastify-static), [fastify](https://github.com/fastify/fastify) and [ip-address](https://github.com/beaugunderson/ip-address). Bumps the npm_and_yarn group with 4 updates in the /Document directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [picomatch](https://github.com/micromatch/picomatch), [postcss](https://github.com/postcss/postcss) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 8 updates in the /GUI directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` | | [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.14` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `6.4.2` | | [axios](https://github.com/axios/axios) | `1.12.0` | `1.15.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `7.0.5` | Updates `@fastify/static` from 8.2.0 to 9.1.1 - [Release notes](https://github.com/fastify/fastify-static/releases) - [Commits](fastify/fastify-static@v8.2.0...v9.1.1) Updates `fastify` from 5.4.0 to 5.8.5 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.4.0...v5.8.5) Updates `brace-expansion` from 1.1.11 to 5.0.5 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.14) Updates `ip-address` from 9.0.5 to 10.2.0 - [Commits](https://github.com/beaugunderson/ip-address/commits) Updates `brace-expansion` from 1.1.11 to 1.1.14 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.14) Updates `picomatch` from 4.0.2 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.2...4.0.4) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.2...4.0.4) Updates `postcss` from 8.5.3 to 8.5.14 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.14) Updates `vite` from 6.3.6 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) Updates `brace-expansion` from 1.1.12 to 1.1.14 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.14) Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.2...4.0.4) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.2...4.0.4) Updates `postcss` from 8.5.6 to 8.5.14 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.14) Updates `vite` from 6.3.5 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) Updates `axios` from 1.12.0 to 1.15.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.12.0...v1.15.2) Updates `follow-redirects` from 1.15.11 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `serialize-javascript` from 6.0.2 to 7.0.5 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.5) --- updated-dependencies: - dependency-name: "@fastify/static" dependency-version: 9.1.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: fastify dependency-version: 5.8.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 5.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip-address dependency-version: 10.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.14 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.15.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 7.0.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-16T16:29:36Z

Superseded by #313.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 6, 2026

dependabot Bot closed this May 16, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-a3cff72ec9 branch May 16, 2026 16:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates#311

chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates#311
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-a3cff72ec9

dependabot Bot commented on behalf of github May 6, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v9.1.1

⚠️ Security Release

What's Changed

v9.1.0

What's Changed

New Contributors

v9.0.0

What's Changed

v8.3.0

What's Changed

v5.8.5

⚠️ Security Release

What's Changed

New Contributors

v5.8.4

v5.8.3

⚠️ Security Release

What's Changed

New Contributors

v1.1.12

v1.1.12

4.0.4

What's Changed

4.0.3

What's Changed

New Contributors

4.0.4

What's Changed

4.0.3

What's Changed

New Contributors

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

8.5.8

8.5.7

8.5.6

8.5.5

8.5.4

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

8.5.8

8.5.7

8.5.6

8.5.5

8.5.4

v6.4.2

v6.4.1

v6.4.0

v6.3.7

6.4.2 (2026-04-06)

6.4.1 (2025-10-20)

6.4.0 (2025-10-15)

6.3.7 (2025-10-14)

v1.1.12

4.0.4

What's Changed

4.0.3

What's Changed

New Contributors

4.0.4

What's Changed

4.0.3

What's Changed

New Contributors

8.5.14

8.5.13

8.5.12

8.5.11

dependabot Bot commented on behalf of github May 6, 2026 •

edited

Loading