chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates by dependabot[bot] · Pull Request #33 · verdaccio/verdaccio-aws-s3-storage

dependabot · 2026-06-07T07:45:32Z

Bumps the npm_and_yarn group with 1 update in the / directory: vite.

Updates vite from 8.0.1 to 8.0.5

Release notes

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.2

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

deps: reject UNC paths for launch-editor-middleware (#22571) (50b9512)

reject windows alternate paths (#22572) (dc245c7)

8.0.15 (2026-06-01)

Features

send 408 on request timeout (#22476) (c85c9ee)

update rolldown to 1.0.3 (#22538) (646dbed)

Bug Fixes

capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)

deps: update all non-major dependencies (#22511) (2686d7d)

dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)

glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)

optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)

resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

deps: update rolldown-related dependencies (#22566) (3052a67)

Code Refactoring

correct logic in collectAllModules function (#22562) (6978a9c)

8.0.14 (2026-05-21)

Features

update rolldown to 1.0.2 (#22484) (96efc88)

Bug Fixes

deps: update all non-major dependencies (#22471) (98b8163)

dev: handle errors when sending messages to vite server (#22450) (e8e9a34)

html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)

optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

deps: update rolldown-related dependencies (#22470) (7cb728e)

remove irrelevant commits from changelog (2c69495)

Code Refactoring

glob: do not rewrite import path for absolute base (#22310) (0ae2844)

... (truncated)

Commits

1a12d4c release: v8.0.5
79f002f fix: avoid path traversal with optimize deps sourcemap handler (#22161)
a9a3df2 fix: check server.fs after stripping query as well (#22160)
f02d9fd fix: apply server.fs check to env transport (#22159)
f05f501 fix: disallow referencing files outside the package from sourcemap (#22158)
7339bdc release: v8.0.4
54229e7 docs: add environment.fetchModule documentation (#22035)
b0da973 feat: allow esbuild 0.28 as peer deps (#22155)
22b0166 fix(deps): update all non-major dependencies (#22143)
17330d2 fix: add types for vite/modulepreload-polyfill (#22126)
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Fix bad text values in parse #126, thanks to @connor4312

Changed

Remove process global to work outside of node #129, thanks to @styfle

Add sideEffects to package.json #128, thanks to @frandiox

Removed os, make compatible browser environment. See #124, thanks to @gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

81cba8d Publish 2.3.2
fc1f6b6 Merge commit from fork
eec17ae Merge commit from fork
78f8ca4 Merge pull request #156 from micromatch/backport-144
3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
See full diff in compare view

Updates postcss from 8.5.8 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

Changelog

Sourced from postcss's changelog.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

Commits

eae46db Release 8.5.15 version
79508ff Update CI actions
b128e21 Speed up declaration parsing by avoiding creating new array on each token
9825dca Fix code format
55789c8 Update dependencies
84fbbe9 Install older pnpm action for old Node.js
9f860bd Revert pnpm action for old Node.js
0877198 Update CI actions
b2d1a33 Fix linter warnings
0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
Additional commits viewable in compare view

socket-security · 2026-06-07T07:46:02Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vite@8.0.5

View full report

…dates Bumps the npm_and_yarn group with 1 update in the / directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 8.0.1 to 8.0.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.5/packages/vite) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `postcss` from 8.5.8 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.8...8.5.15) --- updated-dependencies: - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect - dependency-name: vite dependency-version: 8.0.5 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 7, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-ecf035ff07 branch from 7c70e05 to 778463f Compare June 7, 2026 07:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates#33

chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates#33
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-ecf035ff07

dependabot Bot commented on behalf of github Jun 7, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Jun 7, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v8.0.5

v8.0.4

create-vite@8.0.3

v8.0.3

create-vite@8.0.2

v8.0.2

plugin-legacy@8.0.2

8.0.16 (2026-06-01)

Bug Fixes

8.0.15 (2026-06-01)

Features

Bug Fixes

Miscellaneous Chores

Code Refactoring

8.0.14 (2026-05-21)

Features

Bug Fixes

Miscellaneous Chores

Code Refactoring

2.3.2

What's Changed

Release history

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

8.5.15

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

8.5.15

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

Uh oh!

socket-security Bot commented Jun 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 7, 2026 •

edited

Loading

socket-security Bot commented Jun 7, 2026 •

edited

Loading