Skip to content

chore(deps): Bump the npm_and_yarn group across 5 directories with 13 updates#8

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-455524876a
Open

chore(deps): Bump the npm_and_yarn group across 5 directories with 13 updates#8
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-455524876a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package From To
turbo 2.5.4 2.9.14
nodemailer 6.9.9 9.0.1
samlify 2.10.0 2.13.0
simple-git 3.17.0 3.36.0
ws 8.17.1 8.21.0
langsmith 0.3.45 0.6.0
markdown-it 13.0.2 14.2.0
postcss 8.4.49 8.5.10
axios 1.8.3 1.16.0
uuid 10.0.0 14.0.0
vite 6.3.5 6.4.3
vitest 3.1.3 3.2.6

Bumps the npm_and_yarn group with 1 update in the /packages/@n8n/ai-workflow-builder.ee directory: langsmith.
Bumps the npm_and_yarn group with 4 updates in the /packages/cli directory: nodemailer, samlify, simple-git and ws.
Bumps the npm_and_yarn group with 2 updates in the /packages/frontend/@n8n/design-system directory: markdown-it and postcss.
Bumps the npm_and_yarn group with 2 updates in the /packages/nodes-base directory: nodemailer and simple-git.

Updates turbo from 2.5.4 to 2.9.14

Release notes

Sourced from turbo's releases.

Turborepo v2.9.14

[!NOTE] This release contains important security fixes.

High:

Low:

What's Changed

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

Turborepo v2.9.13-canary.1

What's Changed

Changelog

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for turbo since your current version.


Updates nodemailer from 6.9.9 to 9.0.1

Release notes

Sourced from nodemailer's releases.

v9.0.1

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

v9.0.0

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

v8.0.11

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)
  • resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
  • return the promise from every resolveContent branch (07ffe8c)
  • strip the url scheme from List-ID header values (77e5885)
  • tag AWS SES transport errors with the ESES code (efa647a)

v8.0.10

8.0.10 (2026-05-29)

Bug Fixes

  • fall back to lower-severity handler when custom logger lacks a level method (6d849df)

v8.0.9

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)
  • resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
  • return the promise from every resolveContent branch (07ffe8c)
  • strip the url scheme from List-ID header values (77e5885)
  • tag AWS SES transport errors with the ESES code (efa647a)

8.0.10 (2026-05-29)

Bug Fixes

  • fall back to lower-severity handler when custom logger lacks a level method (6d849df)

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

8.0.8 (2026-05-23)

Bug Fixes

... (truncated)

Commits
  • 69cf625 chore(master): release 9.0.1 (#1828)
  • a82e060 fix: enforce disableFileAccess/disableUrlAccess for raw message option
  • 4e58450 chore: update dev dependencies
  • 541f5fd chore(master): release 9.0.0 (#1827)
  • 0c080fb fix: replace deprecated url.parse with a WHATWG URL wrapper
  • 6a947ac fix!: validate TLS certificates by default when fetching remote content
  • e3b1bda chore(master): release 8.0.11 (#1826)
  • 4358caf refactor: remove dead checks flagged by Code Quality analysis
  • cf5195c chore: harden workflow token permissions and update GitHub Actions
  • 067aebe fix: parse Ethereal response props without polynomial regex backtracking
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for nodemailer since your current version.


Updates samlify from 2.10.0 to 2.13.0

Release notes

Sourced from samlify's releases.

v2.13.0

What's Changed

Security Audit

GHSA-34r5-q4jw-r36m (credit to @​RootUp)

Full Changelog: tngan/samlify@v2.12.0...v2.13.0

v2.12.0

What's Changed

Full Changelog: tngan/samlify@v2.11.0...v2.12.0

v2.11.0

What's Changed

New Contributors

Full Changelog: tngan/samlify@v2.10.2...v2.11.0

... (truncated)

Commits
  • 3230b2b chore: bump version to 2.13.0
  • b37a65c fix: escape XML element text in replaceTagsByValue to prevent SAML attribute ...
  • 0235cab feat: per-request AssertionConsumerServiceIndex for createLoginRequest (close...
  • a3910b1 feat: support RSASSA-PSS signature algorithms (closes #624) (#625)
  • 8f1cc8b feat: support elementsOrder option on IdP metadata (closes #429) (#622)
  • c393d81 fix: invoke customTagReplacement even without explicit template (closes #549)...
  • ee738cc feat: support tagPrefix.protocol and tagPrefix.assertion on IdP (closes #388)...
  • 1c2b9fa feat: per-request ForceAuthn for createLoginRequest (closes #359) (#618)
  • 803acc1 fix: default signatureConfig for SP when wantMessageSigned is true (closes #4...
  • 3ee2bc6 fix: surface SP/IdP signing flags in ERR_METADATA_CONFLICT_REQUEST_SIGNED_FLA...
  • Additional commits viewable in compare view

Updates simple-git from 3.17.0 to 3.36.0

Release notes

Sourced from simple-git's releases.

simple-git@3.36.0

Minor Changes

  • 89a2294: Extend known exploitable configuration keys and per-task environment variables.

    Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

    Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

  • 1ad57e8: Remove conflicting node:buffer import
  • Updated dependencies [89a2294]
  • Updated dependencies [675570a]
    • @​simple-git/argv-parser@​1.1.0
    • @​simple-git/args-pathspec@​1.0.3

simple-git@3.35.2

Patch Changes

  • 0cf9d8c: Improvements for mono-repo publishing pipeline
  • Updated dependencies [0cf9d8c]
    • @​simple-git/args-pathspec@​1.0.2
    • @​simple-git/argv-parser@​1.0.3

simple-git@3.35.1

Patch Changes

  • 0de400e: Update monorepo version handling during publish
  • Updated dependencies [0de400e]
    • @​simple-git/argv-parser@​1.0.2

simple-git@3.33.0

Minor Changes

  • a263635: Use pathspec wrappers for remote and local paths when running either git.clone or git.mirror to avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.

Patch Changes

  • e253a0d: Enhanced git -c checks in unsafe plugin.

    Thanks to @​JohannesLks for identifying the issue

simple-git@3.32.3

Patch Changes

  • f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

... (truncated)

Changelog

Sourced from simple-git's changelog.

3.36.0

Minor Changes

  • 89a2294: Extend known exploitable configuration keys and per-task environment variables.

    Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

    Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

  • 1ad57e8: Remove conflicting node:buffer import
  • Updated dependencies [89a2294]
  • Updated dependencies [675570a]
    • @​simple-git/argv-parser@​1.1.0
    • @​simple-git/args-pathspec@​1.0.3

3.35.2

Patch Changes

  • 0cf9d8c: Improvements for mono-repo publishing pipeline
  • Updated dependencies [0cf9d8c]
    • @​simple-git/args-pathspec@​1.0.2
    • @​simple-git/argv-parser@​1.0.3

3.35.1

Patch Changes

  • 0de400e: Update monorepo version handling during publish
  • Updated dependencies [0de400e]
    • @​simple-git/argv-parser@​1.0.2

3.35.0

Minor Changes

  • 3d8708b: Updating publish config

Patch Changes

  • Updated dependencies [3d8708b]
    • @​simple-git/args-pathspec@​1.0.1
    • @​simple-git/argv-parser@​1.0.1

3.34.0

... (truncated)

Commits
  • 7dc1a53 Version Packages
  • 76f5376 Merge pull request #1061 from Vinzent03/fix/buffer-import
  • 89a2294 Environment Parsing (#1156)
  • 1b91b76 fix: remove explicit node:buffer import
  • e390685 Version Packages
  • 3c9e4b8 Pin version of @​simple-git/args-pathspec
  • 94ee21f Export pathspec types through simple-git for backward compatibility
  • 6d7cb51 Version Packages
  • 0de400e Switch to semver from workspace revisions
  • 2264722 Version Packages
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for simple-git since your current version.


Updates ws from 8.17.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

8.20.1

... (truncated)

Commits
  • bca91ad [dist] 8.21.0
  • 2b2abd4 [security] Limit retained message parts
  • 78eabe2 [security] Add latest vulnerability to SECURITY.md
  • 5d9b316 [dist] 8.20.1
  • c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
  • ce2a3d6 [ci] Test on node 26
  • 58e45b8 [ci] Do not test on node 25
  • 5f26c24 [ci] Run the lint step on node 24
  • 8439255 [dist] 8.20.0
  • d3503c1 [minor] Export the PerMessageDeflate class and header utils
  • Additional commits viewable in compare view

Updates langsmith from 0.3.45 to 0.6.0

Release notes

Sourced from langsmith's releases.

v0.6.0

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.5.2...v0.6.0

v0.6.0rc0

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.5.1...v0.6.0rc0

v0.5.2

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.5.1...v0.5.2

v0.5.1

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for langsmith since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.


Updates markdown-it from 13.0.2 to 14.2.0

Changelog

Sourced from markdown-it's changelog.

[14.2.0] - 2026-05-24

Added

  • isPunctCharCode to utilities.

Fixed

  • Don't end HTML comment blocks on a blank line, #1155.
  • Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
  • Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
  • More strict entities decode to avoid false positives ;, #1096.
  • Restore block parser state on fail in lheading rule, #1131.

Security

  • Fixed poor smartquotes perfomance on > 70k quotes in single block
  • Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.

[14.1.1] - 2026-01-11

Security

  • Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @​ltduc147 for report.

[14.1.0] - 2024-03-19

Changed

  • Updated CM spec compatibility to 0.31.2, #1009.

Fixed

  • Fixed quadratic complexity when parsing references, #996.
  • Fixed quadratic output size with pathological user input in tables, #1000.

[14.0.0] - 2023-12-08

Changed

  • Drop ancient browsers support (use .fromCodePoint and other features).
  • Rewrite to ESM (including all plugins/deps). CJS fallback still available. No signatures changed, except markdown-it-emoji plugin.
  • Dropped dist/ folder from repo, build on package publish.
  • Set punicode.js as external dependency.

Fixed

  • Html tokens inside img alt are now rendered as their original text, #896.
  • Hardbreaks inside img alt are now rendered as newlines.
Commits

Updates postcss from 8.4.49 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

8.5.3

8.5.2

8.5.1

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"
</tr></table>

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

  • Fixed Parcel compatibility issue (by

… updates

Bumps the npm_and_yarn group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [turbo](https://github.com/vercel/turborepo) | `2.5.4` | `2.9.14` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `6.9.9` | `9.0.1` |
| [samlify](https://github.com/tngan/samlify) | `2.10.0` | `2.13.0` |
| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.17.0` | `3.36.0` |
| [ws](https://github.com/websockets/ws) | `8.17.1` | `8.21.0` |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.45` | `0.6.0` |
| [markdown-it](https://github.com/markdown-it/markdown-it) | `13.0.2` | `14.2.0` |
| [postcss](https://github.com/postcss/postcss) | `8.4.49` | `8.5.10` |
| [axios](https://github.com/axios/axios) | `1.8.3` | `1.16.0` |
| [uuid](https://github.com/uuidjs/uuid) | `10.0.0` | `14.0.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `6.4.3` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.1.3` | `3.2.6` |

Bumps the npm_and_yarn group with 1 update in the /packages/@n8n/ai-workflow-builder.ee directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk).
Bumps the npm_and_yarn group with 4 updates in the /packages/cli directory: [nodemailer](https://github.com/nodemailer/nodemailer), [samlify](https://github.com/tngan/samlify), [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) and [ws](https://github.com/websockets/ws).
Bumps the npm_and_yarn group with 2 updates in the /packages/frontend/@n8n/design-system directory: [markdown-it](https://github.com/markdown-it/markdown-it) and [postcss](https://github.com/postcss/postcss).
Bumps the npm_and_yarn group with 2 updates in the /packages/nodes-base directory: [nodemailer](https://github.com/nodemailer/nodemailer) and [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git).


Updates `turbo` from 2.5.4 to 2.9.14
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.5.4...v2.9.14)

Updates `nodemailer` from 6.9.9 to 9.0.1
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v6.9.9...v9.0.1)

Updates `samlify` from 2.10.0 to 2.13.0
- [Release notes](https://github.com/tngan/samlify/releases)
- [Commits](tngan/samlify@v2.10.0...v2.13.0)

Updates `simple-git` from 3.17.0 to 3.36.0
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git)

Updates `ws` from 8.17.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.17.1...8.21.0)

Updates `langsmith` from 0.3.45 to 0.6.0
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.3.45...v0.6.0)

Updates `markdown-it` from 13.0.2 to 14.2.0
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@13.0.2...14.2.0)

Updates `postcss` from 8.4.49 to 8.5.10
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.49...8.5.10)

Updates `axios` from 1.8.3 to 1.16.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.8.3...v1.16.0)

Updates `uuid` from 10.0.0 to 14.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v10.0.0...v14.0.0)

Updates `vite` from 6.3.5 to 6.4.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.4.3/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.4.3/packages/vite)

Updates `vitest` from 3.1.3 to 3.2.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest)

Updates `follow-redirects` from 1.15.11 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0)

Updates `langsmith` from 0.3.45 to 0.6.0
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.3.45...v0.6.0)

Updates `nodemailer` from 6.9.9 to 9.0.1
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v6.9.9...v9.0.1)

Updates `samlify` from 2.10.0 to 2.13.0
- [Release notes](https://github.com/tngan/samlify/releases)
- [Commits](tngan/samlify@v2.10.0...v2.13.0)

Updates `simple-git` from 3.17.0 to 3.36.0
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git)

Updates `ws` from 8.17.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.17.1...8.21.0)

Updates `markdown-it` from 13.0.2 to 14.2.0
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@13.0.2...14.2.0)

Updates `postcss` from 8.4.49 to 8.5.10
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.49...8.5.10)

Updates `nodemailer` from 6.9.9 to 9.0.1
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v6.9.9...v9.0.1)

Updates `simple-git` from 3.17.0 to 3.36.0
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git)

---
updated-dependencies:
- dependency-name: turbo
  dependency-version: 2.9.14
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: nodemailer
  dependency-version: 9.0.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: samlify
  dependency-version: 2.13.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: simple-git
  dependency-version: 3.36.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: langsmith
  dependency-version: 0.6.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: markdown-it
  dependency-version: 14.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: uuid
  dependency-version: 14.0.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.4.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 3.2.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: langsmith
  dependency-version: 0.6.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: nodemailer
  dependency-version: 9.0.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: samlify
  dependency-version: 2.13.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: simple-git
  dependency-version: 3.36.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: markdown-it
  dependency-version: 14.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: nodemailer
  dependency-version: 9.0.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: simple-git
  dependency-version: 3.36.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants