Skip to content

chore(deps): bump the minor-and-patch group across 1 directory with 9 updates#1442

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-e95c615f15
Open

chore(deps): bump the minor-and-patch group across 1 directory with 9 updates#1442
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-e95c615f15

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 9 updates in the / directory:

Package From To
axios 1.16.0 1.18.1
core-js 3.48.0 3.49.0
less 4.5.1 4.6.7
sass 1.97.3 1.101.0
pug 3.0.3 3.0.4
uglify-js 3.17.4 3.19.3
uikit 3.24.2 3.25.19
vue-template-compiler 2.5.21 2.7.16
webpack 5.105.2 5.107.2

Updates axios from 1.16.0 to 1.18.1

Release notes

Sourced from axios's releases.

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

🔧 Maintenance & Chores

  • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

  • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

... (truncated)

Commits
  • a209bfb chore(release): prepare release 1.18.1 (#11027)
  • fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
  • 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
  • a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
  • cf1306a docs: add Deno to install instructions (#11023)
  • b32880a fix: incorrect use of error (#11021)
  • 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
  • 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
  • 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
  • e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
  • Additional commits viewable in compare view

Updates core-js from 3.48.0 to 3.49.0

Changelog

Sourced from core-js's changelog.

3.49.0 - 2026.03.16

  • Changes v3.48.0...v3.49.0 (373 commits)
  • Iterator.range updated following the actual spec version
    • Throw a RangeError on NaN start / end / step
    • Allow null as optionOrStep
  • Improved accuracy of Math.{ asinh, atanh } polyfills with big and small values
  • Improved accuracy of Number.prototype.toExponential polyfills with big and small values
  • Improved performance of atob, btoa, Uint8Array.fromHex, Uint8Array.prototype.setFromHex, and Uint8Array.prototype.toHex, #1503, #1464, #1510, thanks @​johnzhou721
  • Minor performance optimization polyfills of methods from Map upsert proposal
  • Polyfills of methods from Map upsert proposal from the pure version made generic to make it work with polyfilled and native collections
  • Wrap Symbol.for in Symbol.prototype.description polyfill for correct handling of empty string descriptions
  • Fixed a modern Safari bug in Array.prototype.includes with sparse arrays and fromIndex
  • Fixed one more case (Iterator.prototype.take) of a V8 ~ Chromium < 126 bug
  • Forced replacement of Iterator.{ concat, zip, zipKeyed } in the pure version for ensuring proper wrapped Iterator instances as the result
  • Fixed proxying .return() on exhausted iterator from some methods of iterator helpers polyfill to the underlying iterator
  • Fixed double .return() calling in case of throwing error in this method in the internal iterate helper that affected some polyfills
  • Fixed closing iterator on IteratorValue errors in the internal iterate helper that affected some polyfills
  • Fixed iterator closing in Array.from polyfill on failure to create array property
  • Fixed order of arguments validation in Array.fromAsync polyfill
  • Fixed a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync polyfill
  • Fixed order of arguments validation in Array.prototype.flat polyfill
  • Fixed handling strings as iterables in Iterator.{ zip, zipKeyed } polyfills
  • Fixed some cases of iterators closing in Iterator.{ zip, zipKeyed } polyfills
  • Fixed validation of iterators .next() results an objects in Iterator.{ zip, zipKeyed } polyfills
  • Fixed a lack of early error in Iterator.concat polyfill on primitive as an iterator
  • Fixed buffer mutation exposure in Iterator.prototype.windows polyfill
  • Fixed iterator closing in Set.prototype.{ isDisjointFrom, isSupersetOf } polyfill
  • Fixed (updated following the final spec) one more case Set.prototype.difference polyfill with updating this
  • Fixed DataView.prototype.setFloat16 polyfill in (0, 1) range
  • Fixed order of arguments validation in String.prototype.{ padStart, padEnd } polyfills
  • Fixed order of arguments validation in String.prototype.{ startsWith, endsWith } polyfills
  • Fixed some cases of Infinity handling in String.prototype.substr polyfill
  • Fixed String.prototype.repeat polyfill with a counter exceeding 2 ** 32
  • Fixed some cases of chars case in escape polyfill
  • Fixed named backreferences in RegExp NCG polyfill
  • Fixed some cases of RegExp NCG polyfill in combination with other types of groups
  • Fixed some cases of RegExp NCG polyfill in combination with dotAll
  • Fixed String.prototype.replace with sticky polyfill, #810, #1514
  • Fixed RegExp sticky polyfill with alternation
  • Fixed handling of some line terminators in case of multiline + sticky mode in RegExp polyfill
  • Fixed .input slicing on result object with RegExp sticky mode polyfill
  • Fixed handling of empty groups with global and unicode modes in polyfills
  • Fixed URLSearchParam.prototype.delete polyfill with duplicate key-value pairs
  • Fixed possible removal of unnecessary entries in URLSearchParam.prototype.delete polyfill with second argument
  • Fixed an error in some cases of non-special URLs without a path in the URL polyfill
  • Fixed some percent encode cases / character sets in the URL polyfill
  • Fixed parsing of non-IPv4 hosts ends in a number in the URL polyfill
  • Fixed some cases of '' and null host handling in the URL polyfill
  • Fixed host parsing with hostname = host:port in the URL polyfill
  • Fixed host inheritance in some cases of file scheme in the URL polyfill

... (truncated)

Commits
  • 80adfc4 v3.49.0
  • 0ad3e00 fix a modern Safari bug in Array.prototype.includes with sparse arrays and ...
  • 853bfa4 update some links
  • b4d723f fix a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync p...
  • e276676 fix parsing of non-IPv4 hosts ends in a number in the URL polyfill
  • dd1cfba fix order of arguments validation in String.prototype.{ padStart, padEnd } ...
  • b952c5f add an extra protection to configurator
  • e490caf Fix for #810 (#1514)
  • 10b4e86 drop an unneeded comment
  • 28cf2e9 feat: Improve performance of Uint8Array Hex functions (#1510)
  • Additional commits viewable in compare view

Updates less from 4.5.1 to 4.6.7

Release notes

Sourced from less's releases.

Release v4.6.7

Changes

See CHANGELOG.md for details.

Installation

npm install less@4.6.7

Release v4.6.6

Changes

See CHANGELOG.md for details.

Installation

npm install less@4.6.6

Release v4.6.5

Changes

See CHANGELOG.md for details.

Installation

npm install less@4.6.5

Release v4.6.3

Changes

See CHANGELOG.md for details.

Installation

npm install less@4.6.3

Release v4.6.0

Changes

See CHANGELOG.md for details.

Installation

... (truncated)

Changelog

Sourced from less's changelog.

v4.6.7 (2026-06-20)

Changes

  • #4457 Fix failing "Request Copilot review" CI job (@​app/copilot-swe-agent)
  • #4451 chore: release v4.6.6 (@​app/github-actions)

v4.6.6 (2026-06-14)

Changes

v4.6.5 (2026-06-13)

Bug Fixes

Maintenance

v4.6.4 (2026-03-13)

Tests

  • #4422 Add coverage for :is()/:matches()/:where() containing nested :has() selectors and comma-separated lists (@​Copilot)

v4.6.3 (2026-03-11)

Bug Fixes

... (truncated)

Commits

Updates sass from 1.97.3 to 1.101.0

Release notes

Sourced from sass's releases.

Dart Sass 1.101.0

To install Sass 1.101.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Potentially breaking bug fix: The Node package importer now properly supports resolving import-only variants of Sass files declared in the exports, sass, and style fields of package.json. Previously, these files were ignored even when loaded via @import, so any code relying on loading module-system-only files this way may break.

See the full changelog for changes in earlier releases.

Dart Sass 1.100.0

To install Sass 1.100.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Writing two compound selectors adjacent to one another without any whitespace between them, such as [class]a, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.

    See the Sass website for details.

See the full changelog for changes in earlier releases.

Dart Sass 1.99.0

To install Sass 1.99.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

  • User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

  • User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

  • User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

    See the Sass website for details.

  • In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

    See the Sass website for details.

... (truncated)

Changelog

Sourced from sass's changelog.

1.101.0

  • Potentially breaking bug fix: The Node package importer now properly supports resolving import-only variants of Sass files declared in the exports, sass, and style fields of package.json. Previously, these files were ignored even when loaded via @import, so any code relying on loading module-system-only files this way may break.

1.100.0

  • Writing two compound selectors adjacent to one another without any whitespace between them, such as [class]a, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.

    See the Sass website for details.

1.99.0

  • Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

  • User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

  • User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

  • User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

    See the Sass website for details.

  • In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

    See the Sass website for details.

  • Calls to functions whose names begin with - and end with -progid:... are deprecated.

... (truncated)

Commits
  • 63b9922 Load import-only files through package.json exports (#2772)
  • c7e9947 Migrate from bufbuild/buf-setup-action to bufbuild/buf-action (#2773)
  • 7674a4c Bump postcss from 8.5.13 to 8.5.15 in /pkg/sass-parser (#2774)
  • 5fd18c7 Bump node engine requirement to >=20.19.0 and chokidar requirement to ^5.0.0 ...
  • 8c1d984 Deprecate adjacent compound selectors (#2765)
  • 8e5f718 Bump postcss from 8.5.12 to 8.5.13 in /pkg/sass-parser (#2767)
  • 1447f9b Bump postcss from 8.5.8 to 8.5.12 in /pkg/sass-parser (#2766)
  • 83c39fe Support the top-level parent selector (#2758)
  • ec85871 Bump EndBug/add-and-commit from 9 to 10 (#2756)
  • a604acd [Function Name] Implement changes (#2731)
  • Additional commits viewable in compare view

Updates pug from 3.0.3 to 3.0.4

Release notes

Sourced from pug's releases.

pug-code-gen@3.0.4

Bug Fixes

  • Ensure doctype option is properly validated (#3468)

pug@3.0.4

Bug Fixes

  • Update pug-code-gen to ensure doctype option is properly validated (#3468)
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for pug since your current version.


Updates uglify-js from 3.17.4 to 3.19.3

Release notes

Sourced from uglify-js's releases.

v3.19.3

Bug Fixes

  • assignment operator (abefd944eaebfd20d7f01e75353de2c5260bd586, cf87290819d87bfec842503ae655eafeffd5bdb6)
  • function call (4a92cdc4807a01bcaba9003a45a0e13c46653a8f)
  • function literal (303417cb64f145b52d8162ad2ffb8a48c56aac38)
  • property accessor (f34fbb2c36b2fd1cfe38aa12d103cdeb3916c73d, 23f98ba3e19b30bfd47de7c1a4740f8aa442b333, abefd944eaebfd20d7f01e75353de2c5260bd586, cf87290819d87bfec842503ae655eafeffd5bdb6)

v3.19.2

Features

  • improve compression of logical expressions (c7152b5e6618089c359d8f6c944572997271cfc9, cd0a8ec757156737a71be697b0cdd4a95a2dd6ab)
  • simplify collapsed assignment expressions (76803d6b45421699e201fbc4ee3173af1b1033df)
  • convert function literals to arrow functions (22550741b913e3c9fcdc3cf39395a8020c77c5f5)
  • support ascii_only on template literals (4661b3472e228c056f273977319009d6103feaff)
  • improve generation of Unicode escape sequences (80ebacbf51ccf449d47f5ce5a41fffeae4f9c454)

Bug Fixes

  • destructuring syntax (d82b7de5e885da712b43703810a521f22820ee26)
  • if statement (69f4e3a419fc1328eacadf89cbbece0497ad8957)
  • logical operator (69f4e3a419fc1328eacadf89cbbece0497ad8957)
  • optional chaining operator (15c8edb7564a0ab825fce19517f96e8d377a01a8, 8bbbc5178ebee10eb9fa69a706b29f40cc2aa3b9, 69f4e3a419fc1328eacadf89cbbece0497ad8957)
  • property accessor (e9cf8deb3352935328671df92ae21bf7b1e8a3b0)
  • switch statement (69f4e3a419fc1328eacadf89cbbece0497ad8957)
  • try statement (4bf9a4f0954c3fb2b2b2ab9d2def03cebbf0ac7b, 69f4e3a419fc1328eacadf89cbbece0497ad8957)

v3.19.1

Features

  • simplify nullish comparison of complex expressions (7a4fb85404f44bbf2e4db5892eb32b698bc53b6e)

Bug Fixes

  • if statement (fac0aa2b8aca8605835e604afe8b39903cc89b75)
  • switch statement (12475763a60ef92fed1cd625bbb0064c347cc84c, fac0aa2b8aca8605835e604afe8b39903cc89b75)

v3.19.0

Features

  • eliminate side-effect-free property access (9c80456634550045b51e921e59deb61e4e1dcab7, 95d3ede664598916e6dced8a5e0f5003efd3c77a, 205a1d1f19cfc128018cfd822c3332e6ee0a831f, 124c4d3fe364c825488528f9d90b68cb3b48178d)
  • improve hoist_vars efficiency (ce8ef52e2bcad2747b803faad68ab9c78cadf4d9)
  • improve compression around built-in function (8c5a899986e7f66cadd76bfcbd7c017e03508d36)
  • improve deconstruction of singular destructuring assignment (8c5a899986e7f66cadd76bfcbd7c017e03508d36)

Bug Fixes

... (truncated)

Commits

Updates uikit from 3.24.2 to 3.25.19

Release notes

Sourced from uikit's releases.

v3.25.19

Fixed

  • Fix release

v3.25.18

Fixed

  • Fix reactivity in Slider component

v3.25.17

Fixed

  • Fix active state for Filter controls that combine filtering and sorting
  • Fix Ken Burns effect not restarting in Safari in Slideshow component

v3.25.16

Fixed

  • Fix negative numbers sorted incorrectly in Filter component
  • Fix Modal component stealing focus from overlays rendered outside the modal
  • Fix component root class not removed after disconnect

v3.25.15

Fixed

  • Fix issue with build process

v3.25.14

Fixed

  • Fix boundary option in Dropnav component

v3.25.13

Fixed

  • Fix regression in Accordion component

v3.25.12

Fixed

  • Fix accordion causes page to scroll to the top initially in Firefox
  • Fix visible slides set to inert when `active: first` in Slider component

v3.25.11

Changed

  • Clip only left and right box shadows instead of all in Slider component
  • Make url changeable in `beforeSend` in Upload component

... (truncated)

Changelog

Sourced from uikit's changelog.

3.25.19 (June 24, 2026)

Fixed

  • Fix release

3.25.18 (June 24, 2026)

Fixed

  • Fix reactivity in Slider component

3.25.17 (May 28, 2026)

Fixed

  • Fix active state for Filter controls that combine filtering and sorting
  • Fix Ken Burns effect not restarting in Safari in Slideshow component

3.25.16 (April 21, 2026)

Fixed

  • Fix negative numbers sorted incorrectly in Filter component
  • Fix Modal component stealing focus from overlays rendered outside the modal
  • Fix component root class not removed after disconnect

3.25.15 (April 9, 2026)

Fixed

  • Fix issue with build process

3.25.14 (March 27, 2026)

Fixed

  • Fix boundary option in Dropnav component

3.25.13 (February 23, 2026)

Fixed

  • Fix regression in Accordion component

3.25.12 (February 19, 2026)

Fixed

  • Fix accordion causes page to scroll to the top initially in Firefox

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uikit since your current version.


Updates vue-template-compiler from 2.5.21 to 2.7.16

Release notes

Sourced from vue-template-compiler's releases.

v2.7.16 "Swan Song"

This is the final release for Vue 2.

Vue 2 will reach End of Life on December 31st, 2023. For more details, please read this blog post.

Please refer to CHANGELOG.md for details.

v2.7.16-beta.2

Please refer to CHANGELOG.md for details.

v2.7.16-beta.1

Please refer to CHANGELOG.md for details.

v2.7.15

Please refer to CHANGELOG.md for details.

v2.7.14

Please refer to CHANGELOG.md for details.

v2.7.13

Please refer to CHANGELOG.md for details.

v2.7.12

Please refer to CHANGELOG.md for details.

v2.7.11

Please refer to CHANGELOG.md for details.

v2.7.10

Please refer to CHANGELOG.md for details.

v2.7.9

Please refer to CHANGELOG.md for details.

v2.7.8

Please refer to CHANGELOG.md for details.

v2.7.7

Please refer to CHANGELOG.md for details.

v2.7.6

Please refer to CHANGELOG.md for details.

v2.7.5

Please refer to CHANGELOG.md for details.

v2.7.4

Please refer to CHANGELOG.md for details.

v2.7.3

... (truncated)

Changelog

Sourced from vue-template-compiler's changelog.

2.7.16 Swan Song (2023-12-24)

Bug Fixes

  • lifecycle: ensure component effect scopes are disconnected (56ce7f8), closes #13134

2.7.16-beta.2 (2023-12-14)

Bug Fixes

2.7.16-beta.1 (2023-12-08)

Bug Fixes

2.7.15 (2023-10-23)

Bug Fixes

  • compiler-sfc: add semicolon after defineProps statement (#12879) (51fef2c)
  • compiler-sfc: fix macro usage in multi-variable declaration (#12873) (d27c128)
  • compiler-sfc: Optimize the value of emitIdentifier (#12851) (bb59751)
  • compiler-sfc: Resolve object expression parsing errors in v-on (#12862) (b8c8b3f)
  • lifecycle: scope might changed when call hook (#13070) (74ca5a1)

... (truncated)

Commits
    Description has been truncated

… updates

Bumps the minor-and-patch group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.16.0` | `1.18.1` |
| [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) | `3.48.0` | `3.49.0` |
| [less](https://github.com/less/less.js) | `4.5.1` | `4.6.7` |
| [sass](https://github.com/sass/dart-sass) | `1.97.3` | `1.101.0` |
| [pug](https://github.com/pugjs/pug) | `3.0.3` | `3.0.4` |
| [uglify-js](https://github.com/mishoo/UglifyJS) | `3.17.4` | `3.19.3` |
| [uikit](https://github.com/uikit/uikit) | `3.24.2` | `3.25.19` |
| [vue-template-compiler](https://github.com/vuejs/vue) | `2.5.21` | `2.7.16` |
| [webpack](https://github.com/webpack/webpack) | `5.105.2` | `5.107.2` |



Updates `axios` from 1.16.0 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.16.0...v1.18.1)

Updates `core-js` from 3.48.0 to 3.49.0
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/commits/v3.49.0/packages/core-js)

Updates `less` from 4.5.1 to 4.6.7
- [Release notes](https://github.com/less/less.js/releases)
- [Changelog](https://github.com/less/less.js/blob/master/CHANGELOG.md)
- [Commits](less/less.js@v4.5.1...v4.6.7)

Updates `sass` from 1.97.3 to 1.101.0
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.97.3...1.101.0)

Updates `pug` from 3.0.3 to 3.0.4
- [Release notes](https://github.com/pugjs/pug/releases)
- [Commits](https://github.com/pugjs/pug/compare/pug@3.0.3...pug@3.0.4)

Updates `uglify-js` from 3.17.4 to 3.19.3
- [Release notes](https://github.com/mishoo/UglifyJS/releases)
- [Commits](mishoo/UglifyJS@v3.17.4...v3.19.3)

Updates `uikit` from 3.24.2 to 3.25.19
- [Release notes](https://github.com/uikit/uikit/releases)
- [Changelog](https://github.com/uikit/uikit/blob/develop/CHANGELOG.md)
- [Commits](uikit/uikit@v3.24.2...v3.25.19)

Updates `vue-template-compiler` from 2.5.21 to 2.7.16
- [Release notes](https://github.com/vuejs/vue/releases)
- [Changelog](https://github.com/vuejs/vue/blob/main/CHANGELOG.md)
- [Commits](vuejs/vue@v2.5.21...v2.7.16)

Updates `webpack` from 5.105.2 to 5.107.2
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.105.2...v5.107.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: core-js
  dependency-version: 3.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: less
  dependency-version: 4.6.7
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: sass
  dependency-version: 1.101.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: pug
  dependency-version: 3.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: uglify-js
  dependency-version: 3.19.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: uikit
  dependency-version: 3.25.19
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: vue-template-compiler
  dependency-version: 2.7.16
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: webpack
  dependency-version: 5.107.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies javascript Pull requests that update Javascript code labels Jun 25, 2026
@phil-davis

Copy link
Copy Markdown
Contributor

https://github.com/owncloud/market/actions/runs/28148026431/job/83359279478?pr=1442

Error: 

Vue packages version mismatch:

- vue@2.5.21 (/home/runner/work/market/market/node_modules/vue/dist/vue.runtime.common.js)
- vue-template-compiler@2.7.16 (/home/runner/work/market/market/node_modules/vue-template-compiler/package.json)

This may cause things to work incorrectly. Make sure to use the same version for both.

It looks like dependabot needs to also update vue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant