Skip to content

Bump several npm packages and PJWT to patch dependencies#851

Merged
chrismaddalena merged 3 commits intomasterfrom
dependabot/npm_and_yarn/javascript/npm_and_yarn-96cd910b5b
Apr 13, 2026
Merged

Bump several npm packages and PJWT to patch dependencies#851
chrismaddalena merged 3 commits intomasterfrom
dependabot/npm_and_yarn/javascript/npm_and_yarn-96cd910b5b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 27, 2026
edited by chrismaddalena
Loading

This PR updates npm packages happy-dom to ^20.8.9, vite to ^7.3.2, graphql-codegen/cli to ^v6.0.0, and graphql-codegen/client-preset to ^v5.0.0. These updates also update the following dependencies:

  • minimatch
  • lodash
  • rollup
  • immutable
  • picomatch

This addresses several security vulnerabilities in some of the older versions of these dependencies.

We also bump PyJWT for the same reason.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 27, 2026
@dependabot
Bump the npm_and_yarn group across 1 directory with 2 updates
40bbf6b 
Bumps the npm_and_yarn group with 2 updates in the /javascript directory: [happy-dom](https://github.com/capricorn86/happy-dom) and [picomatch](https://github.com/micromatch/picomatch).


Updates `happy-dom` from 20.0.8 to 20.8.9
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v20.0.8...v20.8.9)

Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@4.0.3...4.0.4)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@4.0.3...4.0.4)

---
updated-dependencies:
- dependency-name: happy-dom
  dependency-version: 20.8.9
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/javascript/npm_and_yarn-96cd910b5b branch from 192d710 to 40bbf6b Compare April 10, 2026 15:56
@chrismaddalena chrismaddalena requested a review from Copilot April 13, 2026 00:54
Copilot AI reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates JavaScript dependencies to pick up recent fixes (including security advisories) in the /javascript workspace.

Changes:

  • Bump happy-dom from ^20.0.8 to ^20.8.9.
  • Update picomatch transitive resolutions in package-lock.json (including 4.0.3 → 4.0.4 and 2.3.1 → 2.3.2).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
javascript/package.json Updates the declared happy-dom dependency range.
javascript/package-lock.json Refreshes lockfile to reflect updated happy-dom and patched picomatch versions.
Files not reviewed (1)
  • javascript/package-lock.json: Language not supported

@codecov
Copy link
Copy Markdown

codecov bot commented Apr 13, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.22%. Comparing base (b719513) to head (9a6cb39).
⚠️ Report is 4 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #851      +/-   ##
==========================================
- Coverage   92.22%   92.22%   -0.01%     
==========================================
  Files         384      384              
  Lines       23896    23896              
==========================================
- Hits        22038    22037       -1     
- Misses       1858     1859       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@chrismaddalena chrismaddalena requested a review from Copilot April 13, 2026 19:08
Copilot AI reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

Comment thread javascript/package.json
Comment thread requirements/base.txt
@chrismaddalena chrismaddalena changed the title Bump the npm_and_yarn group across 1 directory with 2 updates Bump several npm packages and PJWT to patch dependencies Apr 13, 2026
@chrismaddalena chrismaddalena merged commit 9e18d59 into master Apr 13, 2026
5 checks passed
@chrismaddalena chrismaddalena deleted the dependabot/npm_and_yarn/javascript/npm_and_yarn-96cd910b5b branch April 13, 2026 19:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chrismaddalena