Skip to content

Bump the npm-minor-patch group across 1 directory with 7 updates#152

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/elixir_dss/static/vendor/develop/npm-minor-patch-6fb84fa8c4
Open

Bump the npm-minor-patch group across 1 directory with 7 updates#152
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/elixir_dss/static/vendor/develop/npm-minor-patch-6fb84fa8c4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 10, 2026
edited
Loading

Copy link
Copy Markdown

Bumps the npm-minor-patch group with 7 updates in the /elixir_dss/static/vendor directory:

Package From To
@fontsource/roboto 5.2.8 5.2.10
chart.js 4.5.0 4.5.1
datatables.net 2.3.4 2.3.8
datatables.net-bs5 2.3.4 2.3.8
handlebars 4.7.8 4.7.9
tinymce 8.1.2 8.6.0
sass 1.93.2 1.100.0

Updates @fontsource/roboto from 5.2.8 to 5.2.10

Commits

Updates chart.js from 4.5.0 to 4.5.1

Release notes

Sourced from chart.js's releases.

v4.5.1

Essential Links

Bugs Fixed

  • #12098 Do not notify plugins after their uninstall function has been called
  • #12096 Sync Doughnut chart legend options to legend plugin
  • #12097 Attempt fixing charts shrinking on certain zoom values in Chrome

Types

  • #12122 fix(types): add drawingArea to RadialLinearScale
  • #12120 fix(types): allow null for line chart point values (#12027)
  • #12099 Add data.datasets[].tooltip.callbacks to Typescript types

Development

  • #12132 Bump version to 4.5.1
  • #12118 Bump actions/setup-node from 4 to 5

Thanks to @​LeeLenaleee, @​anshukushwaha07, @​bojidar-bg, @​dependabot[bot] and dependabot[bot]

Commits

Updates datatables.net from 2.3.4 to 2.3.8

Release notes

Sourced from datatables.net's releases.

2.3.8

DataTables 2.3.8

2.3.7

DataTables 2.3.7

Commits
  • 77dd1e1 Sync tag release - 2.3.8
  • f5a2ee7 6e7650e79da74bde9779f59a3cbb24d3384851f4 Release 2.3.8
  • 3411f7b 2b908b9e2c3a8404e86a831b1c7e98d3ca587f56 Fix: If the table holds no data for ...
  • 41348f2 00c4f1a0efba92ea4f012d78665ee1a4c23ee4d8 Fix: Improved timezone support for d...
  • b7499d4 488b52aea869cbb8a06645c1d67146707fd97436 Fix: Don't mix UTC and timezone proc...
  • bae3881 ebb386114c96d890c388b090fbb72ffc2a032134 Fix: Keyboard tabbing will no longer...
  • fa97770 bc937dbb0b17ba8f6c4fa74d829a410e257c3ad5 Dev: use the release feed for cdn ex...
  • a303432 Tweak package description
  • a8e7d5f Merge branch 'master' of github.com:DataTables/Dist-DataTables
  • 70b3138 8283888a3ef13b0f884100947577e21c8d4c852f Fix: Multi-line html elements could ...
  • Additional commits viewable in compare view

Updates datatables.net-bs5 from 2.3.4 to 2.3.8

Release notes

Sourced from datatables.net-bs5's releases.

2.3.8

DataTables Bootstrap5 2.3.8

2.3.7

DataTables Bootstrap5 2.3.7

Commits
  • fb6bb07 Sync tag release - 2.3.8
  • e3ebc98 6e7650e79da74bde9779f59a3cbb24d3384851f4 Release 2.3.8
  • 0edb11b 2b908b9e2c3a8404e86a831b1c7e98d3ca587f56 Fix: If the table holds no data for ...
  • d199076 00c4f1a0efba92ea4f012d78665ee1a4c23ee4d8 Fix: Improved timezone support for d...
  • 61c8633 488b52aea869cbb8a06645c1d67146707fd97436 Fix: Don't mix UTC and timezone proc...
  • 2140cc4 ebb386114c96d890c388b090fbb72ffc2a032134 Fix: Keyboard tabbing will no longer...
  • 5c36c6b bc937dbb0b17ba8f6c4fa74d829a410e257c3ad5 Dev: use the release feed for cdn ex...
  • 50aa45e 8283888a3ef13b0f884100947577e21c8d4c852f Fix: Multi-line html elements could ...
  • c88bf22 707891039fe995c2f107f453361a954f871eb16c Fix: XHTML fix for when scolling is ...
  • a88e1ea bddd58d641410a2caf30f436a052b1b1ec364f63 Fix: Accessabillity - remove the -ta...
  • Additional commits viewable in compare view

Updates handlebars from 4.7.8 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

  • fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
  • fix type "RuntimeOptions" also accepting string partials - eab1d14
  • feat(types): set hash to be a Record<string, any> - de4414d
  • fix non-contiguous program indices - 4512766
  • refactor: rename i to startPartIndex - e497a35
  • security: fix security issues - 68d8df5

Commits

Commits
  • dce542c v4.7.9
  • 8a41389 Update release notes
  • 68d8df5 Fix security issues
  • b2a0831 Fix browser tests
  • 9f98c16 Fix release script
  • 45443b4 Revert "Improve partial indenting performance"
  • 8841a5f Fix CI errors with linting
  • e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
  • e914d60 Improve rendering performance
  • 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
  • Additional commits viewable in compare view

Updates tinymce from 8.1.2 to 8.6.0

Changelog

Sourced from tinymce's changelog.

8.6.0 - 2026-06-03

Security

  • Updated DOMPurify version to 3.4.5. #TINY-14430

8.5.1 - 2026-05-19

Security

  • Fixed media plugin data-mce-object injection leading to stored XSS. #TINY-14357
  • Fixed stored XSS vulnerability through mce:protected comments. #TINY-14353
  • Fixed stored XSS vulnerability through data-mce- prefixed src, href, style attributes. #TINY-14333

8.5.0 - 2026-04-29

Added

  • New content_language option to set the lang attribute on the iframe's html element or the inline editor's target element. #TINY-11214

Improved

  • Improved visual styling of inline diff highlights in Suggested Edits and TinyMCE AI plugin. #TINY-13958

Fixed

  • Script and style elements would incorrectly be removed by DomPurify when considered valid in the schema. #TINY-9655
  • Iframe elements with children would incorrectly be removed by DomPurify. #TINY-9655
  • Certain combinations of divs inside of lists would cause issues turning off lists. #TINY-14070
  • Certain selections would delete the editor body, causing issues. #TINY-14149
  • URIs with non-Latin1 characters were returning an error. #TINY-13938
  • Alert and confirm dialogs were not announced properly by some screen readers. #TINY-13812

8.4.0 - 2026-03-31

Added

  • New view_show option to display a specified view on initialization. #TINY-11967
  • New errorHandler option for dropzone dialog components. #TINY-13420
  • The noneditable feature can now be disabled with the new allow_noneditable option. #TINY-10121
  • Editor option content_id for uniquely identifying the edited document. #TINY-13379
  • New table_default_header_rows and table_default_header_cols options to set the default header size for new tables #TINY-13391

Improved

  • The file upload feature of link and image dialogs now provide feedback when an unsupported file type is selected. #TINY-13420
  • Directionality buttons now only appear active when directionality is set on the selected block. #TINY-13337
  • Directionality buttons now always toggle the directionality attribute on selected blocks. #TINY-13337

Changed

  • The border-color style with multiple rgb colors would be compressed into border incorrectly #TINY-13393
  • Element Path now uses the ARIA-role "group" with an aria-label #TINY-13338

Fixed

  • Now link dialog allows uploading empty files. #TINY-13421
  • The link dialog now allows uploading empty files. #TINY-13421
  • Bundled content CSS is now loaded into preview iframes. #TINY-13190

... (truncated)

Commits
  • 855e368 TINY-14412: Stabilise changelog for 8.6 release
  • 15fb98d TINY-14412: Update version for 8.6.0 release
  • 9cd93d9 TINY-14430: Updated dompurify to 3.4.5 (#11120)
  • cdeb5c1 TINY-14224: Bump version for next patch release
  • 03573dd TINY-14224: Fix failing test for 8.5.1 patch release
  • e0d0804 TINY-14224: Lint fix for 8.5.1 patch release
  • c46e8ee TINY-14224: Add changelog for 8.5.1 patch release
  • 8da3e85 TINY-14357: Fixed data-mce-object injection (#18)
  • 3507b58 TINY-14353: Fixed stored XSS vulnerability through mce:protected comments (...
  • 19f56a7 TINY-14333: Fixed stored XSS vulnerability through data-mce- prefixed src...
  • Additional commits viewable in compare view

Updates sass from 1.93.2 to 1.100.0

Release notes

Sourced from sass's releases.

Dart Sass 1.100.0

To install Sass 1.100.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Writing two compound selectors adjacent to one another without any whitespace between them, such as [class]a, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.

    See the Sass website for details.

See the full changelog for changes in earlier releases.

Dart Sass 1.99.0

To install Sass 1.99.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

  • User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

  • User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

  • User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

    See the Sass website for details.

  • In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

    See the Sass website for details.

  • Calls to functions whose names begin with - and end with -progid:... are deprecated.

    See the Sass website for details.

See the full changelog for changes in earlier releases.

Dart Sass 1.98.0

To install Sass 1.98.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

... (truncated)

Changelog

Sourced from sass's changelog.

1.100.0

  • Writing two compound selectors adjacent to one another without any whitespace between them, such as [class]a, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.

    See the Sass website for details.

1.99.0

  • Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

  • User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

  • User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

  • User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

    See the Sass website for details.

  • In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

    See the Sass website for details.

  • Calls to functions whose names begin with - and end with -progid:... are deprecated.

    See the Sass website for details.

1.98.0

Command-Line Interface

  • Gracefully handle dependency loops in --watch mode.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for sass since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 10, 2026
@dependabot dependabot Bot changed the title Bump the npm-minor-patch group in /elixir_dss/static/vendor with 7 updates Bump the npm-minor-patch group across 1 directory with 7 updates Apr 10, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/elixir_dss/static/vendor/develop/npm-minor-patch-6fb84fa8c4 branch 2 times, most recently from 9e89641 to b3757b6 Compare April 17, 2026 08:16
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/elixir_dss/static/vendor/develop/npm-minor-patch-6fb84fa8c4 branch from b3757b6 to 5a43ee9 Compare May 1, 2026 09:15
@dependabot
Bump the npm-minor-patch group across 1 directory with 7 updates
d5854f9 
Bumps the npm-minor-patch group with 7 updates in the /elixir_dss/static/vendor directory:

| Package | From | To |
| --- | --- | --- |
| [@fontsource/roboto](https://github.com/fontsource/font-files/tree/HEAD/fonts/google/roboto) | `5.2.8` | `5.2.10` |
| [chart.js](https://github.com/chartjs/Chart.js) | `4.5.0` | `4.5.1` |
| [datatables.net](https://github.com/DataTables/Dist-DataTables) | `2.3.4` | `2.3.8` |
| [datatables.net-bs5](https://github.com/DataTables/Dist-DataTables-Bootstrap5) | `2.3.4` | `2.3.8` |
| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |
| [tinymce](https://github.com/tinymce/tinymce/tree/HEAD/modules/tinymce) | `8.1.2` | `8.6.0` |
| [sass](https://github.com/sass/dart-sass) | `1.93.2` | `1.100.0` |



Updates `@fontsource/roboto` from 5.2.8 to 5.2.10
- [Changelog](https://github.com/fontsource/font-files/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fontsource/font-files/commits/HEAD/fonts/google/roboto)

Updates `chart.js` from 4.5.0 to 4.5.1
- [Release notes](https://github.com/chartjs/Chart.js/releases)
- [Commits](chartjs/Chart.js@v4.5.0...v4.5.1)

Updates `datatables.net` from 2.3.4 to 2.3.8
- [Release notes](https://github.com/DataTables/Dist-DataTables/releases)
- [Commits](DataTables/Dist-DataTables@2.3.4...2.3.8)

Updates `datatables.net-bs5` from 2.3.4 to 2.3.8
- [Release notes](https://github.com/DataTables/Dist-DataTables-Bootstrap5/releases)
- [Commits](DataTables/Dist-DataTables-Bootstrap5@2.3.4...2.3.8)

Updates `handlebars` from 4.7.8 to 4.7.9
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.7.8...v4.7.9)

Updates `tinymce` from 8.1.2 to 8.6.0
- [Changelog](https://github.com/tinymce/tinymce/blob/main/modules/tinymce/CHANGELOG.md)
- [Commits](https://github.com/tinymce/tinymce/commits/8.6.0/modules/tinymce)

Updates `sass` from 1.93.2 to 1.100.0
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.93.2...1.100.0)

---
updated-dependencies:
- dependency-name: "@fontsource/roboto"
  dependency-version: 5.2.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: chart.js
  dependency-version: 4.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: datatables.net
  dependency-version: 2.3.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: datatables.net-bs5
  dependency-version: 2.3.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: sass
  dependency-version: 1.99.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor-patch
- dependency-name: tinymce
  dependency-version: 8.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/elixir_dss/static/vendor/develop/npm-minor-patch-6fb84fa8c4 branch from 5a43ee9 to d5854f9 Compare June 5, 2026 08:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants