Skip to content

chore(deps): Bump the npm_and_yarn group across 2 directories with 10 updates#1

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/contracts/lib/openzeppelin-contracts-upgradeable/npm_and_yarn-3e855322de
Open

chore(deps): Bump the npm_and_yarn group across 2 directories with 10 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/contracts/lib/openzeppelin-contracts-upgradeable/npm_and_yarn-3e855322de

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 25, 2026

Bumps the npm_and_yarn group with 10 updates in the /contracts/lib/openzeppelin-contracts-upgradeable directory:

Package From To
undici 7.8.0 7.24.0
brace-expansion 1.1.11 1.1.12
ajv 6.12.6 6.14.0
@eslint/plugin-kit 0.2.8 0.4.1
@isaacs/brace-expansion 5.0.0 5.0.1
axios 1.9.0 1.13.6
diff 5.2.0 5.2.2
flatted 3.3.3 3.4.2
immutable 4.3.7 4.3.8
lodash 4.17.21 4.17.23

Bumps the npm_and_yarn group with 10 updates in the /contracts/lib/openzeppelin-contracts-upgradeable/lib/openzeppelin-contracts directory:

Package From To
undici 7.8.0 7.24.0
brace-expansion 1.1.11 1.1.12
ajv 6.12.6 6.14.0
@eslint/plugin-kit 0.2.8 0.4.1
@isaacs/brace-expansion 5.0.0 5.0.1
axios 1.9.0 1.13.6
diff 5.2.0 5.2.2
flatted 3.3.3 3.4.2
immutable 4.3.7 4.3.8
lodash 4.17.21 4.17.23

Updates undici from 7.8.0 to 7.24.0

Release notes

Sourced from undici's releases.

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

Affected and patched ranges

References

v7.23.0

What's Changed

... (truncated)

Commits
  • 07a3906 Bumped v7.24.0 (#4887)
  • 74495c6 fix: reject duplicate content-length and host headers
  • 84235c6 Fix websocket 64-bit length overflow
  • 77594f9 fix: validate upgrade header to prevent CRLF injection
  • cb79c57 fix: validate server_max_window_bits range in permessage-deflate
  • 4147ce2 Merge commit '2ee00cb3'
  • 2ee00cb fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate
  • 5890c7b fix(deduplicate): stream response chunks to waiting handlers
  • fbda3c1 Bumped v7.23.0 (#4884)
  • 07276c9 fix: remove unused kSocketPath symbol
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.


Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates ajv from 6.12.6 to 6.14.0

Commits

Updates @eslint/plugin-kit from 0.2.8 to 0.4.1

Release notes

Sourced from @​eslint/plugin-kit's releases.

config-helpers: v0.4.1

0.4.1 (2025-10-17)

Bug Fixes

  • add validation for plugins in isLegacyConfig (#292) (74f9427)
  • improve type support for isolated dependencies in pnpm (#289) (f8df139)
  • use flat config when eslintrc config does not exist (#288) (ddc8577)

plugin-kit: v0.4.1

0.4.1 (2025-10-27)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.16.0 to ^0.17.0

config-helpers: v0.4.0

0.4.0 (2025-09-16)

Features

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0

plugin-kit: v0.4.0

0.4.0 (2025-09-16)

Features

  • add support for getLocFromIndex and getIndexFromLoc (#212) (a3588d8)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0

... (truncated)

Changelog

Sourced from @​eslint/plugin-kit's changelog.

0.4.1 (2025-10-27)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.16.0 to ^0.17.0

0.4.0 (2025-09-16)

Features

  • add support for getLocFromIndex and getIndexFromLoc (#212) (a3588d8)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0

0.3.5 (2025-08-05)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.1 to ^0.15.2

0.3.4 (2025-07-21)

Bug Fixes

  • potential quadratic runtime in regular expression (#240) (b283f64)

0.3.3 (2025-06-25)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.0 to ^0.15.1

0.3.2 (2025-06-09)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​eslint/plugin-kit since your current version.


Updates @isaacs/brace-expansion from 5.0.0 to 5.0.1

Updates axios from 1.9.0 to 1.13.6

Release notes

Sourced from axios's releases.

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

  • Breaking Changes: None identified in this release.
  • Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

  • React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#5764)
  • Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

  • Environment Compatibility:

    • Fixed module exports for React Native and Browserify environments. (#7386)
    • Added safe FormData detection for the WeChat Mini Program environment. (#7324)

  • Error Handling:

    • AxiosError.message is now correctly enumerable. (#7392)
    • AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#7403)

🔧 Maintenance & Chores

  • Dependencies: Updated the development_dependencies group (5 updates). (#7432)
  • Infrastructure: Migrated @​rollup/plugin-babel from v5.3.1 to v6.1.0. (#7424)
  • Documentation: Added missing JSDoc comments to utilities. (#7427)

🌟 New Contributors

We are thrilled to welcome our new contributors! Thank you for helping improve the project:

Full Changelog: v1.13.5...v1.13.6

v1.13.5

Release 1.13.5

Highlights

  • Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
  • Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

  • Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Commits
  • 7108c88 chore(release): prepare release 1.13.6 (#7446)
  • 20a0ba3 refactor(deps): migrate @​rollup/plugin-babel from v5.3.1 to v6.1.0 (#7424)
  • 885b4af feat: support react native blob objects (#5764)
  • 00d97b9 docs(utils): add missing JSDoc comments (#7427)
  • 9712548 chore(deps-dev): bump the development_dependencies group across 1 directory w...
  • d51accb fix(core): copy status from source error in AxiosError.from (#7403)
  • 3e30bbf chore: fix publish to only run on v1 tags
  • 672491d fix: safe FormData detection for WeChat Mini Program (#7306) (#7324)
  • 822e3e4 fix: make AxiosError.message property enumerable (#7392)
  • ef3711d feat: implement prettier and fix all issues (#7385)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.


Updates diff from 5.2.0 to 5.2.2

Changelog

Sourced from diff's changelog.

v5.2.2 - January 2026

Only change from 5.2.0 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v5.2.1 (deprecated)

Accidental release - do not use.

Commits

Updates flatted from 3.3.3 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates immutable from 4.3.7 to 4.3.8

Release notes

Sourced from immutable's releases.

v4.3.8

Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Changelog

Sourced from immutable's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning. Dates are formatted as YYYY-MM-DD.

Unreleased

5.1.5

  • Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

5.1.4

Documentation

Internal

5.1.3

TypeScript

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples. We added a page about browser extensions too: https://immutable-js.com/browser-extension/

Internal

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for immutable since your current version.


Updates lodash from 4.17.21 to 4.17.23

Commits

Updates undici from 7.8.0 to 7.24.0

Release notes

Sourced from undici's releases.

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

Affected and patched ranges

References

v7.23.0

What's Changed

... (truncated)

Commits
  • 07a3906 Bumped v7.24.0 (#4887)
  • 74495c6 fix: reject duplicate content-length and host headers
  • 84235c6 Fix websocket 64-bit length overflow
  • 77594f9 fix: validate upgrade header to prevent CRLF injection
  • cb79c57 fix: validate server_max_window_bits range in permessage-deflate
  • 4147ce2 Merge commit '2ee00cb3'
  • 2ee00cb fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate
  • 5890c7b fix(deduplicate): stream response chunks to waiting handlers
  • fbda3c1 Bumped v7.23.0 (#4884)
  • 07276c9 fix: remove unused kSocketPath symbol
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.


Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates ajv from 6.12.6 to 6.14.0

Commits

Updates @eslint/plugin-kit from 0.2.8 to 0.4.1

Release notes

Sourced from @​eslint/plugin-kit's releases.

config-helpers: v0.4.1

0.4.1 (2025-10-17)

Bug Fixes

  • add validation for plugins in isLegacyConfig (#292) (74f9427)
  • improve type support for isolated dependencies in pnpm (#289) (f8df139)
  • use flat config when eslintrc config does not exist (#288) (ddc8577)

plugin-kit: v0.4.1

0.4.1 (2025-10-27)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.16.0 to ^0.17.0

config-helpers: v0.4.0

0.4.0 (2025-09-16)

Features

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0

plugin-kit: v0.4.0

0.4.0 (2025-09-16)

Features

  • add support for getLocFromIndex and getIndexFromLoc (#212) (a3588d8)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0

... (truncated)

Changelog

Sourced from @​eslint/plugin-kit's changelog.

0.4.1 (2025-10-27)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.16.0 to ^0.17.0

0.4.0 (2025-09-16)

Features

  • add support for getLocFromIndex and getIndexFromLoc (#212) (a3588d8)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0

0.3.5 (2025-08-05)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.1 to ^0.15.2

0.3.4 (2025-07-21)

Bug Fixes

  • potential quadratic runtime in regular expression (#240) (b283f64)

0.3.3 (2025-06-25)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.0 to ^0.15.1

0.3.2 (2025-06-09)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​eslint/plugin-kit since your current version.


Updates @isaacs/brace-expansion from 5.0.0 to 5.0.1

Updates axios from 1.9.0 to 1.13.6

Release notes

Sourced from axios's releases.

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

  • Breaking Changes: None identified in this release.
  • Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

  • React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#5764)
  • Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

  • Environment Compatibility:

    • Fixed module exports for React Native and Browserify environments. (#7386)
    • Added safe FormData detection for the WeChat Mini Program environment. (#7324)

  • Error Handling:

    • AxiosError.message is now correctly enumerable. (#7392)
    • AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#7403)

🔧 Maintenance & Chores

  • Dependencies: Updated the development_dependencies group (5 updates). (#7432)
  • Infrastructure: Migrated @​rollup/plugin-babel from v5.3.1 to v6.1.0. (

@dependabot
chore(deps): Bump the npm_and_yarn group across 2 directories with 10…
c27b621 
… updates

Bumps the npm_and_yarn group with 10 updates in the /contracts/lib/openzeppelin-contracts-upgradeable directory:

| Package | From | To |
| --- | --- | --- |
| [undici](https://github.com/nodejs/undici) | `7.8.0` | `7.24.0` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` |
| [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit) | `0.2.8` | `0.4.1` |
| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |
| [axios](https://github.com/axios/axios) | `1.9.0` | `1.13.6` |
| [diff](https://github.com/kpdecker/jsdiff) | `5.2.0` | `5.2.2` |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |
| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.7` | `4.3.8` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |

Bumps the npm_and_yarn group with 10 updates in the /contracts/lib/openzeppelin-contracts-upgradeable/lib/openzeppelin-contracts directory:

| Package | From | To |
| --- | --- | --- |
| [undici](https://github.com/nodejs/undici) | `7.8.0` | `7.24.0` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` |
| [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit) | `0.2.8` | `0.4.1` |
| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |
| [axios](https://github.com/axios/axios) | `1.9.0` | `1.13.6` |
| [diff](https://github.com/kpdecker/jsdiff) | `5.2.0` | `5.2.2` |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |
| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.7` | `4.3.8` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |



Updates `undici` from 7.8.0 to 7.24.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.8.0...v7.24.0)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `ajv` from 6.12.6 to 6.14.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v6.12.6...v6.14.0)

Updates `@eslint/plugin-kit` from 0.2.8 to 0.4.1
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.4.1/packages/plugin-kit)

Updates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1

Updates `axios` from 1.9.0 to 1.13.6
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.9.0...v1.13.6)

Updates `diff` from 5.2.0 to 5.2.2
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v5.2.0...v5.2.2)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `immutable` from 4.3.7 to 4.3.8
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](immutable-js/immutable-js@v4.3.7...v4.3.8)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `undici` from 7.8.0 to 7.24.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.8.0...v7.24.0)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `ajv` from 6.12.6 to 6.14.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v6.12.6...v6.14.0)

Updates `@eslint/plugin-kit` from 0.2.8 to 0.4.1
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.4.1/packages/plugin-kit)

Updates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1

Updates `axios` from 1.9.0 to 1.13.6
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.9.0...v1.13.6)

Updates `diff` from 5.2.0 to 5.2.2
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v5.2.0...v5.2.2)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `immutable` from 4.3.7 to 4.3.8
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](immutable-js/immutable-js@v4.3.7...v4.3.8)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 7.24.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ajv
  dependency-version: 6.14.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@eslint/plugin-kit"
  dependency-version: 0.4.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@isaacs/brace-expansion"
  dependency-version: 5.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.13.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 5.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: immutable
  dependency-version: 4.3.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 7.24.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ajv
  dependency-version: 6.14.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@eslint/plugin-kit"
  dependency-version: 0.4.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@isaacs/brace-expansion"
  dependency-version: 5.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.13.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 5.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: immutable
  dependency-version: 4.3.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants