chore(deps): bump the npm_and_yarn group across 5 directories with 21 updates by dependabot[bot] · Pull Request #3 · kriptoburak/claude-code-plugins-plus-skills

dependabot · 2026-06-01T18:12:45Z

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
vitest	`2.1.9`	`4.1.0`
@modelcontextprotocol/sdk	`1.25.2`	`1.26.0`
yaml	`2.8.2`	`2.8.3`
simple-git	`3.30.0`	`3.36.0`
astro	`5.16.9`	`6.1.10`
axios	`1.13.2`	`1.16.0`
ws	`8.18.3`	`8.20.1`
postcss	`8.5.6`	`8.5.10`
vite	`6.4.1`	`6.4.2`

Bumps the npm_and_yarn group with 1 update in the /marketplace directory: astro.
Bumps the npm_and_yarn group with 1 update in the /packages/cli directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /plugins/mcp/pr-to-spec/site directory: astro.
Bumps the npm_and_yarn group with 1 update in the /tests/e2e directory: vitest.

Updates vitest from 2.1.9 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

🚀 Features

Return a disposable from doMock() - by @kirkwaiblinger in vitest-dev/vitest#9332 (e3e65)

Added chai style assertions - by @ronnakamoto and @sheremet-va in vitest-dev/vitest#8842 (841df)

Update to sinon/fake-timers v15 and add setTickMode to timer controls - by @atscott and @sheremet-va in vitest-dev/vitest#8726 (4b480)

Expose matcher types - by @sheremet-va in vitest-dev/vitest#9448 (3e4b9)

Add toTestSpecification to reported tasks - by @sheremet-va in vitest-dev/vitest#9464 (1a470)

Show a warning if vi.mock or vi.hoisted are declared outside of top level of the module - by @sheremet-va in vitest-dev/vitest#9387 (5db54)

Track and display expectedly failed tests (.fails) in UI and CLI - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#9476 (77d75)

Support tags - by @sheremet-va in vitest-dev/vitest#9478 (de7c8)

Implement aroundEach and aroundAll hooks - by @sheremet-va in vitest-dev/vitest#9450 (2a8cb)

Stabilize experimental features - by @sheremet-va in vitest-dev/vitest#9529 (b5fd2)

Accept new or all in --update flag - by @sheremet-va in vitest-dev/vitest#9543 (a5acf)

Support meta in test options - by @sheremet-va in vitest-dev/vitest#9535 (7d622)

Support type inference with a new test.extend syntax - by @sheremet-va in vitest-dev/vitest#9550 (e5385)

Support vite 8 beta, fix type issues in the config with different vite versions - by @sheremet-va in vitest-dev/vitest#9587 (99028)

Add assertion helper to hide internal stack traces - by @hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9594 (eeb0a)

Store failure screenshots using artifacts API - by @macarie in vitest-dev/vitest#9588 (24603)

Allow vitest list to statically collect tests instead of running files to collect them - by @sheremet-va in vitest-dev/vitest#9630 (7a8e7)

Add --detect-async-leaks - by @AriPerkkio in vitest-dev/vitest#9528 (c594d)

Implement mockThrow and mockThrowOnce - by @thor-juhasz and @sheremet-va in vitest-dev/vitest#9512 (61917)

Support update: "none" and add docs about snapshots behavior on CI - by @hi-ogawa in vitest-dev/vitest#9700 (05f18)

Support playwright launchOptions with connectOptions - by @hi-ogawa in vitest-dev/vitest#9702 (f0ff1)

Add page/locator.mark API to enhance playwright trace - by @hi-ogawa in vitest-dev/vitest#9652 (d0ee5)

api:

Support tests starting or ending with test in experimental_parseSpecification - by @jgillick and Jeremy Gillick in vitest-dev/vitest#9235 (2f367)

Add filters to createSpecification - by @sheremet-va in vitest-dev/vitest#9336 (c8e6c)

Expose runTestFiles as alternative to runTestSpecifications - by @sheremet-va in vitest-dev/vitest#9443 (43d76)

Add allowWrite and allowExec options to api - by @sheremet-va in vitest-dev/vitest#9350 (20e00)

Allow passing down test cases to toTestSpecification - by @sheremet-va in vitest-dev/vitest#9627 (6f17d)

browser:

Add userEvent.wheel API - by @macarie in vitest-dev/vitest#9188 (66080)

Add filterNode option to prettyDOM for filtering browser assertion error output - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#9475 (d3220)

Support playwright persistent context - by @hi-ogawa, Claude Opus 4.6 and @sheremet-va in vitest-dev/vitest#9229 (f865d)

Added detailsPanelPosition option and button - by @shairez in vitest-dev/vitest#9525 (c8a31)

Use BlazeDiff instead of pixelmatch - by @macarie in vitest-dev/vitest#9514 (30936)

Add findElement and enable strict mode in webdriverio and preview - by @sheremet-va in vitest-dev/vitest#9677 (c3f37)

cli:

Add @bomb.sh/tab completions - by @AmirSa12 and @sheremet-va in vitest-dev/vitest#8639 (200f3)

coverage:

Support ignore start/stop ignore hints - by @AriPerkkio in vitest-dev/vitest#9204 (e59c9)

Add coverage.changed option to report only changed files - by @kykim00 and @AriPerkkio in vitest-dev/vitest#9521 (1d939)

experimental:

Add onModuleRunner hook to worker.init - by @sheremet-va in vitest-dev/vitest#9286 (e977f)

Option to disable the module runner - by @sheremet-va and @AriPerkkio in vitest-dev/vitest#9210 (9be61)

... (truncated)

Commits

4150b91 chore: release v4.1.0
1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
eab68ba chore(deps): update all non-major dependencies (#9824)
031f02a fix: allow catch/finally for async assertion (#9827)
3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
0c2c013 chore: release v4.1.0-beta.6
8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
689a22a fix(browser): types of getCDPSession and cdp() (#9716)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.

Updates @modelcontextprotocol/sdk from 1.25.2 to 1.26.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcarleton in modelcontextprotocol/typescript-sdk#1412

fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @samuv in modelcontextprotocol/typescript-sdk#1382

Fix #1430: Client Credentials providers scopes support (backported) by @NSeydoux in modelcontextprotocol/typescript-sdk#1442

chore: bump version to 1.26.0 by @pcarleton in modelcontextprotocol/typescript-sdk#1479

New Contributors

@samuv made their first contribution in modelcontextprotocol/typescript-sdk#1382

@NSeydoux made their first contribution in modelcontextprotocol/typescript-sdk#1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

Commits

fe9c07b chore: bump version to 1.26.0 (#1479)
4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
a05be17 Merge commit from fork
50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
6aba065 chore: bump v1.25.3 for backport fixes (#1412)
6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
See full diff in compare view

Updates yaml from 2.8.2 to 2.8.3

Release notes

Sourced from yaml's releases.

v2.8.3

Add trailingComma ToString option for multiline flow formatting (#670)

Catch stack overflow during node composition (1e84ebb)

Commits

ce14587 2.8.3
1e84ebb fix: Catch stack overflow during node composition
6b24090 ci: Include Prettier check in lint action
9424dee chore: Refresh lockfile
d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
4321509 ci: Drop the branch filter from GitHub PR actions
47207d0 chore: Update docs-slate
5212fae chore: Update docs-slate
See full diff in compare view

Updates simple-git from 3.30.0 to 3.36.0

Release notes

Sourced from simple-git's releases.

simple-git@3.36.0

Minor Changes

89a2294: Extend known exploitable configuration keys and per-task environment variables.

Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

Thanks to @zebbern for identifying the need to block core.fsmonitor. Thanks to @kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

1ad57e8: Remove conflicting node:buffer import

Updated dependencies [89a2294]

Updated dependencies [675570a]

@simple-git/argv-parser@1.1.0

@simple-git/args-pathspec@1.0.3

simple-git@3.35.2

Patch Changes

0cf9d8c: Improvements for mono-repo publishing pipeline

Updated dependencies [0cf9d8c]

@simple-git/args-pathspec@1.0.2

@simple-git/argv-parser@1.0.3

simple-git@3.35.1

Patch Changes

0de400e: Update monorepo version handling during publish

Updated dependencies [0de400e]

@simple-git/argv-parser@1.0.2

simple-git@3.33.0

Minor Changes

a263635: Use pathspec wrappers for remote and local paths when running either git.clone or git.mirror to avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.

Patch Changes

e253a0d: Enhanced git -c checks in unsafe plugin.

Thanks to @JohannesLks for identifying the issue

simple-git@3.32.3

Patch Changes

f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

... (truncated)

Changelog

Sourced from simple-git's changelog.

3.36.0

Minor Changes

89a2294: Extend known exploitable configuration keys and per-task environment variables.

Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

Thanks to @zebbern for identifying the need to block core.fsmonitor. Thanks to @kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

1ad57e8: Remove conflicting node:buffer import

Updated dependencies [89a2294]

Updated dependencies [675570a]

@simple-git/argv-parser@1.1.0

@simple-git/args-pathspec@1.0.3

3.35.2

Patch Changes

0cf9d8c: Improvements for mono-repo publishing pipeline

Updated dependencies [0cf9d8c]

@simple-git/args-pathspec@1.0.2

@simple-git/argv-parser@1.0.3

3.35.1

Patch Changes

0de400e: Update monorepo version handling during publish

Updated dependencies [0de400e]

@simple-git/argv-parser@1.0.2

3.35.0

Minor Changes

3d8708b: Updating publish config

Patch Changes

Updated dependencies [3d8708b]

@simple-git/args-pathspec@1.0.1

@simple-git/argv-parser@1.0.1

3.34.0

... (truncated)

Commits

7dc1a53 Version Packages
76f5376 Merge pull request #1061 from Vinzent03/fix/buffer-import
89a2294 Environment Parsing (#1156)
1b91b76 fix: remove explicit node:buffer import
e390685 Version Packages
3c9e4b8 Pin version of @simple-git/args-pathspec
94ee21f Export pathspec types through simple-git for backward compatibility
6d7cb51 Version Packages
0de400e Switch to semver from workspace revisions
2264722 Version Packages
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for simple-git since your current version.

Updates astro from 5.16.9 to 6.1.10

Release notes

Sourced from astro's releases.

astro@6.1.10

Patch Changes

#16479 1058428 Thanks @matthewp! - Fixes a spurious [WARN] [content] Content config not loaded warning during astro dev for projects that don't use content collections

#16457 3d82220 Thanks @matthewp! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one

#16481 152700e Thanks @matthewp! - Fixes a spurious 404 request for a dev toolbar sourcemap during astro dev caused by the browser mis-resolving a relative sourceMappingURL from the /@id/ URL prefix

#16480 1bcb43b Thanks @matthewp! - Fixes an unnecessary full page reload on first navigation during dev

astro@6.1.9

Patch Changes

#16448 99464ed Thanks @matthewp! - Updates vite, picomatch, and unstorage to latest patch versions

#16422 a3951d7 Thanks @matthewp! - Hardens astro-island export resolution and hydration error handling for malformed component metadata

#16420 e21de1d Thanks @matthewp! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation

#16419 f3485c3 Thanks @matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

#16022 a002540 Thanks @mathieumaf! - Fixes an issue where i18n domains would return 404 when trailingSlash is set to never.

Updated dependencies [99464ed, f3485c3]:

@astrojs/internal-helpers@0.9.0

@astrojs/markdown-remark@7.1.1

astro@6.1.8

Patch Changes

#16367 a6866a7 Thanks @ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

#16381 217c5b3 Thanks @ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

#16348 7d26cd7 Thanks @ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

#16317 d012bfe Thanks @das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

#16379 5a84551 Thanks @martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

#16317 d012bfe Thanks @das-peter! - Adds tests to verify settings are properly propagated when using the development server.

#16282 5b0fdaa Thanks @jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

Updated dependencies [e0b240e]:

@astrojs/telemetry@3.3.1

Changelog

Sourced from astro's changelog.

6.1.10

Patch Changes

#16479 1058428 Thanks @matthewp! - Fixes a spurious [WARN] [content] Content config not loaded warning during astro dev for projects that don't use content collections

#16457 3d82220 Thanks @matthewp! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one

#16481 152700e Thanks @matthewp! - Fixes a spurious 404 request for a dev toolbar sourcemap during astro dev caused by the browser mis-resolving a relative sourceMappingURL from the /@id/ URL prefix

#16480 1bcb43b Thanks @matthewp! - Fixes an unnecessary full page reload on first navigation during dev

6.1.9

Patch Changes

#16448 99464ed Thanks @matthewp! - Updates vite, picomatch, and unstorage to latest patch versions

#16422 a3951d7 Thanks @matthewp! - Hardens astro-island export resolution and hydration error handling for malformed component metadata

#16420 e21de1d Thanks @matthewp! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation

#16419 f3485c3 Thanks @matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

#16022 a002540 Thanks @mathieumaf! - Fixes an issue where i18n domains would return 404 when trailingSlash is set to never.

Updated dependencies [99464ed, f3485c3]:

@astrojs/internal-helpers@0.9.0

@astrojs/markdown-remark@7.1.1

6.1.8

Patch Changes

#16367 a6866a7 Thanks @ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

#16381 217c5b3 Thanks @ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

#16348 7d26cd7 Thanks @ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

#16317 d012bfe Thanks @das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

#16379 5a84551 Thanks @martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

#16317 d012bfe Thanks @das-peter! - Adds tests to verify settings are properly propagated when using the development server.

#16282 5b0fdaa Thanks @jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

Updated dependencies [e0b240e]:

@astrojs/telemetry@3.3.1

... (truncated)

Commits

c1f2e4f [ci] release (#16467)
345fb9e chore: fix flaky dev toolbar render time test (#16500)
5120ecd [ci] format
3d82220 Add AEAD context binding to server island encryption (#16457)
1bcb43b Prebundle dev toolbar entrypoint in client environment (#16480)
93101cc [ci] format
152700e fix: strip sourceMappingURL from dev toolbar entrypoint during dep optimizati...
bc83041 refactor(astro): migrate test utils to typescript (#16492)
5c543c5 refactor(astro): add internal entry points for test (#16473)
1058428 Suppress content config warning for projects without content collections (#16...
Additional commits viewable in compare view

Updates axios from 1.13.2 to 1.16.0

Release notes

Sourced from axios's releases.

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (#10795)

Proxy requests now preserve user-supplied Host headers. Previously, the proxy path could overwrite a custom Host. Virtual-host-style routing through a proxy will now behave correctly. (#10822)

Basic auth credentials embedded in URLs are now URL-decoded. If you have percent-encoded credentials in a URL (e.g. https://user:p%40ss@host), the decoded value is what now goes on the wire. (#10825)

parseProtocol now strictly requires a colon in the protocol separator. Strings that loosely parsed as protocols before may no longer match. (#10729)

Deprecated unescape() replaced with modern UTF-8 encoding. Non-ASCII URL handling is now spec-correct; consumers depending on legacy unescape() quirks may see different output bytes. (#7378)

transformRequest input typing change was reverted. The typing change introduced in #10745 was reverted in #10810 after follow-up review — net behavior is unchanged from 1.15.2. (#10745, #10810)

🚀 New Features

QUERY HTTP Method: Added support for the QUERY HTTP method across adapters and type definitions. (#10802)

ECONNREFUSED Error Constant: Exposed ECONNREFUSED as a constant on AxiosError so callers can match connection-refused failures without comparing string literals (closes #6485). (#10680)

Encode Helper Export: Exported the internal encode helper from buildURL so userland param serializers can reuse the same encoding logic that axios uses internally. (#6897)

🐛 Bug Fixes

HTTP Adapter — Redirects & Headers: Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing requestDetails argument on beforeRedirect, preserved user-supplied Host headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (#10794, #10800, #6241, #10822, #10825)

HTTP Adapter — Streams & Timeouts: Preserved the partial response object on AxiosError when a stream is aborted after headers arrive, honoured the timeout option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and maxRedirects: 0. (#10708, #10819, #7149)

Fetch Adapter: Enforced maxBodyLength / maxContentLength in the fetch adapter, set the User-Agent header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a TypeError in restricted environments. (#10795, #10772, #10806, #7260)

XHR Adapter: Unsubscribed the cancelToken and AbortSignal listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (#10787)

Error Handling: Attached the parsed response to AxiosError when JSON.parse fails inside dispatchRequest, prevented settle from emitting undefined error codes, and tightened the parseProtocol regex to require a colon in the protocol separator. (#10724, #7276, #10729)

Types & Exports: Aligned the CommonJS CancelToken typings with the ESM build, fixed a compiler error caused by RawAxiosHeaders, and re-exported create from the package index. (#7414, #6389, #6460)

UTF-8 Encoding: Replaced the deprecated unescape() call with a modern UTF-8 encoding implementation. (#7378)

Misc Cleanup: Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (#10833)

🔧 Maintenance & Chores

Refactor — ES6 Modernisation: Modernised the utils module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (#10588, #7419)

Tests: Hardened the HTTP test server lifecycle to fix flaky FormData EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (#10820, #10791, #10796)

Docs: Documented paramsSerializer.encode for strict RFC 3986 query encoding, updated the parseReviver TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (#10821, #10782, #10759, #10804)

Reverted: Reverted the transformRequest input typing change from #10745 after follow-up review. (#10745, #10810)

Dependencies: Bumped actions/setup-node, the github-actions group, and postcss (in /docs) to their latest versions. (#10785, #10813, #10814)

Release: Updated changelog and packages, and prepared the 1.16.0 release. (#10790, #10834)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@singhankit001 (#10588)

@cuiweixie (#7419)

@iruizsalinas (#10787)

@MarcosNocetti (#10680)

@deepview-autofix (#...
Description has been truncated

… updates Bumps the npm_and_yarn group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `2.1.9` | `4.1.0` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.25.2` | `1.26.0` | | [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` | | [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.30.0` | `3.36.0` | | [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.16.9` | `6.1.10` | | [axios](https://github.com/axios/axios) | `1.13.2` | `1.16.0` | | [ws](https://github.com/websockets/ws) | `8.18.3` | `8.20.1` | | [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.10` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.4.1` | `6.4.2` | Bumps the npm_and_yarn group with 1 update in the /marketplace directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro). Bumps the npm_and_yarn group with 1 update in the /packages/cli directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 1 update in the /plugins/mcp/pr-to-spec/site directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro). Bumps the npm_and_yarn group with 1 update in the /tests/e2e directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Updates `vitest` from 2.1.9 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) Updates `@modelcontextprotocol/sdk` from 1.25.2 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.25.2...v1.26.0) Updates `yaml` from 2.8.2 to 2.8.3 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.8.2...v2.8.3) Updates `simple-git` from 3.30.0 to 3.36.0 - [Release notes](https://github.com/steveukx/git-js/releases) - [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md) - [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git) Updates `astro` from 5.16.9 to 6.1.10 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/astro@6.1.10/packages/astro) Updates `axios` from 1.13.2 to 1.16.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.2...v1.16.0) Updates `ws` from 8.18.3 to 8.20.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.18.3...8.20.1) Updates `postcss` from 8.5.6 to 8.5.10 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.6...8.5.10) Updates `vite` from 6.4.1 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) Updates `@hono/node-server` from 1.19.7 to 1.19.14 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.7...v1.19.14) Updates `defu` from 6.1.4 to 6.1.7 - [Release notes](https://github.com/unjs/defu/releases) - [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md) - [Commits](unjs/defu@v6.1.4...v6.1.7) Updates `devalue` from 5.6.1 to 5.8.1 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.6.1...v5.8.1) Updates `fast-uri` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.1.0...v3.1.2) Updates `follow-redirects` from 1.15.11 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) Updates `h3` from 1.15.4 to 1.15.11 - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.11/CHANGELOG.md) - [Commits](h3js/h3@v1.15.4...v1.15.11) Updates `hono` from 4.12.8 to 4.12.23 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.8...v4.12.23) Updates `ip-address` from 10.1.0 to 10.2.0 - [Commits](beaugunderson/ip-address@v10.1.0...v10.2.0) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `rollup` from 4.52.4 to 4.61.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.52.4...v4.61.0) Updates `smol-toml` from 1.6.0 to 1.6.1 - [Release notes](https://github.com/squirrelchat/smol-toml/releases) - [Commits](squirrelchat/smol-toml@v1.6.0...v1.6.1) Updates `svgo` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v4.0.0...v4.0.1) Updates `astro` from 5.16.9 to 6.1.10 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/astro@6.1.10/packages/astro) Updates `vitest` from 2.1.9 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) Updates `astro` from 5.18.1 to 6.1.10 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/astro@6.1.10/packages/astro) Updates `vitest` from 2.1.9 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 2.8.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: simple-git dependency-version: 3.36.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: astro dependency-version: 6.1.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.16.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.20.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.10 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@hono/node-server" dependency-version: 1.19.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: defu dependency-version: 6.1.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: devalue dependency-version: 5.8.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: h3 dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip-address dependency-version: 10.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.61.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: smol-toml dependency-version: 1.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svgo dependency-version: 4.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: astro dependency-version: 6.1.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: astro dependency-version: 6.1.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 5 directories with 21 updates#3

chore(deps): bump the npm_and_yarn group across 5 directories with 21 updates#3
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-d07fddaf99

dependabot Bot commented on behalf of github Jun 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 1, 2026

v4.1.0

🚀 Features

v1.26.0

What's Changed

New Contributors

v1.25.3

What's Changed

v2.8.3

simple-git@3.36.0

Minor Changes

Patch Changes

simple-git@3.35.2

Patch Changes

simple-git@3.35.1

Patch Changes

simple-git@3.33.0

Minor Changes

Patch Changes

simple-git@3.32.3

Patch Changes

3.36.0

Minor Changes

Patch Changes

3.35.2

Patch Changes

3.35.1

Patch Changes

3.35.0

Minor Changes

Patch Changes

3.34.0

astro@6.1.10

Patch Changes

astro@6.1.9

Patch Changes

astro@6.1.8

Patch Changes

6.1.10

Patch Changes

6.1.9

Patch Changes

6.1.8

Patch Changes

v1.16.0 — May 2, 2026

⚠️ Notable Changes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants