Bump the npm_and_yarn group across 2 directories with 19 updates by dependabot[bot] · Pull Request #3 · gregyjames/linkding

dependabot · 2026-04-21T21:36:47Z

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
@hotwired/turbo	`8.0.6`	`8.0.21`
svelte	`4.2.19`	`5.55.4`
nanoid	`3.3.7`	`3.3.11`
picomatch	`2.3.1`	`2.3.2`
rollup	`4.22.4`	`4.60.2`
serialize-javascript	`6.0.2`	`7.0.5`
svgo	`3.3.2`	`3.3.3`
yaml	`2.5.1`	`2.8.3`

Bumps the npm_and_yarn group with 7 updates in the /docs directory:

Package	From	To
nanoid	`3.3.7`	`3.3.11`
picomatch	`2.3.1`	`2.3.2`
rollup	`4.22.4`	`4.60.2`
astro	`4.16.3`	`6.1.8`
ajv	`8.17.1`	`8.18.0`
lodash	`4.17.21`	`removed`
tar-fs	`2.1.1`	`2.1.4`
tar-fs	`3.0.6`	`3.1.2`

Updates @hotwired/turbo from 8.0.6 to 8.0.21

Release notes

Sourced from @hotwired/turbo's releases.

v8.0.21

What's Changed

Remove SubmitEvent polyfill by @seanpdoyle in hotwired/turbo#909

Remove requestSubmit polyfill by @seanpdoyle in hotwired/turbo#908

Bump multer from 1.4.2 to 2.0.2 by @dependabot[bot] in hotwired/turbo#1451

Add [method] and [scroll] attributes for Refresh Stream by @seanpdoyle in hotwired/turbo#1208

Functional Tests: Replace chai with Playwright Assertions by @seanpdoyle in hotwired/turbo#1454

Fix regression with empty target attribute (#1444) by @yujiteshima in hotwired/turbo#1455

Functional Tests: Rendering - Replace chai with Playwright by @seanpdoyle in hotwired/turbo#1458

Rendering Functional Tests: Replace chai with Playwright by @seanpdoyle in hotwired/turbo#1459

Frame Functional Tests: Replace chai with Playwright by @seanpdoyle in hotwired/turbo#1461

Build: Remove circular dependency by @seanpdoyle in hotwired/turbo#1453

Visit Functional Tests: Replace chai with Playwright by @seanpdoyle in hotwired/turbo#1463

Fix UUID generation to include all hex digits by @kaisersakhi in hotwired/turbo#1425

Fix #577: Send the Turbo-Frame header as referenced by data-turbo-frame attribute on form submission by @inkstak in hotwired/turbo#579

Add support for data-turbo-frame="_parent" in nested frames by @anthonyfranco in hotwired/turbo#1446

Use new format instead of legacy by @loqimean in hotwired/turbo#1016

Remove duplicate siblings when using before/after actions by @tpaulshippy in hotwired/turbo#1290

Update html[dir] attribute during navigation by @alhajrahmoun in hotwired/turbo#1418

Loading Functional Tests: Replace assert with expect by @seanpdoyle in hotwired/turbo#1466

Remove deprecated support for [data-turbo-cache="false"] by @seanpdoyle in hotwired/turbo#1470

Remove deprecated Turbo.clearCache() function by @seanpdoyle in hotwired/turbo#1471

Playwright Root: use expect instead of assert by @seanpdoyle in hotwired/turbo#1467

Simplify same page anchor visits by @domchristie in hotwired/turbo#1285

PrefetchCache: extract and re-use LRUCache from SnapshotCache by @seanpdoyle in hotwired/turbo#1469

Playwright: replace assert with expect by @seanpdoyle in hotwired/turbo#1465

Bump js-yaml from 4.1.0 to 4.1.1 by @dependabot[bot] in hotwired/turbo#1468

Remove chai: Replace all calls with Playwright's expect by @seanpdoyle in hotwired/turbo#1473

Tests: Flaky [autofocus] assertions by @seanpdoyle in hotwired/turbo#1474

Prevent slow turbo frame requests from resetting cookies by @domchristie in hotwired/turbo#1399

Fix noscript style evaluation during navigation (#1464) by @yujiteshima in hotwired/turbo#1475

Mention the correct element "data-turbo-suppress-warning" is expected on by @redross in hotwired/turbo#1424

New Contributors

@yujiteshima made their first contribution in hotwired/turbo#1455

@kaisersakhi made their first contribution in hotwired/turbo#1425

@inkstak made their first contribution in hotwired/turbo#579

@anthonyfranco made their first contribution in hotwired/turbo#1446

@loqimean made their first contribution in hotwired/turbo#1016

@tpaulshippy made their first contribution in hotwired/turbo#1290

@alhajrahmoun made their first contribution in hotwired/turbo#1418

@redross made their first contribution in hotwired/turbo#1424

Full Changelog: hotwired/turbo@v8.0.20...v8.0.21

v8.0.20

What's Changed

Fix: preserve removed turbo-frames with refresh=morph on page refreshes by @jorgemanrubia in hotwired/turbo#1452

... (truncated)

Commits

9f5b6c4 Bump version
d069101 Mention the correct element "data-turbo-suppress-warning" is expected on (#1424)
5eca98f Prevent noscript style evaluation during navigation (#1475)
899df35 Cancel frame requests when the frame is disconnected, disabled, or its src is...
e24e768 Tests: Flaky [autofocus] assertions
cf0c68f Remove chai: Replace all calls with Playwright's expect (#1473)
f34af4c Merge pull request #1468 from hotwired/dependabot/npm_and_yarn/js-yaml-4.1.1
18fe891 Playwright: replace assert with expect (#1465)
b65bf46 Merge pull request #1469 from seanpdoyle/debounced-prefetch
33a11f1 Merge pull request #1285 from domchristie/tidy_same_page_anchor_visits_2
Additional commits viewable in compare view

Updates svelte from 4.2.19 to 5.55.4

Release notes

Sourced from svelte's releases.

svelte@5.55.4

Patch Changes

fix: never mark a child effect root as inert (#18111)

fix: reset context after waiting on blockers of @const expressions (#18100)

fix: keep flushing new eager effects (#18102)

svelte@5.55.3

Patch Changes

fix: ensure proper HMR updates for dynamic components (#18079)

fix: correctly calculate @const blockers (#18039)

fix: freeze deriveds once their containing effects are destroyed (#17921)

fix: defer error boundary rendering in forks (#18076)

fix: avoid false positives for reactivity loss warning (#18088)

svelte@5.55.2

Patch Changes

fix: invalidate @const tags based on visible references in legacy mode (#18041)

fix: handle parens in template expressions more robustly (#18075)

fix: disallow -- in idPrefix (#18038)

fix: correct types for ontoggle on <details> elements (#18063)

fix: don't override $destroy/set/on instance methods in dev mode (#18034)

fix: unskip branches of earlier batches after commit (#18048)

fix: never set derived.v inside fork (#18037)

fix: skip rebase logic in non-async mode (#18040)

fix: don't reset status of uninitialized deriveds (#18054)

svelte@5.55.1

Patch Changes

fix: correctly handle bindings on the server (#18009)

fix: prevent hydration error on async {@html ...} (#17999)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.55.4

Patch Changes

fix: never mark a child effect root as inert (#18111)

fix: reset context after waiting on blockers of @const expressions (#18100)

fix: keep flushing new eager effects (#18102)

5.55.3

Patch Changes

fix: ensure proper HMR updates for dynamic components (#18079)

fix: correctly calculate @const blockers (#18039)

fix: freeze deriveds once their containing effects are destroyed (#17921)

fix: defer error boundary rendering in forks (#18076)

fix: avoid false positives for reactivity loss warning (#18088)

5.55.2

Patch Changes

fix: invalidate @const tags based on visible references in legacy mode (#18041)

fix: handle parens in template expressions more robustly (#18075)

fix: disallow -- in idPrefix (#18038)

fix: correct types for ontoggle on <details> elements (#18063)

fix: don't override $destroy/set/on instance methods in dev mode (#18034)

fix: unskip branches of earlier batches after commit (#18048)

fix: never set derived.v inside fork (#18037)

fix: skip rebase logic in non-async mode (#18040)

fix: don't reset status of uninitialized deriveds (#18054)

5.55.1

Patch Changes

... (truncated)

Commits

7fddfbd Version Packages (#18105)
671fc2e fix: never mark a child effect root as inert (#18111)
0ed8c28 fix: reset context after waiting on blockers of @const expressions (#18100)
273f1a8 fix: keep flushing new eager effects (#18102)
4a50e8e Version Packages (#18085)
15588f5 fix: avoid false positives for reactivity loss warning (#18088)
0e9e76f fix: freeze deriveds once their containing effects are destroyed (#17921)
3937ec0 fix: correctly calculate @const blockers (#18039)
7be1a02 fix: ensure proper HMR updates for dynamic components (#18079)
a4ce776 fix: defer error boundary rendering in forks (#18076)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for svelte since your current version.

Updates nanoid from 3.3.7 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

37289ce Release 3.3.11 version
23690b7 Fix CI
c147962 Fix RN support
a83734e Move to manually ESM/CJS dual package
bb12e8a Release 3.3.10 version
8f44264 Fix Expo support
adf9b0c Release 3.3.9 version
1c6f088 Remove dev file from npm package
3044cd5 Release 3.3.8 version
4fe3495 Update size limit
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Fix bad text values in parse #126, thanks to @connor4312

Changed

Remove process global to work outside of node #129, thanks to @styfle

Add sideEffects to package.json #128, thanks to @frandiox

Removed os, make compatible browser environment. See #124, thanks to @gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

81cba8d Publish 2.3.2
fc1f6b6 Merge commit from fork
eec17ae Merge commit from fork
78f8ca4 Merge pull request #156 from micromatch/backport-144
3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
See full diff in compare view

Updates rollup from 4.22.4 to 4.60.2

Release notes

Sourced from rollup's releases.

v4.60.2

4.60.2

2026-04-18

Bug Fixes

Resolve a variable rendering bug when generating different formats from the same build (#6350)

Pull Requests

#6327: docs: fix various typos in source and documentation (@Abhi3975, @lukastaegert)

#6331: fix(deps): update minor/patch updates (@renovate[bot])

#6332: chore(deps): update codecov/codecov-action action to v6 (@renovate[bot])

#6333: chore(deps): update dependency eslint-plugin-unicorn to v64 (@renovate[bot])

#6334: fix(deps): update rust crate swc_compiler_base to v51 (@renovate[bot])

#6335: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6346: fix(deps): update minor/patch updates (@renovate[bot])

#6347: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6348: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6349: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6350: fix: reset variable render names between outputs in the same generate (@barry3406, @lukastaegert)

#6351: chore(deps): update minor/patch updates (@renovate[bot])

#6352: chore(deps): update cross-platform-actions/action action to v1 (@renovate[bot])

#6353: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6354: chore(deps): lock file maintenance (@renovate[bot])

#6355: chore(deps): lock file maintenance (@renovate[bot])

#6356: chore(deps): lock file maintenance (@renovate[bot])

#6358: chore: remove cross-env from devDeps (@K-tecchan)

v4.60.1

4.60.1

2026-03-30

Bug Fixes

Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

#6286: fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274) (@littlegrayss, @TrickyPi)

#6317: chore(deps): pin dependencies (@renovate[bot], @lukastaegert)

#6318: chore(deps): update msys2/setup-msys2 digest to cafece8 (@renovate[bot], @lukastaegert)

#6319: chore(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6320: chore(deps): pin dependency typescript to v5 (@renovate[bot], @lukastaegert)

#6321: chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (@renovate[bot], @lukastaegert)

#6322: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6323: chore(deps): lock file maintenance (@renovate[bot])

#6324: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.60.2

2026-04-18

Bug Fixes

Resolve a variable rendering bug when generating different formats from the same build (#6350)

Pull Requests

#6327: docs: fix various typos in source and documentation (@Abhi3975, @lukastaegert)

#6331: fix(deps): update minor/patch updates (@renovate[bot])

#6332: chore(deps): update codecov/codecov-action action to v6 (@renovate[bot])

#6333: chore(deps): update dependency eslint-plugin-unicorn to v64 (@renovate[bot])

#6334: fix(deps): update rust crate swc_compiler_base to v51 (@renovate[bot])

#6335: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6346: fix(deps): update minor/patch updates (@renovate[bot])

#6347: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6348: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6349: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6350: fix: reset variable render names between outputs in the same generate (@barry3406, @lukastaegert)

#6351: chore(deps): update minor/patch updates (@renovate[bot])

#6352: chore(deps): update cross-platform-actions/action action to v1 (@renovate[bot])

#6353: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6354: chore(deps): lock file maintenance (@renovate[bot])

#6355: chore(deps): lock file maintenance (@renovate[bot])

#6356: chore(deps): lock file maintenance (@renovate[bot])

#6358: chore: remove cross-env from devDeps (@K-tecchan)

4.60.1

2026-03-30

Bug Fixes

Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

#6286: fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274) (@littlegrayss, @TrickyPi)

#6317: chore(deps): pin dependencies (@renovate[bot], @lukastaegert)

#6318: chore(deps): update msys2/setup-msys2 digest to cafece8 (@renovate[bot], @lukastaegert)

#6319: chore(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6320: chore(deps): pin dependency typescript to v5 (@renovate[bot], @lukastaegert)

#6321: chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (@renovate[bot], @lukastaegert)

#6322: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6323: chore(deps): lock file maintenance (@renovate[bot])

#6324: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

4.60.0

... (truncated)

Commits

a6be82b 4.60.2
5e6fb9f fix: reset variable render names between outputs in the same generate (#6350)
7542834 chore: remove cross-env from devDeps (#6358)
1fa79d0 chore(deps): update cross-platform-actions/action action to v1 (#6352)
819332e chore(deps): update dependency lru-cache to v11 (#6353)
fd464a9 chore(deps): lock file maintenance (#6356)
e6d2ff9 chore(deps): lock file maintenance (#6355)
32e8517 chore(deps): update minor/patch updates (#6351)
1d5bcb4 chore(deps): lock file maintenance (#6354)
f58d278 fix(deps): update swc monorepo (major) (#6348)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for rollup since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates serialize-javascript from 6.0.2 to 7.0.5

Release notes

Sourced from serialize-javascript's releases.

v7.0.5

Fixes

Improve robustness and validation for array-like object serialization.

Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

release: v7.0.4 by @okuryu in yahoo/serialize-javascript#211

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0

build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

ci: bump GitHub Actions to latest versions by @okuryu in yahoo/serialize-javascript#203

ci: setup trusted publishing workflow by @okuryu in yahoo/serialize-javascript#204

release: v7.0.2 by @okuryu in yahoo/serialize-javascript#205

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

Add warning about using this package to send arbitrary data to worker threads by @valadaptive in yahoo/serialize-javascript#200

security: sanitize function bodies by @redonkulus in yahoo/serialize-javascript#199

docs: tweak README by @okuryu in yahoo/serialize-javascript#201

release: v7.0.1 by @okuryu in yahoo/serialize-javascript#202

New Contributors

@redonkulus made their first contribution in yahoo/serialize-javascript#199

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

requires Node.js v20+

What's Changed

Bump mocha from 10.2.0 to 10.4.0 by @dependabot[bot] in yahoo/serialize-javascript#178

... (truncated)

Commits

df3f1c1 release: v7.0.5
f147e90 Merge commit from fork
eec32e0 release: v7.0.4
d505715 7.0.3
2e609d0 fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207)
42b7cdb build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206)
44f544b release: v7.0.2 (#205)
bba0ddd ci: setup trusted publishing workflow (#204)
235f6ea ci: bump GitHub Actions to latest versions (#203)
f7fff15 release: v7.0.1 (#202)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serialize-javascript since your current version.

Updates svgo from 3.3.2 to 3.3.3

Release notes

Sourced from svgo's releases.

v3.3.3

What's Changed

Dependencies

Migrates from our unsupported fork of sax (@trysound/sax) to the upstream version of sax (sax).

Bug Fixes

No longer throws error when encountering comments in DTD.

Metrics

Before and after of the browser bundle of each respective version:

v3.3.2 v3.3.3 Delta

svgo.browser.js 910.9 kB 912.9 kB ⬆️ 2 kB

Support

SVGO v3 is not officially supported, please consider upgrading to SVGO v4 instead. We've backported this fix as there are security implications, but there is no commitment to do this for more complex changes in future.

Consider reading our Migration Guide from v3 to v4 which should ease the process.

Commits

bbab162 deps: upgrade to sax v1.5.0
See full diff in compare view

Updates yaml from 2.5.1 to 2.8.3

Release notes

Sourced from yaml's releases.

v2.8.3

Add trailingComma ToString option for multiline flow formatting (#670)

Catch stack overflow during node composition (1e84ebb)

v2.8.2

Serialize -0 as -0 (#638)

Do not double newlines for empty map values (#642)

v2.8.1

Preserve empty block literals (#634)

v2.8.0

Add node cache for faster alias resolution (#612)

Re-introduce compatibility with Node.js 14.6 (#614)

Add --merge option to CLI tool (#611)

Improve error for tag resolution error on null value (#616)

Allow empty string as plain scalar representation, for failsafe schema (#616)

docs: include cli example (#617)

v2.7.1

Do not allow seq with single-line collection value on same line with map key (#603)

Improve warning & avoid TypeError on bad YAML 1.1 nodes (#610)

v2.7.0

The library is now available on JSR as @eemeli/yaml and on deno.land/x as yaml. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.

Use .ts extension in all relative imports (#591)

Ignore newline after block seq indicator as space before value (#590)

Require Node.js 14.18 or later (was 14.6) (#598)

v2.6.1

Do not strip :00 seconds from !!timestamp values (#578, with thanks to @qraynaud)

Tighten regexp for JSON !!bool (#587, with thanks to @vra5107)

Default to literal block scalar if folded would overflow (#585)

v2.6.0

Use a proper tag for !!merge << keys (#580)

Add stringKeys parse option (#581)

Stringify a Document as a Document (#576)

Add sponsorship by Manifest

Commits

ce14587 2.8.3
1e84ebb fix: Catch stack overflow during node composition
6b24090 ci: Include Prettier check in lint action
9424dee chore: Refresh lockfile
d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
4321509 ci: Drop the branch filter from GitHub PR actions
47207d0 chore: Update docs-slate
5212fae chore: Update docs-slate
086fa6b 2.8.2
95f01e9 chore: Add funding to package.json
Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

37289ce Release 3.3.11 version
23690b7 Fix CI
c147962 Fix RN support
a83734e Move to manually ESM/CJS dual package
bb12e8a Release 3.3.10 version
8f44264 Fix Expo support
adf9b0c Release 3.3.9 version
1c6f088 Remove dev file from npm package
3044cd5 Release 3.3.8 version
4fe3495 Update size limit
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by Description has been truncated

Bumps the npm_and_yarn group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@hotwired/turbo](https://github.com/hotwired/turbo) | `8.0.6` | `8.0.21` | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `4.2.19` | `5.55.4` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [rollup](https://github.com/rollup/rollup) | `4.22.4` | `4.60.2` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `7.0.5` | | [svgo](https://github.com/svg/svgo) | `3.3.2` | `3.3.3` | | [yaml](https://github.com/eemeli/yaml) | `2.5.1` | `2.8.3` | Bumps the npm_and_yarn group with 7 updates in the /docs directory: | Package | From | To | | --- | --- | --- | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [rollup](https://github.com/rollup/rollup) | `4.22.4` | `4.60.2` | | [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `4.16.3` | `6.1.8` | | [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `removed` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `3.0.6` | `3.1.2` | Updates `@hotwired/turbo` from 8.0.6 to 8.0.21 - [Release notes](https://github.com/hotwired/turbo/releases) - [Commits](hotwired/turbo@8.0.6...v8.0.21) Updates `svelte` from 4.2.19 to 5.55.4 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.55.4/packages/svelte) Updates `nanoid` from 3.3.7 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.11) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `rollup` from 4.22.4 to 4.60.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.22.4...v4.60.2) Updates `serialize-javascript` from 6.0.2 to 7.0.5 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.5) Updates `svgo` from 3.3.2 to 3.3.3 - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v3.3.2...v3.3.3) Updates `yaml` from 2.5.1 to 2.8.3 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.5.1...v2.8.3) Updates `nanoid` from 3.3.7 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.11) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `rollup` from 4.22.4 to 4.60.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.22.4...v4.60.2) Updates `astro` from 4.16.3 to 6.1.8 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG-v4.md) - [Commits](https://github.com/withastro/astro/commits/astro@6.1.8/packages/astro) Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `devalue` from 5.1.1 to 5.7.1 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.1.1...v5.7.1) Updates `diff` from 5.2.0 to 8.0.4 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v5.2.0...8.0.4) Updates `esbuild` from 0.21.5 to 0.27.7 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.21.5...v0.27.7) Updates `js-yaml` from 3.14.1 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...4.1.1) Removes `lodash` Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) Updates `tar-fs` from 2.1.1 to 2.1.4 - [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4) Updates `tar-fs` from 3.0.6 to 3.1.2 - [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4) Updates `prismjs` from 1.29.0 to 1.30.0 - [Release notes](https://github.com/PrismJS/prism/releases) - [Changelog](https://github.com/PrismJS/prism/blob/v2/CHANGELOG.md) - [Commits](PrismJS/prism@v1.29.0...v1.30.0) Updates `vite` from 5.4.9 to 7.3.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite) --- updated-dependencies: - dependency-name: "@hotwired/turbo" dependency-version: 8.0.21 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.55.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.60.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 7.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svgo dependency-version: 3.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 2.8.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.60.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: astro dependency-version: 6.1.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: devalue dependency-version: 5.7.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 8.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.27.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 2.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: prismjs dependency-version: 1.30.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.3.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 21, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 2 directories with 19 updates#3

Bump the npm_and_yarn group across 2 directories with 19 updates#3
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-44c7371bb7

dependabot Bot commented on behalf of github Apr 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 21, 2026

v8.0.21

What's Changed

New Contributors

v8.0.20

What's Changed

svelte@5.55.4

Patch Changes

svelte@5.55.3

Patch Changes

svelte@5.55.2

Patch Changes

svelte@5.55.1

Patch Changes

5.55.4

Patch Changes

5.55.3

Patch Changes

5.55.2

Patch Changes

5.55.1

Patch Changes

3.3.11

3.3.10

3.3.9

3.3.11

3.3.10

3.3.9

3.3.8

2.3.2

What's Changed

Release history

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

v4.60.2

4.60.2

Bug Fixes

Pull Requests

v4.60.1

4.60.1

Bug Fixes

Pull Requests

4.60.2

Bug Fixes

Pull Requests

4.60.1

Bug Fixes

Pull Requests

4.60.0

v7.0.5

Fixes

v7.0.4

What's Changed

v7.0.3

v7.0.2

What's Changed

v7.0.1

What's Changed

New Contributors

v7.0.0

Breaking Changes

What's Changed

v3.3.3

What's Changed

Dependencies

Bug Fixes

Metrics

Support

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.1

v2.7.0

v2.6.1

v2.6.0