chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates by dependabot[bot] · Pull Request #599 · Apadmi-Engineering/Mockzilla

dependabot · 2026-05-26T08:39:01Z

Bumps the npm_and_yarn group with 8 updates in the /docs/homepage directory:

Package	From	To
brace-expansion	`1.1.12`	`1.1.15`
minimatch	`3.1.2`	`3.1.5`
ajv	`6.12.6`	`6.15.0`
flatted	`3.3.3`	`3.4.2`
picomatch	`4.0.3`	`4.0.4`
picomatch	`2.3.1`	`2.3.2`
postcss	`8.5.6`	`8.5.15`
rollup	`4.52.0`	`4.61.1`
tar	`7.4.4`	`7.5.16`

Updates brace-expansion from 1.1.12 to 1.1.15

Release notes

Sourced from brace-expansion's releases.

v1.1.15

Backport v5.0.6 change to v1 (#111) 0b09384

juliangruber/brace-expansion@v1.1.14...v1.1.15

Commits

2203f4f 1.1.15
0b09384 Backport v5.0.6 change to v1 (#111)
10c05fc 1.1.14
1afa1b2 Add opt-in { max } mitigation to v1 legacy line (#103)
2fbb6a2 Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)
0d7652e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)
6c353ca 1.1.13
7fd684f Backport fix for GHSA-f886-m6hf-6m8v (#95)
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.15.0

Commits

184bc32 6.15.0
fea46af test/fix prototype pollution via $data ref with format keyword (#2606)
e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates flatted from 3.3.3 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates picomatch from 4.0.3 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

e5474fc Publish 4.0.4
4516eb5 Merge commit from fork
5eceecd Merge commit from fork
0db7dd7 Run benchmark again against latest minimatch version (#161)
9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
2661f23 fix typo in globstars.js test name (#138)
1798b07 docs: fix makeRe example (#143)
9d76bc5 chore: undocument removed options (#146)
e4d718b Remove unused time-require (#160)
38dffeb chore(deps): pin dependencies (#158)
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

e5474fc Publish 4.0.4
4516eb5 Merge commit from fork
5eceecd Merge commit from fork
0db7dd7 Run benchmark again against latest minimatch version (#161)
9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
2661f23 fix typo in globstars.js test name (#138)
1798b07 docs: fix makeRe example (#143)
9d76bc5 chore: undocument removed options (#146)
e4d718b Remove unused time-require (#160)
38dffeb chore(deps): pin dependencies (#158)
Additional commits viewable in compare view

Updates postcss from 8.5.6 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

eae46db Release 8.5.15 version
79508ff Update CI actions
b128e21 Speed up declaration parsing by avoiding creating new array on each token
9825dca Fix code format
55789c8 Update dependencies
84fbbe9 Install older pnpm action for old Node.js
9f860bd Revert pnpm action for old Node.js
0877198 Update CI actions
b2d1a33 Fix linter warnings
0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
Additional commits viewable in compare view

Updates rollup from 4.52.0 to 4.61.1

Release notes

Sourced from rollup's releases.

v4.61.1

4.61.1

2026-06-04

Bug Fixes

Avoid extraneous newlines when adding headers via plugins (#6403)

Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

#6402: Improve documentation for manualPureFunctions (@lukastaegert)

#6403: Does not add an extra leading line feed for addons (@TrickyPi)

#6404: fix: set report.excludeNetwork=true before getReport() to avoid blocking PTR lookups (@jdz321, @lukastaegert)

v4.61.0

4.61.0

2026-06-01

Features

Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

#6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@lukastaegert)

#6378: fix(deps): update minor/patch updates (@renovate[bot])

#6379: chore(deps): update dependency lint-staged to v17 (@renovate[bot], @lukastaegert)

#6380: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6381: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6382: chore(deps): update dependency @types/node to ^20.19.41 (@renovate[bot])

#6386: fix(deps): update minor/patch updates (@renovate[bot])

#6387: chore(deps): update aws-actions/configure-aws-credentials action to v6 (@renovate[bot])

#6388: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6389: chore(deps): lock file maintenance (@renovate[bot])

#6391: Sort entry modules to make chunk hash names deterministic (@TrickyPi)

#6394: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6395: chore(deps): update react monorepo to v19 (@renovate[bot], @lukastaegert)

#6396: fix(deps): update rust crate swc_compiler_base to v57 (@renovate[bot], @lukastaegert)

#6397: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6400: docs: fix broken links (@jiyujie2006)

v4.60.4

4.60.4

2026-05-14

Bug Fixes

... (truncated)

Changelog

Sourced from rollup's changelog.

4.61.1

2026-06-04

Bug Fixes

Avoid extraneous newlines when adding headers via plugins (#6403)

Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

#6402: Improve documentation for manualPureFunctions (@lukastaegert)

#6403: Does not add an extra leading line feed for addons (@TrickyPi)

#6404: fix: set report.excludeNetwork=true before getReport() to avoid blocking PTR lookups (@jdz321, @lukastaegert)

4.61.0

2026-06-01

Features

Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

#6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@lukastaegert)

#6378: fix(deps): update minor/patch updates (@renovate[bot])

#6379: chore(deps): update dependency lint-staged to v17 (@renovate[bot], @lukastaegert)

#6380: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6381: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6382: chore(deps): update dependency @types/node to ^20.19.41 (@renovate[bot])

#6386: fix(deps): update minor/patch updates (@renovate[bot])

#6387: chore(deps): update aws-actions/configure-aws-credentials action to v6 (@renovate[bot])

#6388: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6389: chore(deps): lock file maintenance (@renovate[bot])

#6391: Sort entry modules to make chunk hash names deterministic (@TrickyPi)

#6394: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6395: chore(deps): update react monorepo to v19 (@renovate[bot], @lukastaegert)

#6396: fix(deps): update rust crate swc_compiler_base to v57 (@renovate[bot], @lukastaegert)

#6397: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6400: docs: fix broken links (@jiyujie2006)

4.60.4

2026-05-14

Bug Fixes

Improve stability of chunk hashes (#6362)

... (truncated)

Commits

b77daf0 4.61.1
91b6dc4 fix: set report.excludeNetwork=true before getReport() to avoid blocking PTR ...
f2a0449 Improve documentation for manualPureFunctions (#6402)
7bdce6c Does not add an extra leading line feed for addons (#6403)
765167f 4.61.0
0f547eb Sort entry modules to make chunk hash names deterministic (#6391)
5838787 docs: fix broken links (#6400)
cc0f51a chore(deps): update react monorepo to v19 (#6395)
dd30037 fix(deps): update rust crate swc_compiler_base to v57 (#6396)
cb86c3e chore(deps): lock file maintenance (#6397)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for rollup since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates tar from 7.4.4 to 7.5.16

Changelog

Sourced from tar's changelog.

Changelog

7.5

Added zstd compression support.

Consistent TOCTOU behavior in sync t.list

Only read from ustar block if not specified in Pax

Fix sync tar.list when file size reduces while reading

Sanitize absolute linkpaths properly

Prevent writing hardlink entries to the archive ahead of their file target

7.4

Deprecate onentry in favor of onReadEntry for clarity.

7.3

Add onWriteEntry option

7.2

DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

Update minipass to v7.1.0

Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

Drop support for node <18

Rewrite in TypeScript, provide ESM and CommonJS hybrid interface

Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.

Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.

Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

cf21338 7.5.16
21a8220 do not apply PAX header fields to meta entries
52632cf update project deps
302f51f fix inconsequential typo in PENDINGLINKS symbol name
55dbb99 remove some uses of mutate-fs
87cc309 7.5.15
7aef486 fix: regression in pending links detection
6244eb3 7.5.14
9704d8c stricter protection against hardlinks preempting their targets
700734f update workflows and deps
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

…dates Bumps the npm_and_yarn group with 8 updates in the /docs/homepage directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` | | [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` | | [rollup](https://github.com/rollup/rollup) | `4.52.0` | `4.61.1` | | [tar](https://github.com/isaacs/node-tar) | `7.4.4` | `7.5.16` | Updates `brace-expansion` from 1.1.12 to 1.1.15 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.15) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `ajv` from 6.12.6 to 6.15.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.15.0) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.3...4.0.4) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.3...4.0.4) Updates `postcss` from 8.5.6 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.6...8.5.15) Updates `rollup` from 4.52.0 to 4.61.1 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.52.0...v4.61.1) Updates `tar` from 7.4.4 to 7.5.16 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.4...v7.5.16) --- updated-dependencies: - dependency-name: ajv dependency-version: 6.15.0 dependency-type: indirect - dependency-name: brace-expansion dependency-version: 1.1.14 dependency-type: indirect - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect - dependency-name: rollup dependency-version: 4.60.4 dependency-type: indirect - dependency-name: tar dependency-version: 7.5.15 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 26, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/docs/homepage/npm_and_yarn-49531f9152 branch from 995c92e to 27859a9 Compare June 4, 2026 13:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates#599

chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates#599
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/docs/homepage/npm_and_yarn-49531f9152

dependabot Bot commented on behalf of github May 26, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.1.15

4.0.4

What's Changed

4.0.4

What's Changed

8.5.15

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

8.5.8

8.5.7

8.5.15

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

8.5.8

8.5.7

v4.61.1

4.61.1

Bug Fixes

Pull Requests

v4.61.0

4.61.0

Features

Pull Requests

v4.60.4

4.60.4

Bug Fixes

4.61.1

Bug Fixes

Pull Requests

4.61.0

Features

Pull Requests

4.60.4

Bug Fixes

Changelog

7.5

7.4

7.3

7.2

7.1

7.0

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 26, 2026 •

edited

Loading