Skip to content

Bump the npm_and_yarn group across 16 directories with 20 updates#11

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-2aa6447653
Open

Bump the npm_and_yarn group across 16 directories with 20 updates#11
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-2aa6447653

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 14, 2026

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package From To
undici 6.20.1 6.24.0
yauzl 3.1.1 3.2.1
electron 32.2.1 35.7.5
minimatch 3.1.2 3.1.5
minimatch 9.0.5 9.0.9
minimatch 9.0.3 9.0.9
minimatch 7.4.6 7.4.9
minimatch 10.0.1 10.2.4
webpack 5.94.0 5.105.4
@tootallnate/once 3.0.0 3.0.1
js-yaml 4.1.0 4.1.1
lodash 4.17.21 4.17.23
svgo 3.3.2 3.3.3
svgo 2.8.0 2.8.2
tar-fs 2.1.1 2.1.4
tar-fs 3.0.6 3.1.2

Bumps the npm_and_yarn group with 8 updates in the /build directory:

Package From To
yauzl 2.10.0 3.2.1
minimatch 3.1.2 3.1.5
minimatch 9.0.5 9.0.9
lodash 4.17.21 4.17.23
tar-fs 2.1.1 2.1.4
jws 3.2.2 3.2.3
jws 4.0.0 4.0.1
fast-xml-parser 4.5.0 4.5.4
qs 6.13.0 6.15.0
tmp 0.2.3 0.2.5

Bumps the npm_and_yarn group with 3 updates in the /build/npm/gyp directory: glob, minimatch and tar.
Bumps the npm_and_yarn group with 1 update in the /extensions/css-language-features directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /extensions/git directory: file-type.
Bumps the npm_and_yarn group with 1 update in the /extensions/html-language-features directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /extensions/json-language-features directory: minimatch.
Bumps the npm_and_yarn group with 2 updates in the /extensions/markdown-language-features directory: minimatch and dompurify.
Bumps the npm_and_yarn group with 1 update in the /extensions/microsoft-authentication directory: jws.
Bumps the npm_and_yarn group with 1 update in the /extensions/notebook-renderers directory: @tootallnate/once.
Bumps the npm_and_yarn group with 2 updates in the /extensions/npm directory: minimatch and js-yaml.
Bumps the npm_and_yarn group with 1 update in the /extensions/vscode-api-tests directory: node-forge.
Bumps the npm_and_yarn group with 4 updates in the /remote directory: undici, yauzl, @tootallnate/once and tar-fs.
Bumps the npm_and_yarn group with 2 updates in the /test/automation directory: minimatch and tmp.
Bumps the npm_and_yarn group with 2 updates in the /test/integration/browser directory: minimatch and tmp.
Bumps the npm_and_yarn group with 1 update in the /test/smoke directory: minimatch.

Updates undici from 6.20.1 to 6.24.0

Release notes

Sourced from undici's releases.

v6.24.0

Undici v6.24.0 Security Release Notes (LTS)

This release backports fixes for security vulnerabilities affecting the v6 line.

Upgrade guidance

All users on v6 should upgrade to v6.24.0 or later.

Fixed advisories

Not applicable to v6

Affected and patched ranges (v6)

References

v6.23.0

⚠️ Security Release

... (truncated)

Commits
  • 8873c94 Bumped v6.24.0
  • 411bd01 test(websocket): use node:assert for Node 18 compatibility
  • 844bf59 test: fix http2 lint regressions in backport
  • a444e4f test: stabilize h2 and tls-cert-leak under current test runner
  • dc032a1 fix: h2 CI (#4395)
  • 4cd3f4b test: increase bitness in test/fixtures/*.pem (#3659)
  • 7df6442 fix: adapt websocket frame-limit handling for v6 parser
  • 4e0179a fix: reject duplicate content-length and host headers
  • 5a97f08 Fix websocket 64-bit length overflow
  • e43e898 fix: validate upgrade header to prevent CRLF injection
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.


Updates yauzl from 3.1.1 to 3.2.1

Commits

Updates electron from 32.2.1 to 35.7.5

Commits

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates minimatch from 9.0.5 to 9.0.9

Commits

Updates minimatch from 9.0.3 to 9.0.9

Commits

Updates minimatch from 7.4.6 to 7.4.9

Commits

Updates minimatch from 10.0.1 to 10.2.4

Commits

Updates webpack from 5.94.0 to 5.105.4

Release notes

Sourced from webpack's releases.

v5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

v5.105.3

Patch Changes

  • Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

  • Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

  • Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

  • Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

  • Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

  • Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

  • Fix some types. (by @​alexander-akait in #20412)

  • Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

  • Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

  • Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

  • Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

  • Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

v5.105.2

Patch Changes

v5.105.1

Patch Changes

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

5.105.3

Patch Changes

  • Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

  • Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

  • Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

  • Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

  • Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

  • Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

  • Fix some types. (by @​alexander-akait in #20412)

  • Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

  • Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

  • Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

  • Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

  • Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

5.105.2

Patch Changes

... (truncated)

Commits
  • 27c13b4 chore(release): new release (#20550)
  • 9b2f41e chore: bump terser plugin (#20569)
  • eafe060 fix: narrow the export presence guard detection (#20561)
  • 75d605c refactor: add AppendOnlyStackedSet iteration support and tests (#20560)
  • afa607d refactor: remove unused code (#20562)
  • 4098902 test: add source files for web-webworker and web-webworker-auto-public-path (...
  • f97be67 refactor: fix duplicated word in Compilation JSDoc (#20547)
  • 9d76fff refactor: add Module.getSourceBasicTypes for basic JS type detection (#20546)
  • a3d7839 fix: types for multi stats (#20556)
  • b8e9b05 fix: update enhanced-resolve to support new features for tsconfig.json (#...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack since your current version.


Updates @tootallnate/once from 3.0.0 to 3.0.1

Release notes

Sourced from @​tootallnate/once's releases.

v3.0.1

Patch Changes

  • 28dbc5d: Fix promise hang when AbortSignal is aborted
Changelog

Sourced from @​tootallnate/once's changelog.

3.0.1

Patch Changes

  • 28dbc5d: Fix promise hang when AbortSignal is aborted
Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​tootallnate/once since your current version.


Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates lodash from 4.17.21 to 4.17.23

Commits

Updates svgo from 3.3.2 to 3.3.3

Release notes

Sourced from svgo's releases.

v3.3.3

What's Changed

Dependencies

  • Migrates from our unsupported fork of sax (@​trysound/sax) to the upstream version of sax (sax).

Bug Fixes

  • No longer throws error when encountering comments in DTD.

Metrics

Before and after of the browser bundle of each respective version:

v3.3.2 v3.3.3 Delta
svgo.browser.js 910.9 kB 912.9 kB ⬆️ 2 kB

Support

SVGO v3 is not officially supported, please consider upgrading to SVGO v4 instead. We've backported this fix as there are security implications, but there is no commitment to do this for more complex changes in future.

Consider reading our Migration Guide from v3 to v4 which should ease the process.

Commits

Updates svgo from 2.8.0 to 2.8.2

Release notes

Sourced from svgo's releases.

v3.3.3

What's Changed

Dependencies

  • Migrates from our unsupported fork of sax (@​trysound/sax) to the upstream version of sax (sax).

Bug Fixes

  • No longer throws error when encountering comments in DTD.

Metrics

Before and after of the browser bundle of each respective version:

v3.3.2 v3.3.3 Delta
svgo.browser.js 910.9 kB 912.9 kB ⬆️ 2 kB

Support

SVGO v3 is not officially supported, please consider upgrading to SVGO v4 instead. We've backported this fix as there are security implications, but there is no commitment to do this for more complex changes in future.

Consider reading our Migration Guide from v3 to v4 which should ease the process.

Commits

Updates tar-fs from 2.1.1 to 2.1.4

Commits

Updates tar-fs from 3.0.6 to 3.1.2

Commits

Updates serialize-javascript from 6.0.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

  • fix: serialize URL string contents to prevent XSS (#173) f27d65d
  • Bump @​babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0
  • docs: update readme with URL support (#146) 0d88527
  • chore: update node version and lock file e2a3a91
  • fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

New Contributors

Full Changelog: yahoo/serialize-javascript@v6.0.0...v6.0.1

Commits

Updates yauzl from 2.10.0 to 3.2.1

Commits

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates minimatch from 9.0.5 to 9.0.9

Commits

Updates lodash from 4.17.21 to 4.17.23

Commits

@dependabot
Bump the npm_and_yarn group across 16 directories with 20 updates
b036abf 
Bumps the npm_and_yarn group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [undici](https://github.com/nodejs/undici) | `6.20.1` | `6.24.0` |
| [yauzl](https://github.com/thejoshwolfe/yauzl) | `3.1.1` | `3.2.1` |
| [electron](https://github.com/electron/electron) | `32.2.1` | `35.7.5` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |
| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |
| [minimatch](https://github.com/isaacs/minimatch) | `9.0.3` | `9.0.9` |
| [minimatch](https://github.com/isaacs/minimatch) | `7.4.6` | `7.4.9` |
| [minimatch](https://github.com/isaacs/minimatch) | `10.0.1` | `10.2.4` |
| [webpack](https://github.com/webpack/webpack) | `5.94.0` | `5.105.4` |
| [@tootallnate/once](https://github.com/TooTallNate/once) | `3.0.0` | `3.0.1` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |
| [svgo](https://github.com/svg/svgo) | `3.3.2` | `3.3.3` |
| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `3.0.6` | `3.1.2` |

Bumps the npm_and_yarn group with 8 updates in the /build directory:

| Package | From | To |
| --- | --- | --- |
| [yauzl](https://github.com/thejoshwolfe/yauzl) | `2.10.0` | `3.2.1` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |
| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` |
| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |
| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |
| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.0` | `4.5.4` |
| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.0` |
| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.5` |

Bumps the npm_and_yarn group with 3 updates in the /build/npm/gyp directory: [glob](https://github.com/isaacs/node-glob), [minimatch](https://github.com/isaacs/minimatch) and [tar](https://github.com/isaacs/node-tar).
Bumps the npm_and_yarn group with 1 update in the /extensions/css-language-features directory: [minimatch](https://github.com/isaacs/minimatch).
Bumps the npm_and_yarn group with 1 update in the /extensions/git directory: [file-type](https://github.com/sindresorhus/file-type).
Bumps the npm_and_yarn group with 1 update in the /extensions/html-language-features directory: [minimatch](https://github.com/isaacs/minimatch).
Bumps the npm_and_yarn group with 1 update in the /extensions/json-language-features directory: [minimatch](https://github.com/isaacs/minimatch).
Bumps the npm_and_yarn group with 2 updates in the /extensions/markdown-language-features directory: [minimatch](https://github.com/isaacs/minimatch) and [dompurify](https://github.com/cure53/DOMPurify).
Bumps the npm_and_yarn group with 1 update in the /extensions/microsoft-authentication directory: [jws](https://github.com/brianloveswords/node-jws).
Bumps the npm_and_yarn group with 1 update in the /extensions/notebook-renderers directory: [@tootallnate/once](https://github.com/TooTallNate/once).
Bumps the npm_and_yarn group with 2 updates in the /extensions/npm directory: [minimatch](https://github.com/isaacs/minimatch) and [js-yaml](https://github.com/nodeca/js-yaml).
Bumps the npm_and_yarn group with 1 update in the /extensions/vscode-api-tests directory: [node-forge](https://github.com/digitalbazaar/forge).
Bumps the npm_and_yarn group with 4 updates in the /remote directory: [undici](https://github.com/nodejs/undici), [yauzl](https://github.com/thejoshwolfe/yauzl), [@tootallnate/once](https://github.com/TooTallNate/once) and [tar-fs](https://github.com/mafintosh/tar-fs).
Bumps the npm_and_yarn group with 2 updates in the /test/automation directory: [minimatch](https://github.com/isaacs/minimatch) and [tmp](https://github.com/raszi/node-tmp).
Bumps the npm_and_yarn group with 2 updates in the /test/integration/browser directory: [minimatch](https://github.com/isaacs/minimatch) and [tmp](https://github.com/raszi/node-tmp).
Bumps the npm_and_yarn group with 1 update in the /test/smoke directory: [minimatch](https://github.com/isaacs/minimatch).


Updates `undici` from 6.20.1 to 6.24.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.20.1...v6.24.0)

Updates `yauzl` from 3.1.1 to 3.2.1
- [Commits](thejoshwolfe/yauzl@3.1.1...3.2.1)

Updates `electron` from 32.2.1 to 35.7.5
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v32.2.1...v35.7.5)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 9.0.5 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 9.0.3 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 7.4.6 to 7.4.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 10.0.1 to 10.2.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `webpack` from 5.94.0 to 5.105.4
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.94.0...v5.105.4)

Updates `@tootallnate/once` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/TooTallNate/once/releases)
- [Changelog](https://github.com/TooTallNate/once/blob/master/CHANGELOG.md)
- [Commits](TooTallNate/once@3.0.0...v3.0.1)

Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `svgo` from 3.3.2 to 3.3.3
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.3.2...v3.3.3)

Updates `svgo` from 2.8.0 to 2.8.2
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.3.2...v3.3.3)

Updates `tar-fs` from 2.1.1 to 2.1.4
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4)

Updates `tar-fs` from 3.0.6 to 3.1.2
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4)

Updates `serialize-javascript` from 6.0.0 to 6.0.2
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2)

Updates `yauzl` from 2.10.0 to 3.2.1
- [Commits](thejoshwolfe/yauzl@3.1.1...3.2.1)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 9.0.5 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `tar-fs` from 2.1.1 to 2.1.4
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4)

Updates `jws` from 3.2.2 to 3.2.3
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.2.2...v3.2.3)

Updates `jws` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.2.2...v3.2.3)

Updates `fast-xml-parser` from 4.5.0 to 4.5.4
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.5.0...v4.5.4)

Updates `qs` from 6.13.0 to 6.15.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.13.0...v6.15.0)

Updates `tmp` from 0.2.3 to 0.2.5
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.3...v0.2.5)

Updates `glob` from 10.4.2 to 10.5.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v10.4.2...v10.5.0)

Updates `minimatch` from 9.0.5 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `tar` from 6.2.1 to 7.5.11
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.1...v7.5.11)

Updates `minimatch` from 9.0.3 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `file-type` from 16.5.4 to 21.3.2
- [Release notes](https://github.com/sindresorhus/file-type/releases)
- [Commits](sindresorhus/file-type@v16.5.4...v21.3.2)

Updates `minimatch` from 9.0.3 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 9.0.3 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `dompurify` from 3.1.7 to 3.3.2
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.1.7...3.3.2)

Updates `jws` from 3.2.2 to 3.2.3
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.2.2...v3.2.3)

Removes `@tootallnate/once`

Updates `minimatch` from 5.1.6 to 5.1.8
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `js-yaml` from 3.14.0 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `node-forge` from 1.3.1 to 1.3.2
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.3.2)

Updates `undici` from 6.20.1 to 6.24.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.20.1...v6.24.0)

Updates `yauzl` from 3.1.1 to 3.2.1
- [Commits](thejoshwolfe/yauzl@3.1.1...3.2.1)

Updates `@tootallnate/once` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/TooTallNate/once/releases)
- [Changelog](https://github.com/TooTallNate/once/blob/master/CHANGELOG.md)
- [Commits](TooTallNate/once@3.0.0...v3.0.1)

Updates `tar-fs` from 2.1.1 to 2.1.4
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `tmp` from 0.2.1 to 0.2.4
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.3...v0.2.5)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `tmp` from 0.0.33 to 0.2.4
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.3...v0.2.5)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.24.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: yauzl
  dependency-version: 3.2.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: electron
  dependency-version: 35.7.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 7.4.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 10.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-version: 5.105.4
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@tootallnate/once"
  dependency-version: 3.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: svgo
  dependency-version: 3.3.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: svgo
  dependency-version: 2.8.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version: 6.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yauzl
  dependency-version: 3.2.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 4.0.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-version: 4.5.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 0.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: file-type
  dependency-version: 21.3.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.3.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@tootallnate/once"
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 5.1.8
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.3.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.24.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: yauzl
  dependency-version: 3.2.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@tootallnate/once"
  dependency-version: 3.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 0.2.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 0.2.4
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants