Skip to content

Bump the npm_and_yarn group across 1 directory with 8 updates#952

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/src/website/npm_and_yarn-c61a32f9df
Open

Bump the npm_and_yarn group across 1 directory with 8 updates#952
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/src/website/npm_and_yarn-c61a32f9df

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 20, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 8 updates in the /src/website directory:

Package From To
mongoose 7.8.4 7.8.9
next 15.5.14 15.5.18
@babel/plugin-transform-modules-systemjs 7.27.1 7.29.7
fast-xml-builder 1.1.4 1.2.0
fast-xml-parser 5.5.8 removed
ip-address 10.1.0 10.2.0
js-yaml 4.1.1 4.2.0
tmp 0.2.5 0.2.7

Updates mongoose from 7.8.4 to 7.8.9

Release notes

Sourced from mongoose's releases.

7.8.8 / 2025-12-04

  • fix(bulkWrite): pass overwriteImmutable option to castUpdate fixes #15789 #15782 #15781
  • fix(model): bump version if necessary after successful bulkSave() #15800

7.8.7 / 2025-04-30

7.8.6 / 2025-01-20

  • chore: remove coverage output from bundle

7.8.5 / 2025-01-20

  • chore: re-release to force npm audit to pick up 6.x fix for CVE-2025-23061
Changelog

Sourced from mongoose's changelog.

7.8.9 / 2026-02-04

  • fix: handle other top-level query operators in sanitizeFilter

8.22.0 / 2026-01-27

  • feat(model): allow passing strict option to hydrate() #15944 #15940

8.21.1 / 2026-01-23

  • fix(clone): fix parent doc for map subdocuments and array subdocuments #15958 AbdelrahmanHafez
  • fix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc #15904 #15901
  • fix: respect currentTime schema option in bulkWrite updates #15976 sderrow
  • types(models): support Mongoose query casting in AnyBulkWriteOperation filter property #15910
  • types: add toBSON() to documents #15927

9.1.5 / 2026-01-20

9.1.4 / 2026-01-15

9.1.3 / 2026-01-09

  • fix(model): support timestamps option to insertMany() as both boolean and QueryTimestampsConfig #15941 #15938
  • fix(query): include preview of current and incoming update in error when merging normal update with pipeline #15939 #15928
  • types(model): apply basic type casting to paths underneath subdocuments #15948 #15947
  • types(utility): make WithLevel1NestedPaths correctly handle PopulatedDoc and other TypeScript unions with Document members #15942 #15923
  • docs(schema): expose "DocumentArrayElement" #15590 hasezoey

9.1.2 / 2026-01-05

9.1.1 / 2025-12-30

  • fix(document): avoid 'Cannot mix array and object updates' on doc.updateOne() with pipeline #15928
  • docs: update default search version to 9.x #15926 #15925

9.1.0 / 2025-12-29

... (truncated)

Commits

Updates next from 15.5.14 to 15.5.18

Release notes

Sourced from next's releases.

v15.5.18

This release contains security fixes for the following advisories:

High:

Moderate:

Low:

v15.5.16

This release contains security fixes for the following advisories:

High:

Moderate:

Low:

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

Commits
  • 9ff92ce v15.5.18
  • 00ebe23 [backport] Disable build caches for production/staging/force-preview deploys ...
  • 62c97ab v15.5.17
  • 423623a Turbopack: Match proxy matchers with webpack implementation (#93594)
  • fa78739 Turbopack: Fix middleware matcher suffix (#93590)
  • 36e62c6 [backport] Turbopack: more strict vergen setup (#93588)
  • 36589b5 [backport][test] Pin package manager to patch versions (#93596)
  • ad6fd4e v15.5.16
  • 79d7dff Ignore malformed CSP nonce headers (#103)
  • c4f6908 router-server: guard upgrade proxy against absolute-url SSRF (#77) (#102)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.


Updates @babel/plugin-transform-modules-systemjs from 7.27.1 to 7.29.7

Release notes

Sourced from @​babel/plugin-transform-modules-systemjs's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

Committers: 3

v7.29.5 (2026-05-05)

🏠 Internal

  • babel-preset-env
    • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

  • babel-plugin-transform-modules-systemjs
    • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

  • babel-parser

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/plugin-transform-modules-systemjs since your current version.


Updates fast-xml-builder from 1.1.4 to 1.2.0

Changelog

Sourced from fast-xml-builder's changelog.

1.2.0 (2026-05-08)

  • Add support for sanitizeName option
  • Support xml-naming for validating and sanitizing tag and attribute names

1.1.9 (2026-05-06)

  • fix: format output for preserve order when indent by is set to empty string

1.1.8 (2026-05-05)

  • fix: skip text property for PI tags
  • improve typings

1.1.7 (2026--05-04)

  • fix security issues when attribute value contains quotes

1.1.6 (2026--05-04)

  • fix security issues related to comment
  • skip comment with null value

1.1.5 (2026-04-17)

  • fix security issues related to comment and cdata

1.1.4 (2026-03-16)

  • support maxNestedTags option

1.1.3 (2026-03-13)

  • declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher

1.1.2 (2026-03-11)

  • fix typings

1.1.1 (2026-03-11)

  • upgrade path-expression-matcher to 1.1.3

1.1.0 (2026-03-10)

Commits

Removes fast-xml-parser

Updates ip-address from 10.1.0 to 10.2.0

Commits
  • 80fccaa 10.2.0
  • abaeb4d Type Address4.addressMinusSuffix as non-nilable (closes #143)
  • 2878c29 Preserve subnet prefix through Address6.to4() (closes #123) (#203)
  • 586666e Reject trailing junk in Address6.fromURL (closes #158) (#202)
  • 80bc76e Validate static factories instead of silently overflowing (#201)
  • 98927be Clarify isValid() accepts CIDRs with host bits set (#81)
  • a0eb073 Fix getScope() and broaden getType() classification (closes #122) (#200)
  • ec52105 Add networkForm() for CIDR network-address strings (#199)
  • a9443a7 Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes #62) (#198)
  • f01d742 Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...
  • Additional commits viewable in compare view

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates tmp from 0.2.5 to 0.2.7

Commits

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 20, 2026
@dependabot dependabot Bot requested a review from minjunminji as a code owner June 20, 2026 03:26
@dependabot dependabot Bot added javascript Pull requests that update Javascript code dependencies Pull requests that update a dependency file labels Jun 20, 2026
@FireBoyAJ24 FireBoyAJ24 self-requested a review June 20, 2026 03:40
Bumps the npm_and_yarn group with 8 updates in the /src/website directory:

| Package | From | To |
| --- | --- | --- |
| [mongoose](https://github.com/Automattic/mongoose) | `7.8.4` | `7.8.9` |
| [next](https://github.com/vercel/next.js) | `15.5.14` | `15.5.18` |
| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.27.1` | `7.29.7` |
| [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) | `1.1.4` | `1.2.0` |
| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.5.8` | `removed` |
| [ip-address](https://github.com/beaugunderson/ip-address) | `10.1.0` | `10.2.0` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` |
| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |



Updates `mongoose` from 7.8.4 to 7.8.9
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Automattic/mongoose/commits)

Updates `next` from 15.5.14 to 15.5.18
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.14...v15.5.18)

Updates `@babel/plugin-transform-modules-systemjs` from 7.27.1 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs)

Updates `fast-xml-builder` from 1.1.4 to 1.2.0
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-builder@v1.1.4...v1.2.0)

Removes `fast-xml-parser`

Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](beaugunderson/ip-address@v10.1.0...v10.2.0)

Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.2.0)

Updates `tmp` from 0.2.5 to 0.2.7
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.5...v0.2.7)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.7
  dependency-type: indirect
- dependency-name: fast-xml-builder
  dependency-version: 1.2.0
  dependency-type: indirect
- dependency-name: fast-xml-parser
  dependency-version: 5.7.3
  dependency-type: indirect
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: indirect
- dependency-name: mongoose
  dependency-version: 7.8.9
  dependency-type: direct:production
- dependency-name: next
  dependency-version: 15.5.18
  dependency-type: direct:production
- dependency-name: tmp
  dependency-version: 0.2.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/src/website/npm_and_yarn-c61a32f9df branch from b8324c2 to 63aa6c4 Compare June 24, 2026 07:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants