…pdates
Bumps the npm_and_yarn group with 10 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.6` | `6.4.3` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |
| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |
| [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |
| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.15` |
| [rollup](https://github.com/rollup/rollup) | `4.40.0` | `4.62.2` |
Updates `vite` from 6.3.6 to 6.4.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.4.3/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.4.3/packages/vite)
Updates `follow-redirects` from 1.15.11 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0)
Updates `glob` from 10.4.5 to 10.5.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v10.4.5...v10.5.0)
Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)
Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.18.1)
Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1
- [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases)
- [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1)
Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)
Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)
Updates `postcss` from 8.5.3 to 8.5.15
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.3...8.5.15)
Updates `rollup` from 4.40.0 to 4.62.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.40.0...v4.62.2)
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-version: 1.16.0
dependency-type: indirect
- dependency-name: glob
dependency-version: 10.5.0
dependency-type: indirect
- dependency-name: js-yaml
dependency-version: 3.14.2
dependency-type: indirect
- dependency-name: lodash
dependency-version: 4.18.1
dependency-type: indirect
- dependency-name: mdast-util-to-hast
dependency-version: 13.2.1
dependency-type: indirect
- dependency-name: minimatch
dependency-version: 3.1.5
dependency-type: indirect
- dependency-name: picomatch
dependency-version: 2.3.2
dependency-type: indirect
- dependency-name: postcss
dependency-version: 8.5.15
dependency-type: indirect
- dependency-name: rollup
dependency-version: 4.60.4
dependency-type: indirect
- dependency-name: vite
dependency-version: 6.4.2
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Bumps the npm_and_yarn group with 10 updates in the / directory:
6.3.66.4.31.15.111.16.010.4.510.5.03.14.13.14.24.17.214.18.113.2.013.2.13.1.23.1.52.3.12.3.28.5.38.5.154.40.04.62.2Updates
vitefrom 6.3.6 to 6.4.3Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
Commits
6c2c881release: v6.4.396b0c10fix: backport #22572, reject windows alternate paths (#22576)8fed5cffix(deps): backport #22571, reject UNC paths for launch-editor-middleware (#2...6b3fad0release: v6.4.2ca4da5dfix: avoid path traversal with optimize deps sourcemap handler (#22161)fe28e47fix: apply server.fs check to env transport (#22159) (#22163)5487f4frelease: v6.4.11114b5dfix(dev): trim trailing slash beforeserver.fs.denycheck (#20968) (#20969)f12697crelease: v6.4.0ca6455efeat: allow passing down resolved config to vite's createServer (#20932)Updates
follow-redirectsfrom 1.15.11 to 1.16.0Commits
0c23a22Release version 1.16.0 of the npm package.844c4d3Add sensitiveHeaders option.5e8b8d0ci: add Node.js 24.x to the CI matrix7953e22ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v686dc1f8Sanitizing input.Updates
globfrom 10.4.5 to 10.5.0Commits
56774ef10.5.01e4e297bin: Do not expose filenames to shell expansionUpdates
js-yamlfrom 3.14.1 to 3.14.2Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
9963d363.14.2 released10d3c8edist rebuild5278870fix prototype pollution in merge (<<) (#731)Updates
lodashfrom 4.17.21 to 4.18.1Release notes
Sourced from lodash's releases.
Commits
cb0b9b9release(patch): bump main to 4.18.1 (#6177)75535f5chore: prune stale advisory refs (#6170)62e91bcdocs: remove n_ Node.js < 6 REPL note from README (#6165)59be2derelease(minor): bump to 4.18.0 (#6161)af63457fix: broken tests for _.template 879aaa91073a76fix: linting issues879aaa9fix: validate imports keys in _.templatefe8d32efix: block prototype pollution in baseUnset via constructor/prototype traversal18ba0a3refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)b819080ci: add dist sync validation workflow (#6137)Updates
mdast-util-to-hastfrom 13.2.0 to 13.2.1Release notes
Sourced from mdast-util-to-hast's releases.
Commits
174795b13.2.13d05b3aUpdate Node in Actionsab3a795Fix support for spaces in class namesefb5312Refactor to use@importsa5bc210Add declaration mapsb54955dAdd.tsbuildinfoto.gitignoreUpdates
minimatchfrom 3.1.2 to 3.1.5Commits
7bba9783.1.5bd25942docs: add warning about ReDoS1a9c27cfix partial matching of globstar patterns1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actionsUpdates
picomatchfrom 2.3.1 to 2.3.2Release notes
Sourced from picomatch's releases.
Changelog
Sourced from picomatch's changelog.
... (truncated)
Commits
81cba8dPublish 2.3.2fc1f6b6Merge commit from forkeec17aeMerge commit from fork78f8ca4Merge pull request #156 from micromatch/backport-1443f4f10eMerge pull request #144 from Jason3S/jdent-object-propertiesUpdates
postcssfrom 8.5.3 to 8.5.15Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
eae46dbRelease 8.5.15 version79508ffUpdate CI actionsb128e21Speed up declaration parsing by avoiding creating new array on each token9825dcaFix code format55789c8Update dependencies84fbbe9Install older pnpm action for old Node.js9f860bdRevert pnpm action for old Node.js0877198Update CI actionsb2d1a33Fix linter warnings0700dacMerge pull request #2088 from rootvector2/add-oss-fuzz-harnessUpdates
rollupfrom 4.40.0 to 4.62.2Release notes
Sourced from rollup's releases.
... (truncated)
Changelog
Sourced from rollup's changelog.
... (truncated)
Commits
8faa1874.62.2a38a795refactor(rust/parser_ast): extract property AstConverter write buffer kind lo...6cc5c31Skip side-effect-free external imports when hoisting is disabled (#6411)caacf704.62.1d1e8297Add missing ignore1ba1fc2fix: insert conflict numbers before first extension in multi-extension filena...532bd0aUse import attributes for importing JSON (#6393)2cd8194fix: advance value past wildcard prefix before suffix check in getLogFilter (...dfac590fix(deps): update minor/patch updates (#6418)1d6db3dchore(deps): update dependency eslint-plugin-unicorn to v66 (#6419)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for rollup since your current version.
Install script changes
This version modifies
preparescript that runs during installation. Review the package contents before updating.