Bump the npm_and_yarn group across 7 directories with 6 updates by dependabot[bot] · Pull Request #17 · stealth-engine/datocms-plugins

dependabot · 2026-06-23T00:06:51Z

Bumps the npm_and_yarn group with 5 updates in the /alt-title-editor directory:

Package	From	To
webpack-dev-server	`3.11.0`	`5.2.5`
cipher-base	`1.0.4`	`1.0.7`
pbkdf2	`3.1.1`	`3.1.6`
picomatch	`2.2.2`	`2.3.2`
sha.js	`2.4.11`	`2.4.12`

Bumps the npm_and_yarn group with 4 updates in the /bulk-editor directory: webpack-dev-server, cipher-base, pbkdf2 and sha.js.
Bumps the npm_and_yarn group with 1 update in the /chart directory: webpack-dev-server.
Bumps the npm_and_yarn group with 5 updates in the /cross-site-data directory:

Package	From	To
webpack-dev-server	`3.11.0`	`5.2.5`
cipher-base	`1.0.4`	`1.0.7`
pbkdf2	`3.1.1`	`3.1.6`
picomatch	`2.2.2`	`2.3.2`
sha.js	`2.4.11`	`2.4.12`

Bumps the npm_and_yarn group with 5 updates in the /hidden-field directory:

Package	From	To
webpack-dev-server	`3.11.0`	`5.2.5`
cipher-base	`1.0.4`	`1.0.7`
pbkdf2	`3.1.1`	`3.1.6`
picomatch	`2.2.2`	`2.3.2`
sha.js	`2.4.11`	`2.4.12`

Bumps the npm_and_yarn group with 5 updates in the /hide-field-from-role directory:

Package	From	To
webpack-dev-server	`3.11.0`	`5.2.5`
cipher-base	`1.0.4`	`1.0.7`
pbkdf2	`3.1.1`	`3.1.6`
picomatch	`2.2.2`	`2.3.2`
sha.js	`2.4.11`	`2.4.12`

Bumps the npm_and_yarn group with 5 updates in the /send-record-id directory:

Package	From	To
webpack-dev-server	`3.11.0`	`5.2.5`
cipher-base	`1.0.4`	`1.0.7`
pbkdf2	`3.1.1`	`3.1.6`
picomatch	`2.2.2`	`2.3.2`
sha.js	`2.4.11`	`2.4.12`

Updates webpack-dev-server from 3.11.0 to 5.2.5

Release notes

Sourced from webpack-dev-server's releases.

v5.2.5

Patch Changes

Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @bjohansebas in #5680)

v5.2.4

5.2.4 (2026-05-11)

Bug Fixes

set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

v5.2.3

5.2.3 (2026-01-12)

Bug Fixes

add cause for errorObject (#5518) (37b033d)

compatibility with event target and universal target and lazy compilation (574026c)

overlay: add ESC key to dismiss overlay (#5598) (f91baa8)

progress indicator styles (#5557) (41a53a1)

upgrade selfsigned to v5

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

"Overlay enabled" false positive (18e72ee)

do not crush when error is null for runtime errors (#5447) (309991f)

remove unnecessary header X_TEST (#5451) (64a6124)

respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

v5.2.1

5.2.1 (2025-03-26)

Security

cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header

requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)

take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.5

Patch Changes

Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @bjohansebas in #5680)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.2.4 (2026-05-11)

Bug Fixes

set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

5.2.3 (2026-01-12)

Bug Fixes

add cause for errorObject (#5518) (37b033d)

compatibility with event target and universal target and lazy compilation (574026c)

overlay: add ESC key to dismiss overlay (#5598) (f91baa8)

progress indicator styles (#5557) (41a53a1)

upgrade selfsigned to v5

5.2.2 (2025-06-03)

Bug Fixes

"Overlay enabled" false positive (18e72ee)

do not crush when error is null for runtime errors (#5447) (309991f)

remove unnecessary header X_TEST (#5451) (64a6124)

respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

5.2.1 (2025-03-26)

Security

cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header

requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)

take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

... (truncated)

Commits

c3ee325 chore(release): new release (#5682)
60173be feat: add changeset validation and release workflow (#5680)
948d5e6 fix(proxy): match the HMR upgrade path exactly like the ws server (#5678)
93e8996 fix: skip HMR websocket path when forwarding upgrades to user-defined proxies...
fd40130 chore(release): 5.2.4
ece4f36 chore: update deps (#5661)
a216144 ci: fix test (#5658)
df073c5 Merge commit from fork
b550a70 chore(release): 5.2.3
9704dc5 chore: upgrade selfsigned to v5 and remove node-forge dependency (#5618)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-server since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates cipher-base from 1.0.4 to 1.0.7

Changelog

Sourced from cipher-base's changelog.

v1.0.7 - 2025-09-24

Commits

[Refactor] use to-buffer fd1e5ee

[Dev Deps] update @ljharb/eslint-config 08ba803

v1.0.6 - 2024-11-26

Commits

[Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

[Tests] standard -> eslint, make test dir, etc ae02fd6

[Tests] migrate from travis to GHA 66387d7

[meta] fix package.json indentation 5c02918

[Fix] return valid values on multi-byte-wide TypedArray input 8fd1364

[meta] add auto-changelog 88dc806

[meta] add npmignore and safe-publish-latest 7a137d7

Only apps should have lockfiles 42528f2

[Deps] update inherits, safe-buffer 0e7a2d9

[meta] add missing engines.node f2dc13e

Commits

0056718 v1.0.7
fd1e5ee [Refactor] use to-buffer
08ba803 [Dev Deps] update @ljharb/eslint-config
f5249f9 v1.0.6
b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
f03cebf v1.0.5
88dc806 [meta] add auto-changelog
7a137d7 [meta] add npmignore and safe-publish-latest
5c02918 [meta] fix package.json indentation
8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.

Updates pbkdf2 from 3.1.1 to 3.1.6

Changelog

Sourced from pbkdf2's changelog.

v3.1.6 - 2026-05-26

Commits

[New] add TypeScript type declarations fb1f747

[Fix] coerce -0 keylen to +0 7c4a495

[Dev Deps] update @ljharb/eslint-config, @types/node, eslint, npmignore e3cce16

[eslint] fix an error f6b0e42

[Tests] fix npm run postlint b729629

[Dev Deps] update @ljharb/eslint-config, @types/node, auto-changelog 5e0cf51

[Deps] update to-buffer 1c3b1f5

[readme] replace runkit CI badge with shields.io check-runs badge 528bd38

v3.1.5 - 2025-09-23

Commits

[Fix] only allow finite iterations 67bd94d

[Fix] restore node 0.10 support 8f59d96

[Fix] check parameters before the "no Promise" bailout d2dc5f0

v3.1.4 - 2025-09-22

Commits

[Deps] update create-hash, ripemd160, sha.js, to-buffer 8dbf49b

[meta] update repo URLs d15bc35

[Dev Deps] update @ljharb/eslint-config aaf870b

v3.1.3 - 2025-06-20

Commits

Only apps should have lockfiles 8b06730

[lint] fix whitespace 9a76e2f

[lint] fix parens/curlies/semis/etc 6fd84bf

[meta] add auto-changelog 796c38d

[Tests] fix tests in node 17 3661fb0

Revert "[Tests] fix tests in node < 3" 7431b57

[Tests] fix tests in node < 3 eb9f97a

[Fix] ensure unknown algorithms throw + known ones match node 26d4fd3

[Tests] add GHA, always run nyc 513906a

[lint] fix a few more rules ab04da8

[lint] switch to eslint 89694cf

[Tests] add coverage d0d534b

[Refactor] use to-buffer e3102a8

[readme] improve badges fca0c9d

[Tests] remove unused travis file a2c7d93

[meta] switch from files to npmignore 7f31fbc

[Tests] use .nycrc 8d628e8

... (truncated)

Commits

ea4768b v3.1.6
b729629 [Tests] fix npm run postlint
7c4a495 [Fix] coerce -0 keylen to +0
5e0cf51 [Dev Deps] update @ljharb/eslint-config, @types/node, auto-changelog
1c3b1f5 [Deps] update to-buffer
e3cce16 [Dev Deps] update @ljharb/eslint-config, @types/node, eslint, npmignore
f6b0e42 [eslint] fix an error
fb1f747 [New] add TypeScript type declarations
528bd38 [readme] replace runkit CI badge with shields.io check-runs badge
3687905 v3.1.5
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for pbkdf2 since your current version.

Updates picomatch from 2.2.2 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

2.3.1

Fixed

Fixes bug when a pattern containing an expression after the closing parenthesis (/!(*.d).{ts,tsx}) was incorrectly converted to regexp (9f241ef).

Changed

Some documentation improvements (f81d236, 421e0e7).

2.2.3

Fixed

Do not skip pattern seperator for square brackets (fb08a30).

Set negatedExtGlob also if it does not span the whole pattern (032e3f5).

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Fix bad text values in parse #126, thanks to @connor4312

Changed

Remove process global to work outside of node #129, thanks to @styfle

Add sideEffects to package.json #128, thanks to @frandiox

Removed os, make compatible browser environment. See #124, thanks to @gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

81cba8d Publish 2.3.2
fc1f6b6 Merge commit from fork
eec17ae Merge commit from fork
78f8ca4 Merge pull request #156 from micromatch/backport-144
3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
5467a5a 2.3.1
9f241ef Merge pull request #102 from micromatch/ISSUE-93_incorrect_extglob_expanding
ac3cb66 fix: support stars in negation extglobs with expression after closing parenth...
719d348 Merge pull request #85 from XhmikosR/codeql
ac74e57 Merge pull request #91 from XhmikosR/patch-1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by danez, a new releaser for picomatch since your current version.

Updates sha.js from 2.4.11 to 2.4.12

Changelog

Sourced from sha.js's changelog.

v2.4.12 - 2025-07-01

Commits

[eslint] switch to eslint 7acadfb

[meta] add auto-changelog b46e711

[eslint] fix package.json indentation df9d521

[Tests] migrate from travis to GHA c43c64a

[Fix] support multi-byte wide typed arrays f2a258e

[meta] reorder package.json d8d77c0

[meta] add npmignore 35aec35

[Tests] avoid console logs 73e33ae

[Tests] fix tests run in batch 2629130

[Tests] drop node requirement to 0.10 00c7f23

[Dev Deps] update buffer, hash-test-vectors, standard, tape, typedarray 92b5de5

[Tests] drop node requirement to v3 9b5eca8

[meta] set engines to >= 4 807084c

Only apps should have lockfiles c72789c

[Deps] update inherits, safe-buffer 5428cfc

[Dev Deps] update @ljharb/eslint-config 2dbe0aa

update README to reflect LICENSE 8938256

[Dev Deps] add missing peer dep d528896

[Dev Deps] remove unused buffer dep 94ca724

Commits

eb4ea2f v2.4.12
d8d77c0 [meta] reorder package.json
df9d521 [eslint] fix package.json indentation
35aec35 [meta] add npmignore
d528896 [Dev Deps] add missing peer dep
b46e711 [meta] add auto-changelog
94ca724 [Dev Deps] remove unused buffer dep
2dbe0aa [Dev Deps] update @ljharb/eslint-config
73e33ae [Tests] avoid console logs
f2a258e [Fix] support multi-byte wide typed arrays
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for sha.js since your current version.

Updates webpack-dev-server from 3.8.2 to 5.2.5

Release notes

Sourced from webpack-dev-server's releases.

v5.2.5

Patch Changes

Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @bjohansebas in #5680)

v5.2.4

5.2.4 (2026-05-11)

Bug Fixes

set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

v5.2.3

5.2.3 (2026-01-12)

Bug Fixes

add cause for errorObject (#5518) (37b033d)

compatibility with event target and universal target and lazy compilation (574026c)

overlay: add ESC key to dismiss overlay (#5598) (f91baa8)

progress indicator styles (#5557) (41a53a1)

upgrade selfsigned to v5

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

"Overlay enabled" false positive (18e72ee)

do not crush when error is null for runtime errors (#5447) (309991f)

remove unnecessary header X_TEST (#5451) (64a6124)

respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

v5.2.1

5.2.1 (2025-03-26)

Security

cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header

requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)

take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.5

Patch Changes

Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @bjohansebas in #5680)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.2.4 (2026-05-11)

Bug Fixes

set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

5.2.3 (2026-01-12)

Bug Fixes

add cause for errorObject (#5518) (37b033d)

compatibility with event target and universal target and lazy compilation (574026c)

overlay: add ESC key to dismiss overlay (#5598) (f91baa8)

progress indicator styles (#5557) (41a53a1)

upgrade selfsigned to v5

5.2.2 (2025-06-03)

Bug Fixes

"Overlay enabled" false positive (18e72ee)

do not crush when error is null for runtime errors (#5447) (309991f)

remove unnecessary header X_TEST (#5451) (64a6124)

respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

5.2.1 (2025-03-26)

Security

cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header

requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)

take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

... (truncated)

Commits

c3ee325 chore(release): new release (#5682)
60173be feat: add changeset validation and release workflow (#5680)
948d5e6 fix(proxy): match the HMR upgrade path exactly like the ws server (#5678)
93e8996 fix: skip HMR websocket path when forwarding upgrades to user-defined proxies...
fd40130 chore(release): 5.2.4
ece4f36 chore: update deps (#5661)
a216144 ci: fix test (#5658)
df073c5 Merge commit from fork
b550a70 chore(release): 5.2.3
9704dc5 chore: upgrade selfsigned to v5 and remove node-forge dependency (#5618)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-server since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates cipher-base from 1.0.4 to 1.0.7

Changelog

Sourced from cipher-base's changelog.

v1.0.7 - 2025-09-24

Commits

[Refactor] use to-buffer fd1e5ee

[Dev Deps] update @ljharb/eslint-config 08ba803

v1.0.6 - 2024-11-26

Commits

[Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

[Tests] standard -> eslint, make test dir, etc ae02fd6

[Tests] migrate from travis to GHA 66387d7

[meta] fix package.json indentation 5c02918

[Fix] return valid values on multi-byte-wide TypedArray input 8fd1364

[meta] add auto-changelog 88dc806

[meta] add npmignore and safe-publish-latest 7a137d7

Only apps should have lockfiles 42528f2

[Deps] update inherits, safe-buffer 0e7a2d9

[meta] add missing engines.node f2dc13e

Commits

0056718 v1.0.7
fd1e5ee [Refactor] use to-buffer
08ba803 [Dev Deps] update @ljharb/eslint-config
f5249f9 v1.0.6
b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
f03cebf v1.0.5
88dc806 [meta] add auto-changelog
7a137d7 [meta] add npmignore and safe-publish-latest
5c02918 [meta] fix package.json indentation
8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.

Updates pbkdf2 from 3.0.17 to 3.1.6

Changelog

Sourced from pbkdf2's changelog.

v3.1.6 - 2026-05-26

Commits

[New] add TypeScript type declarations fb1f747

[Fix] coerce -0 keylen to +0 7c4a495

[Dev Deps] update @ljharb/eslint-config, @types/node, eslint, npmignore e3cce16

[eslint] fix an error f6b0e42

[Tests] fix npm run postlint b729629

[Dev Deps] update @ljharb/eslint-config, @types/node, auto-changelog 5e0cf51

[Deps] update to-buffer 1c3b1f5

[readme] replace runkit CI badge with shields.io check-runs badge 528bd38

v3.1.5 - 2025-09-23

Commits

[Fix] only allow finite iterations 67bd94d

[Fix] restore node 0.10 support 8f59d96

[Fix] check parameters before the "no Promise" bailout d2dc5f0

v3.1.4 - 2025-09-22

Commits

[Deps] update create-hash, ripemd160, sha.js, to-buffer 8dbf49b

[meta] update repo URLs d15bc35

[Dev Deps] update @ljharb/eslint-config aaf870b

v3.1.3 - 2025-06-20

Commits

Only apps should have lockfiles 8b06730

[lint] fix whitespace 9a76e2f

[lint] fix parens/curlies/semis/etc 6fd84bf

[meta] add auto-changelog 796c38d

[Tests] fix tests in node 17 3661fb0

Revert "[Tests] fix tests in node < 3" 7431b57

[Tests] fix tests in node < 3 eb9f97a

[Fix] ensure unknown algorithms throw + known ones match node 26d4fd3

[Tests] add GHA, always run nyc 513906a

[lint] fix a few more rules ab04da8

[lint] switch to eslint 89694cf

[Tests] add coverage d0d534b

[Refactor] use to-buffer e3102a8

[readme] improve badges fca0c9d

[Tests] remove unused travis file a2c7d93

[meta] switch from files to npmignore 7f31fbc

[Tests] use .nycrc 8d628e8

... (truncated)

Commits

ea4768b v3.1.6
b729629 [Tests] fix npm run postlint

Description has been truncated

Bumps the npm_and_yarn group with 5 updates in the /alt-title-editor directory: | Package | From | To | | --- | --- | --- | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `3.11.0` | `5.2.5` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.1` | `3.1.6` | | [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | Bumps the npm_and_yarn group with 4 updates in the /bulk-editor directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server), [cipher-base](https://github.com/crypto-browserify/cipher-base), [pbkdf2](https://github.com/browserify/pbkdf2) and [sha.js](https://github.com/crypto-browserify/sha.js). Bumps the npm_and_yarn group with 1 update in the /chart directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server). Bumps the npm_and_yarn group with 5 updates in the /cross-site-data directory: | Package | From | To | | --- | --- | --- | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `3.11.0` | `5.2.5` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.1` | `3.1.6` | | [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | Bumps the npm_and_yarn group with 5 updates in the /hidden-field directory: | Package | From | To | | --- | --- | --- | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `3.11.0` | `5.2.5` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.1` | `3.1.6` | | [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | Bumps the npm_and_yarn group with 5 updates in the /hide-field-from-role directory: | Package | From | To | | --- | --- | --- | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `3.11.0` | `5.2.5` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.1` | `3.1.6` | | [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | Bumps the npm_and_yarn group with 5 updates in the /send-record-id directory: | Package | From | To | | --- | --- | --- | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `3.11.0` | `5.2.5` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.1` | `3.1.6` | | [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | Updates `webpack-dev-server` from 3.11.0 to 5.2.5 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.11.0...v5.2.5) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `pbkdf2` from 3.1.1 to 3.1.6 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.1...v3.1.6) Updates `picomatch` from 2.2.2 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.2.2...2.3.2) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `webpack-dev-server` from 3.8.2 to 5.2.5 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.11.0...v5.2.5) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `pbkdf2` from 3.0.17 to 3.1.6 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.1...v3.1.6) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `webpack-dev-server` from 3.11.3 to 5.2.5 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.11.0...v5.2.5) Updates `webpack-dev-server` from 3.11.0 to 5.2.5 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.11.0...v5.2.5) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `pbkdf2` from 3.1.1 to 3.1.6 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.1...v3.1.6) Updates `picomatch` from 2.2.2 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.2.2...2.3.2) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `webpack-dev-server` from 3.11.0 to 5.2.5 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.11.0...v5.2.5) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `pbkdf2` from 3.1.1 to 3.1.6 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.1...v3.1.6) Updates `picomatch` from 2.2.2 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.2.2...2.3.2) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `webpack-dev-server` from 3.11.0 to 5.2.5 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.11.0...v5.2.5) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `pbkdf2` from 3.1.1 to 3.1.6 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.1...v3.1.6) Updates `picomatch` from 2.2.2 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.2.2...2.3.2) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `webpack-dev-server` from 3.11.0 to 5.2.5 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.11.0...v5.2.5) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `pbkdf2` from 3.1.1 to 3.1.6 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.1...v3.1.6) Updates `picomatch` from 2.2.2 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.2.2...2.3.2) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) --- updated-dependencies: - dependency-name: webpack-dev-server dependency-version: 5.2.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

cursor

Risk: medium. Approved: Cursor Bugbot was not present on this PR, and this dependabot webpack-dev-server devDependency bump across seven plugins meets the medium risk threshold with no applicable approval policies requiring human review. No reviewers assigned.

_{Sent by Cursor Approval Agent: Pull Request Approver}

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 23, 2026

cursor Bot approved these changes Jun 23, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 7 directories with 6 updates#17

Bump the npm_and_yarn group across 7 directories with 6 updates#17
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/alt-title-editor/npm_and_yarn-ff61402bd8

dependabot Bot commented on behalf of github Jun 23, 2026

Uh oh!

cursor Bot left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 23, 2026

v5.2.5

Patch Changes

v5.2.4

5.2.4 (2026-05-11)

Bug Fixes

v5.2.3

5.2.3 (2026-01-12)

Bug Fixes

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

v5.2.1

5.2.1 (2025-03-26)

Security

Bug Fixes

5.2.5

Patch Changes

5.2.4 (2026-05-11)

Bug Fixes

5.2.3 (2026-01-12)

Bug Fixes

5.2.2 (2025-06-03)

Bug Fixes

5.2.1 (2025-03-26)

Security

Bug Fixes

5.2.0 (2024-12-11)

Features

v1.0.7 - 2025-09-24

Commits

v1.0.6 - 2024-11-26

Commits

v1.0.5 - 2024-11-17

Commits

v3.1.6 - 2026-05-26

Commits

v3.1.5 - 2025-09-23

Commits

v3.1.4 - 2025-09-22

Commits

v3.1.3 - 2025-06-20

Commits

2.3.2

What's Changed

2.3.1

Fixed

Changed

2.2.3

Fixed

Release history

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

v2.4.12 - 2025-07-01

Commits

v5.2.5

Patch Changes

v5.2.4

5.2.4 (2026-05-11)

Bug Fixes

v5.2.3

5.2.3 (2026-01-12)

Bug Fixes

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

v5.2.1

5.2.1 (2025-03-26)

Security

Bug Fixes

5.2.5

Patch Changes

5.2.4 (2026-05-11)

Bug Fixes

5.2.3 (2026-01-12)