chore(deps): Bump the npm-minor-and-patch group with 7 updates

[dependabot]

Bumps the npm-minor-and-patch group with 7 updates:

Package	From	To
@tightknitai/block-kitchen	0.6.1-alpha.0	0.8.3
hono	4.12.18	4.12.21
@cloudflare/vite-plugin	1.37.1	1.37.3
@cloudflare/workers-types	4.20260515.1	4.20260521.1
@types/react	19.2.14	19.2.15
vite	8.0.13	8.0.14
wrangler	4.92.0	4.93.1

Updates @tightknitai/block-kitchen from 0.6.1-alpha.0 to 0.8.3

Release notes

Sourced from @​tightknitai/block-kitchen's releases.

block-kitchen: v0.8.3

0.8.3 (2026-05-20)

Features

• task-card: edit details and output rich-text fields in the UI (de41c81)
• task-card: edit details and output rich-text fields in the UI (bbe39ef)

block-kitchen: v0.8.2

0.8.2 (2026-05-20)

Bug Fixes

• ci: publish via npm CLI for Trusted Publisher OIDC (#76) (aab5ec8)
• ci: publish via npx and tag prereleases explicitly (#78) (7475c86)

block-kitchen: v0.8.1

0.8.1 (2026-05-20)

Bug Fixes

• ci: publish on releases_created (manifest mode) (#74) (c29a2ce)

block-kitchen: v0.8.0

0.8.0 (2026-05-19)

⚠ BREAKING CHANGES

• prepare 0.7.0 release with peer-dep migration and consumer polish (#70)
• palette: consolidate variants to mirror Slack's Block Kit Builder (#39)
• rename package to @​tightknitai/block-kitchen (#30)
• palette: consumer-defined palette via palette prop (#26)
• allowedBlockTypes + allowedSurfaces allowlists (#17)

Features

• a11y: enforce axe in Storybook and fix violations (#14) (565b656)
• add theme prop for branding the builder chrome (#29) (957c7cd)
• add standalone TemplatePicker component (#34) (ef63a69)
• allowedBlockTypes + allowedSurfaces allowlists (#17) (a5185ad)
• demo: make templates panel resizable and auto-shrinking (#54) (8e28fe8)
• demo: prepare for public hosting (#45) (a77cf11)
• dnd: show clear landing position while dragging a block (#19) (dd3554b)
• input: show per-element hint in empty Placeholder field (#67) (4ee73ad)
• mobile: make the builder fully responsive (#65) (5bee7cd)
• palette: consolidate variants to mirror Slack's Block Kit Builder (#39) (b3950c5)

... (truncated)

Changelog

Sourced from @​tightknitai/block-kitchen's changelog.

0.8.3 (2026-05-20)

Features

• task-card: edit details and output rich-text fields in the UI (de41c81)
• task-card: edit details and output rich-text fields in the UI (bbe39ef)

0.8.2 (2026-05-20)

Bug Fixes

• ci: publish via npm CLI for Trusted Publisher OIDC (#76) (aab5ec8)
• ci: publish via npx and tag prereleases explicitly (#78) (7475c86)

0.8.1 (2026-05-20)

Bug Fixes

• ci: publish on releases_created (manifest mode) (#74) (c29a2ce)

0.8.0 (2026-05-19)

⚠ BREAKING CHANGES

• prepare 0.7.0 release with peer-dep migration and consumer polish (#70)
• palette: consolidate variants to mirror Slack's Block Kit Builder (#39)
• rename package to @​tightknitai/block-kitchen (#30)
• palette: consumer-defined palette via palette prop (#26)
• allowedBlockTypes + allowedSurfaces allowlists (#17)

Features

• a11y: enforce axe in Storybook and fix violations (#14) (565b656)
• add theme prop for branding the builder chrome (#29) (957c7cd)
• add standalone TemplatePicker component (#34) (ef63a69)
• allowedBlockTypes + allowedSurfaces allowlists (#17) (a5185ad)
• demo: make templates panel resizable and auto-shrinking (#54) (8e28fe8)
• demo: prepare for public hosting (#45) (a77cf11)
• dnd: show clear landing position while dragging a block (#19) (dd3554b)
• input: show per-element hint in empty Placeholder field (#67) (4ee73ad)
• mobile: make the builder fully responsive (#65) (5bee7cd)
• palette: consolidate variants to mirror Slack's Block Kit Builder (#39) (b3950c5)
• palette: consumer-defined palette via palette prop (#26) (07f09c5)
• palette: quick search + collapsible categories (#35) (62e9d00)
• prepare 0.7.0 release with peer-dep migration and consumer polish (#70) (f6c9d7a)
• rename package to @​tightknitai/block-kitchen (#30) (f34bd51)

... (truncated)

Commits

• fe3c2e6 Merge pull request #80 from TightknitAI/release-please--branches--main--compo...
• e66d80e chore(main): release block-kitchen 0.8.3
• de41c81 Merge pull request #79 from TightknitAI/claude/upbeat-swartz-7c8e0c
• 2f94f2d docs(task-card): match field help text to Slack's task_card block docs
• c00b88f style(task-card): apply biome formatter to the new Button block
• bbe39ef feat(task-card): edit details and output rich-text fields in the UI
• 85903a3 chore(main): release block-kitchen 0.8.2 (#77)
• 7475c86 fix(ci): publish via npx and tag prereleases explicitly (#78)
• aab5ec8 fix(ci): publish via npm CLI for Trusted Publisher OIDC (#76)
• a50ae03 chore(main): release block-kitchen 0.8.1 (#75)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tightknitai/block-kitchen since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates hono from 4.12.18 to 4.12.21

Release notes

Sourced from hono's releases.

v4.12.21

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

Affects: hono/ip-restriction. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5

Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Affects: hono/cookie. Fixes missing validation of sameSite and priority options against injection characters (;, \r, \n), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x

JWT middleware accepts any Authorization scheme, not only Bearer

Affects: hono/jwt, hono/jwk. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474

---

Users who use app.mount(), hono/ip-restriction, hono/cookie, or hono/jwt/hono/jwk are encouraged to upgrade to this version.

v4.12.20

What's Changed

• fix(route): preserve the base path of the mounted route() app by @​usualoma in honojs/hono#4942
• fix(jsx): widen jsx and jsxFn children to Child[] by @​ashunar0 in honojs/hono#4947

New Contributors

• @​ashunar0 made their first contribution in honojs/hono#4947

Full Changelog: honojs/hono@v4.12.19...v4.12.20

v4.12.19

What's Changed

• ci: pin GitHub Actions to SHAs by @​yusukebe in honojs/hono#4932
• fix(serveStatic): make options parameter optional in all adapters by @​mixelburg in honojs/hono#4934
• fix(cookie): return the first cookie when there are multiple cookies with the same name by @​usualoma in honojs/hono#4922
• feat(bearer-auth): make bearerAuth generic for typed context in verifyToken by @​justinnais in honojs/hono#4913
• feat(cache): key cache entries by configured vary headers by @​usualoma in honojs/hono#4915
• feat(request): add bytes() by @​yusukebe in honojs/hono#4921
• fix(stream): upgrade @hono/node-server to v2 and fix abort handling by @​yusukebe in honojs/hono#4940

New Contributors

• @​justinnais made their first contribution in honojs/hono#4913

Full Changelog: honojs/hono@v4.12.18...v4.12.19

Commits

• a83ddb8 4.12.21
• 6cbb025 Merge commit from fork
• c831020 Merge commit from fork
• 905aedb Merge commit from fork
• 5463db2 Merge commit from fork
• c657a39 4.12.20
• eb2d0c2 fix(jsx): widen jsx and jsxFn children to Child[] (#4947)
• dcabbec fix(route): preserve the base path of the mounted route() app (#4942)
• 7e62bcd 4.12.19
• e2f252a fix(stream): upgrade @hono/node-server to v2 and fix abort handling (#4940)
• Additional commits viewable in compare view

Updates @cloudflare/vite-plugin from 1.37.1 to 1.37.3

Release notes

Sourced from @​cloudflare/vite-plugin's releases.

@​cloudflare/vite-plugin@​1.37.3

Patch Changes

• #13978 fa1f61f Thanks @​sassyconsultingllc! - Bump ws from 8.18.0 to 8.20.1 to address GHSA-58qx-3vcg-4xpx

  GHSA-58qx-3vcg-4xpx / CVE-2026-45736 reports an uninitialized-memory disclosure in ws@<8.20.1 when a TypedArray is passed as the reason argument to WebSocket.close(). The fix shipped in ws@8.20.1 on 2026-05-12. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

• #13912 d803737 Thanks @​petebacondarwin! - Fix /cdn-cgi/* host validation incorrectly accepting subdomains of exact configured routes

  Miniflare's /cdn-cgi/* host/origin validator was treating exact configured routes the same as wildcard configured routes, so a request whose Host or Origin hostname was a subdomain of an exact route (e.g. sub.my-custom-site.com for a my-custom-site.com/* route) was incorrectly accepted. Exact configured routes and the configured upstream hostname are now required to match the request hostname exactly. Subdomain matching is only applied to wildcard routes such as *.example.com/*. Localhost hostnames continue to be allowed as before.

  This affects wrangler dev and local development through @cloudflare/vite-plugin, both of which use Miniflare under the hood.

• #13919 c7eab7f Thanks @​petebacondarwin! - Fix the outbound CF-Worker header reflecting the route pattern hostname instead of the parent zone, and falling back to <worker-name>.example.com under vite dev, vitest-pool-workers, and getPlatformProxy

  Two related issues affected the CF-Worker header on outbound subrequests in local development:

  1. Under @cloudflare/vite-plugin, @cloudflare/vitest-pool-workers, and getPlatformProxy, the header fell back to <worker-name>.example.com even when routes were configured, because unstable_getMiniflareWorkerOptions and the equivalent getPlatformProxy worker-options path did not propagate a zone value to Miniflare. This broke local development against services that reject unknown CF-Worker hosts (for example, Apple WeatherKit returns 403 Forbidden).
  2. Across the above paths and wrangler dev --local, when a route used the zone_name field (for example { pattern: "foo.example.com/*", zone_name: "example.com" }), the header was set to the pattern's hostname (foo.example.com) rather than the zone name (example.com). Production sets CF-Worker to the zone name that owns the Worker, so this was inconsistent with deployed behaviour.

  Both bugs are fixed: the new unstable_getMiniflareWorkerOptions / getPlatformProxy path now propagates a zone derived from the first configured route, and all four local-dev paths now prefer a route's explicit zone_name over the pattern hostname when computing that zone. When zone_name isn't set, the existing best-effort behaviour is preserved — for wrangler dev this means dev.host is still honoured as a local override and the pattern hostname is used as a final fallback. Resolving the parent zone for zone_id-only, custom_domain, or plain-string routes would require an API lookup, so locally we still approximate it with the pattern hostname.

  Note: dev.host is intentionally not consulted by the unstable_getMiniflareWorkerOptions / getPlatformProxy paths — the dev config block is specific to wrangler dev.

• Updated dependencies [fa1f61f, 2679e05, 7e40d98, adc9221, 735852d, d803737, c7eab7f, e04e180, 59cd880, 62abf97, e8c2031, e349fe0, da0fa8c, a5c9365]:

  • miniflare@4.20260520.0
  • wrangler@4.93.1

@​cloudflare/vite-plugin@​1.37.2

Patch Changes

• #13098 67a881a Thanks @​raashish1601! - fix: route WebSocket upgrade requests directly to the user worker in dev mode

• Updated dependencies [aac7ca0, b25dc0d, ae047ee, a4f22bc, f78d435, aac7ca0, c5c9e20, ebf4b24, b27eb18, 895baf5, 7bcdf45]:

  • wrangler@4.93.0
  • miniflare@4.20260518.0

Changelog

Sourced from @​cloudflare/vite-plugin's changelog.

1.37.3

Patch Changes

• #13978 fa1f61f Thanks @​sassyconsultingllc! - Bump ws from 8.18.0 to 8.20.1 to address GHSA-58qx-3vcg-4xpx

  GHSA-58qx-3vcg-4xpx / CVE-2026-45736 reports an uninitialized-memory disclosure in ws@<8.20.1 when a TypedArray is passed as the reason argument to WebSocket.close(). The fix shipped in ws@8.20.1 on 2026-05-12. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

• #13912 d803737 Thanks @​petebacondarwin! - Fix /cdn-cgi/* host validation incorrectly accepting subdomains of exact configured routes

  Miniflare's /cdn-cgi/* host/origin validator was treating exact configured routes the same as wildcard configured routes, so a request whose Host or Origin hostname was a subdomain of an exact route (e.g. sub.my-custom-site.com for a my-custom-site.com/* route) was incorrectly accepted. Exact configured routes and the configured upstream hostname are now required to match the request hostname exactly. Subdomain matching is only applied to wildcard routes such as *.example.com/*. Localhost hostnames continue to be allowed as before.

  This affects wrangler dev and local development through @cloudflare/vite-plugin, both of which use Miniflare under the hood.

• #13919 c7eab7f Thanks @​petebacondarwin! - Fix the outbound CF-Worker header reflecting the route pattern hostname instead of the parent zone, and falling back to <worker-name>.example.com under vite dev, vitest-pool-workers, and getPlatformProxy

  Two related issues affected the CF-Worker header on outbound subrequests in local development:

  1. Under @cloudflare/vite-plugin, @cloudflare/vitest-pool-workers, and getPlatformProxy, the header fell back to <worker-name>.example.com even when routes were configured, because unstable_getMiniflareWorkerOptions and the equivalent getPlatformProxy worker-options path did not propagate a zone value to Miniflare. This broke local development against services that reject unknown CF-Worker hosts (for example, Apple WeatherKit returns 403 Forbidden).
  2. Across the above paths and wrangler dev --local, when a route used the zone_name field (for example { pattern: "foo.example.com/*", zone_name: "example.com" }), the header was set to the pattern's hostname (foo.example.com) rather than the zone name (example.com). Production sets CF-Worker to the zone name that owns the Worker, so this was inconsistent with deployed behaviour.

  Both bugs are fixed: the new unstable_getMiniflareWorkerOptions / getPlatformProxy path now propagates a zone derived from the first configured route, and all four local-dev paths now prefer a route's explicit zone_name over the pattern hostname when computing that zone. When zone_name isn't set, the existing best-effort behaviour is preserved — for wrangler dev this means dev.host is still honoured as a local override and the pattern hostname is used as a final fallback. Resolving the parent zone for zone_id-only, custom_domain, or plain-string routes would require an API lookup, so locally we still approximate it with the pattern hostname.

  Note: dev.host is intentionally not consulted by the unstable_getMiniflareWorkerOptions / getPlatformProxy paths — the dev config block is specific to wrangler dev.

• Updated dependencies [fa1f61f, 2679e05, 7e40d98, adc9221, 735852d, d803737, c7eab7f, e04e180, 59cd880, 62abf97, e8c2031, e349fe0, da0fa8c, a5c9365]:

  • miniflare@4.20260520.0
  • wrangler@4.93.1

1.37.2

Patch Changes

• #13098 67a881a Thanks @​raashish1601! - fix: route WebSocket upgrade requests directly to the user worker in dev mode

• Updated dependencies [aac7ca0, b25dc0d, ae047ee, a4f22bc, f78d435, aac7ca0, c5c9e20, ebf4b24, b27eb18, 895baf5, 7bcdf45]:

  • wrangler@4.93.0
  • miniflare@4.20260518.0

Commits

• 5ee65d5 Version Packages (#13969)
• c7eab7f [wrangler] fix: propagate zone from unstable_getMiniflareWorkerOptions so...
• ee8857f Version Packages (#13931)
• 2cb658c [vitest-pool-workers] Preserve wrapped RPC call ordering (#13961)
• 67a881a fix(vite-plugin): preserve worker websocket service bindings in dev (#13098)
• c5c9e20 [wrangler] Surface remote proxy session errors (#11896)
• See full diff in compare view

Updates @cloudflare/workers-types from 4.20260515.1 to 4.20260521.1

Commits

• See full diff in compare view

Updates @types/react from 19.2.14 to 19.2.15

Commits

• See full diff in compare view

Updates vite from 8.0.13 to 8.0.14

Release notes

Sourced from vite's releases.

v8.0.14

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.14 (2026-05-21)

Features

• update rolldown to 1.0.2 (#22484) (96efc88)

Bug Fixes

• deps: update all non-major dependencies (#22471) (98b8163)
• dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
• html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
• optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#22470) (7cb728e)
• remove irrelevant commits from changelog (2c69495)

Code Refactoring

• glob: do not rewrite import path for absolute base (#22310) (0ae2844)

Tests

• css: sass does not use main field (#22449) (ebf39a0)

Commits

• c917f1e release: v8.0.14
• 5d94d1b fix(html): handle trailing slash paths in transformIndexHtml (#22480)
• 98b8163 fix(deps): update all non-major dependencies (#22471)
• 96efc88 feat: update rolldown to 1.0.2 (#22484)
• ebf39a0 test(css): sass does not use main field (#22449)
• 0ae2844 refactor(glob): do not rewrite import path for absolute base (#22310)
• 7cb728e chore(deps): update rolldown-related dependencies (#22470)
• b3132da fix(optimizer): pass oxc jsx options to transformSync in dependency scan ...
• e8e9a34 fix(dev): handle errors when sending messages to vite server (#22450)
• 2c69495 chore: remove irrelevant commits from changelog
• See full diff in compare view

Updates wrangler from 4.92.0 to 4.93.1

Release notes

Sourced from wrangler's releases.

wrangler@4.93.1

Patch Changes

• #13978 fa1f61f Thanks @​sassyconsultingllc! - Bump ws from 8.18.0 to 8.20.1 to address GHSA-58qx-3vcg-4xpx

  GHSA-58qx-3vcg-4xpx / CVE-2026-45736 reports an uninitialized-memory disclosure in ws@<8.20.1 when a TypedArray is passed as the reason argument to WebSocket.close(). The fix shipped in ws@8.20.1 on 2026-05-12. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

• #13977 2679e05 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260518.1	1.20260519.1

• #13984 7e40d98 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260519.1	1.20260520.1

• #13963 adc9221 Thanks @​gabivlj! - Preserve sibling container image tags during local dev cleanup

  Wrangler now keeps other cloudflare-dev image tags from the same dev session when multiple containers share a Dockerfile. Previously, duplicate-image cleanup could remove earlier container tags if Docker BuildKit produced the same image ID for each build.

• #13839 735852d Thanks @​matingathani! - fix: show actionable hint when /memberships returns a bad-credentials error (code 9106)

  Previously, wrangler threw a raw Cloudflare API error ("Missing X-Auth-Key, X-Auth-Email or Authorization headers") with no guidance. Now it emits a UserError explaining that an environment variable such as CLOUDFLARE_API_TOKEN, CLOUDFLARE_API_KEY, or CLOUDFLARE_EMAIL may be set to an invalid value, and suggests running wrangler logout / wrangler login to re-authenticate.

• #13912 d803737 Thanks @​petebacondarwin! - Fix /cdn-cgi/* host validation incorrectly accepting subdomains of exact configured routes

  Miniflare's /cdn-cgi/* host/origin validator was treating exact configured routes the same as wildcard configured routes, so a request whose Host or Origin hostname was a subdomain of an exact route (e.g. sub.my-custom-site.com for a my-custom-site.com/* route) was incorrectly accepted. Exact configured routes and the configured upstream hostname are now required to match the request hostname exactly. Subdomain matching is only applied to wildcard routes such as *.example.com/*. Localhost hostnames continue to be allowed as before.

  This affects wrangler dev and local development through @cloudflare/vite-plugin, both of which use Miniflare under the hood.

• #13919 c7eab7f Thanks @​petebacondarwin! - Fix the outbound CF-Worker header reflecting the route pattern hostname instead of the parent zone, and falling back to <worker-name>.example.com under vite dev, vitest-pool-workers, and getPlatformProxy

  Two related issues affected the CF-Worker header on outbound subrequests in local development:

  1. Under @cloudflare/vite-plugin, @cloudflare/vitest-pool-workers, and getPlatformProxy, the header fell back to <worker-name>.example.com even when routes were configured, because unstable_getMiniflareWorkerOptions and the equivalent getPlatformProxy worker-options path did not propagate a zone value to Miniflare. This broke local development against services that reject unknown CF-Worker hosts (for example, Apple WeatherKit returns 403 Forbidden).
  2. Across the above paths and wrangler dev --local, when a route used the zone_name field (for example { pattern: "foo.example.com/*", zone_name: "example.com" }), the header was set to the pattern's hostname (foo.example.com) rather than the zone name (example.com). Production sets CF-Worker to the zone name that owns the Worker, so this was inconsistent with deployed behaviour.

  Both bugs are fixed: the new unstable_getMiniflareWorkerOptions / getPlatformProxy path now propagates a zone derived from the first configured route, and all four local-dev paths now prefer a route's explicit zone_name over the pattern hostname when computing that zone. When zone_name isn't set, the existing best-effort behaviour is preserved — for wrangler dev this means dev.host is still honoured as a local override and the pattern hostname is used as a final fallback. Resolving the parent zone for zone_id-only, custom_domain, or plain-string routes would require an API lookup, so locally we still approximate it with the pattern hostname.

  Note: dev.host is intentionally not consulted by the unstable_getMiniflareWorkerOptions / getPlatformProxy paths — the dev config block is specific to wrangler dev.

• #13990 e04e180 Thanks @​petebacondarwin! - Improve the log message shown when an asset upload attempt fails and is retried

... (truncated)

Commits

• 5ee65d5 Version Packages (#13969)
• e04e180 [wrangler] Improve asset upload retry log message (#13990)
• a5c9365 [wrangler] Use dedicated secrets-bulk PATCH endpoint for secrets (#13964)
• 7e40d98 build(deps): bump the workerd-and-workers-types group across 1 directory with...
• 9c4569f [wrangler] Pin timeago.js to exact version 4.0.2 (#13982)
• 2679e05 build(deps): bump the workerd-and-workers-types group with 2 updates (#13977)
• da0fa8c [wrangler] Accept creating Artifacts repo status (#13959)
• 1f4455a [wrangler] Fix broken runInTempDir import in unstable-get-miniflare-worker-op...
• e349fe0 Pipelines: R2 Data Catalog sinks enforce minimum write interval of 60 second...
• 62abf97 [wrangler] Read OAuth state from disk lazily so env auth takes priority (#13954)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions