Bump the npm_and_yarn group across 2 directories with 7 updates by dependabot[bot] · Pull Request #258 · mapcomponents/react-map-components-maplibre

dependabot · 2026-02-19T21:46:38Z

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
ajv	`8.17.1`	`8.18.0`
storybook	`9.1.1`	`9.1.17`
vite	`7.1.4`	`7.1.11`
lodash	`4.17.21`	`4.17.23`
jspdf	`3.0.2`	`4.2.0`
glob	`11.0.3`	`12.0.0`

Bumps the npm_and_yarn group with 2 updates in the /packages/react-maplibre directory: jspdf and glob.

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates storybook from 9.1.1 to 9.1.17

Release notes

Sourced from storybook's releases.

v9.1.17

9.1.17

Core: Fix .env-file parsing, thanks @jreinhold!

v9.1.16

9.1.16

CLI: Fix Nextjs project creation in empty directories - #32828, thanks @yannbf!

Core: Add `experimental_devServer` preset - #32862, thanks @yannbf!

Telemetry: Fix preview-first-load event - #32859, thanks @shilman!

Changelog

Sourced from storybook's changelog.

10.2.10

Core: Require token for websocket connections - #33820, thanks @ghengeveld!

10.2.9

Addon-Vitest: Improve config file detection in monorepos - #33814, thanks @valentinpalkovic!

Builder-Vite: Update dependencies react-vite framework - #33810, thanks @valentinpalkovic!

Builder-Vite: Use relative path for mocker entry in production builds - #33792, thanks @DukeDeSouth!

Next.js: Fix Link component override in appDirectory configuration - #31251, thanks @yatishgoel!

10.2.8

Telemetry: Add Expo metaframework - #33783, thanks @copilot-swe-agent!

Telemetry: Add init exit event - #33773, thanks @valentinpalkovic!

Telemetry: Add share events - #33766, thanks @ndelangen!

Test: Update event creation logic in user-event package - #33787, thanks @valentinpalkovic!

10.2.7

CSF: Fix cross-file story imports in csf-factories codemod - #33723, thanks @yatishgoel!

Core: Fix rendering of View Transitions in Firefox - #33651, thanks @ghengeveld!

Globals: Repair dynamicTitle: false for user-defined tools - #33284, thanks @ia319!

Logger: Honor --loglevel for npmlog output - #33776, thanks @LouisLau-art!

10.2.6

Addon-Vitest: Skip postinstall setup when configured - #33712, thanks @valentinpalkovic!

Addon-Vitest: Support vite/vitest config with deferred export - #33755, thanks @valentinpalkovic!

CLI: Support addon-vitest setup when --skip-install is passed - #33718, thanks @valentinpalkovic!

Manager: Update logic to use base path instead of full pathname - #33686, thanks @JSMike!

10.2.5

Angular: fix --loglevel options in docs and descriptions - #33726, thanks @theRuslan!

Builder-Vite: Add plugin to enforce Storybook's output directory in Vite build configuration - #33740, thanks @valentinpalkovic!

Core: Invalidate cache on Storybook version upgrade - #33717, thanks @copilot-swe-agent!

10.2.4

CSF-Factories: Fix codemod for preview files without exports - #33673, thanks @kasperpeulen!

CSF: Fix false positive detection of Zod v4 .meta() as CSF Factory - #33666, thanks @kasperpeulen!

CSFFactories: Add non-interactive mode and --glob flag - #33648, thanks @kasperpeulen!

CSFFactories: Preserve leading comments when adding imports - #33645, thanks @kasperpeulen!

Codemod: Fix csf-2-to-3 failing due to quoted filenames - #33646, thanks @kasperpeulen!

Codemod: Fix glob pattern handling on Windows - #33714, thanks @kasperpeulen!

Manager: Remove deprecated active prop warning in ZoomButton - #33697, thanks @yatishgoel!

Next.js: Alias AppRouterContext to shared runtime to fix Link navigation - #33419, thanks @pallaprolus!

10.2.3

... (truncated)

Commits

d0d5a3d Bump version from 9.1.16 to 9.1.17 MANUALLY
a06c257 filter env vars from .env files
a54a04c Bump version from "9.1.15" to "9.1.16" [skip ci]
ebd7ff5 Merge pull request #32859 from storybookjs/shilman/first-load-new-user
da2da6e Merge pull request #32862 from storybookjs/yann/patch-dev-server-preset
d0d17d9 Bump version from "9.1.14" to "9.1.15" [skip ci]
b3129cd fix exports
a78540a Merge pull request #32770 from storybookjs/shilman/preview-first-load
5afb39f Bump version from "9.1.13" to "9.1.14" [skip ci]
0617aaa improve typings of storybook/internal/babel
Additional commits viewable in compare view

Updates vite from 7.1.4 to 7.1.11

Release notes

Sourced from vite's releases.

v7.1.11

Please refer to CHANGELOG.md for details.

v7.1.10

Please refer to CHANGELOG.md for details.

v7.1.9

Please refer to CHANGELOG.md for details.

v7.1.8

Please refer to CHANGELOG.md for details.

v7.1.7

Please refer to CHANGELOG.md for details.

v7.1.6

Please refer to CHANGELOG.md for details.

v7.1.5

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.1.11 (2025-10-20)

Bug Fixes

dev: trim trailing slash before server.fs.deny check (#20968) (f479cc5)

Miscellaneous Chores

deps: update all non-major dependencies (#20966) (6fb41a2)

Code Refactoring

use subpath imports for types module reference (#20921) (d0094af)

Build System

remove cjs reference in files field (#20945) (ef411ce)

remove hash from built filenames (#20946) (a817307)

7.1.10 (2025-10-14)

Bug Fixes

css: avoid duplicate style for server rendered stylesheet link and client inline style during dev (#20767) (3a92bc7)

css: respect emitAssets when cssCodeSplit=false (#20883) (d3e7eee)

deps: update all non-major dependencies (879de86)

deps: update all non-major dependencies (#20894) (3213f90)

dev: allow aliases starting with // (#20760) (b95fa2a)

dev: remove timestamp query consistently (#20887) (6537d15)

esbuild: inject esbuild helpers correctly for esbuild 0.25.9+ (#20906) (446eb38)

normalize path before calling fileToBuiltUrl (#20898) (73b6d24)

preserve original sourcemap file field when combining sourcemaps (#20926) (c714776)

Documentation

correct WebSocket spelling (#20890) (29e98dc)

Miscellaneous Chores

deps: update rolldown-related dependencies (#20923) (a5e3b06)

7.1.9 (2025-10-03)

Reverts

server: drain stdin when not interactive (#20885) (12d72b0)

7.1.8 (2025-10-02)

Bug Fixes

css: improve url escape characters handling (#20847) (24a61a3)

deps: update all non-major dependencies (#20855) (788a183)

deps: update artichokie to 0.4.2 (#20864) (e670799)

... (truncated)

Commits

8b69c9e release: v7.1.11
f479cc5 fix(dev): trim trailing slash before server.fs.deny check (#20968)
6fb41a2 chore(deps): update all non-major dependencies (#20966)
a817307 build: remove hash from built filenames (#20946)
ef411ce build: remove cjs reference in files field (#20945)
d0094af refactor: use subpath imports for types module reference (#20921)
ed4a0dc release: v7.1.10
c714776 fix: preserve original sourcemap file field when combining sourcemaps (#20926)
446eb38 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20906)
879de86 fix(deps): update all non-major dependencies
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates jspdf from 3.0.2 to 4.2.0

Release notes

Sourced from jspdf's releases.

v4.2.0

This release fixes three security issues.

What's Changed

Fix PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton children) vulnerability.

Fix Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions vulnerability.

Fix PDF Object Injection via Unsanitized Input in addJS Method vulnerability.

Add "default" property to export section in package.json by @stefan-schweiger in parallax/jsPDF#3953

New Contributors

@stefan-schweiger made their first contribution in parallax/jsPDF#3953

Full Changelog: parallax/jsPDF@v4.1.0...v4.2.0

v4.1.0

This release fixes several security issues.

What's Changed

Upgrade optional dompurify dependency to 3.3.1 in parallax/jsPDF#3948

Fix PDF Injection in AcroForm module allows Arbitrary JavaScript Execution vulnerability

Fix Stored XMP Metadata Injection (Spoofing & Integrity Violation) vulnerability

Fix Shared State Race Condition in addJS Method vulnerability

Fix Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder vulnerability

Full Changelog: parallax/jsPDF@v4.0.0...v4.1.0

v4.0.0

This release fixes a critical path traversal/local file inclusion security vulnerability in the jsPDF Node.js build. File system access is now restricted by default and can be enabled by either using node's --permission flag or the new jsPDF.allowFsRead property.

There are no other breaking changes.

v3.0.4

This release includes a bunch of bugfixes. Thanks to all contributors!

What's Changed

[Snyk] Upgrade @babel/runtime from 7.28.3 to 7.28.4 by @MrRio in parallax/jsPDF#3895

fix: cell function now properly accepts align parameter by @vishal-rathod-07 in parallax/jsPDF#3896

Remove duplicated function "ga" from WebPDecoder.js by @jvdp in parallax/jsPDF#3902

Fix font state management issue #3890 by @srikanth-s2003 in parallax/jsPDF#3891

Fix pages property to always return current array reference ( #3898 ) by @Opineppes in parallax/jsPDF#3899

Fix jsPDF + Vite compatibility issue #3851 by @tishajain25 in parallax/jsPDF#3903

Do not add pages dynamically unless autoPaging is enabled by @anmiles in parallax/jsPDF#3915

Fix: Context2d font regex too restrictive ( #3904 ) by @Opineppes in parallax/jsPDF#3906

Fix Incorrect Typing for Margins in the TableConfig Interface Definition by @Maito1794 in parallax/jsPDF#3816

New Contributors

@survivant made their first contribution in parallax/jsPDF#3897

@vishal-rathod-07 made their first contribution in parallax/jsPDF#3896

@jvdp made their first contribution in parallax/jsPDF#3902

@srikanth-s2003 made their first contribution in parallax/jsPDF#3891

... (truncated)

Commits

7af912c 4.2.0
56b46d4 Merge commit from fork
2e5e156 Merge commit from fork
71ad2db Merge commit from fork
885a777 fix: upgrade @babel/runtime from 7.28.4 to 7.28.6 (#3954)
3b92c7d Add default export to package.json (#3953)
0227381 4.1.0
ae4b93f Merge commit from fork
2863e5c Merge commit from fork
efe54bf Merge commit from fork
Additional commits viewable in compare view

Updates glob from 11.0.3 to 12.0.0

Changelog

Sourced from glob's changelog.

changeglob

13

Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)

Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.

Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

Drop support for node before v20

10.4

Add includeChildMatches: false option

Export the Ignore class

10.3

Add --default -p flag to provide a default pattern

exclude symbolic links to directories when follow and nodir are both set

10.2

Add glob cli

10.1

Return '.' instead of the empty string '' when the current working directory is returned as a match.

Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

2b03cca 12.0.0
d56203d prettier config
bb521e5 Remove --shell option where unsafe to use
2551fb5 11.1.0
47473c0 bin: Do not expose filenames to shell expansion
bc33fe1 skip tilde test on systems that lack tilde expansion
59bf9ca fix notes
dde4fa6 docs(README): add #anchor and improve notes
0559b0e docs: add better links to path-scurry docs
c9773c2 fix: correct typos in README.md
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates undici from 7.15.0 to 7.22.0

Release notes

Sourced from undici's releases.

v7.22.0

What's Changed

docs: fix syntax highlighting in WebSocket.md by @styfle in nodejs/undici#4814

fix: use OR operator in includesCredentials per WHATWG URL Standard by @jackhax in nodejs/undici#4816

feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk by @SuperOleg39 in nodejs/undici#4676

fix: route WebSocket upgrades through onRequestUpgrade by @mcollina in nodejs/undici#4787

build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 by @dependabot[bot] in nodejs/undici#4821

fix(deduplicate): do not deduplicate non-safe methods by default by @mcollina in nodejs/undici#4818

feat: Support async cache stores in revalidation by @marcopiraccini in nodejs/undici#4826

New Contributors

@jackhax made their first contribution in nodejs/undici#4816

@marcopiraccini made their first contribution in nodejs/undici#4826

Full Changelog: nodejs/undici@v7.21.0...v7.22.0

v7.21.0

What's Changed

build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by @dependabot[bot] in nodejs/undici#4796

test: restore global dispatcher after fetch tests by @mcollina in nodejs/undici#4790

Add missing close method to WebSocketStream interface by @piotr-cz in nodejs/undici#4802

fix: error stream instead of canceling by @KhafraDev in nodejs/undici#4804

Fix clientTtl cleanup race in Agent by @mcollina in nodejs/undici#4807

feat(#4230): Implement pingInterval for dispatching PING frames by @metcoder95 in nodejs/undici#4296

fix: handle undefined __filename in bundled environments by @mcollina in nodejs/undici#4812

fix: set finalizer only for fetch responses by @tsctx in nodejs/undici#4803

New Contributors

@piotr-cz made their first contribution in nodejs/undici#4802

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

v7.20.0

What's Changed

fix: preserve fetch stack traces by @mcollina in nodejs/undici#4778

Fix error handling in MockPool example by @dave-kennedy in nodejs/undici#4781

feat: expose statusText in request() ResponseData by @domenic in nodejs/undici#4784

test: reduce retry-after invalid date flake by @mcollina in nodejs/undici#4788

extractBody fixes by @KhafraDev in nodejs/undici#4791

fix: MockAgent delayed response with AbortSignal (#4693) by @mcollina in nodejs/undici#4772

fix: onParserTimeout potentially accessing undefined by @vbfox in nodejs/undici#4758

New Contributors

@dave-kennedy made their first contribution in nodejs/undici#4781

@vbfox made their first contribution in nodejs/undici#4758

Full Changelog: nodejs/undici@v7.19.2...v7.20.0

v7.19.2

What's Changed

... (truncated)

Commits

0a23610 Bumped v7.22.0 (#4829)
f3c5c61 feat: Support async cache stores in revalidation (#4826)
9b78a44 fix(deduplicate): avoid deduping methods not in methods option (#4818)
0ce57ba build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 (#4821)
2453caf fix: route websocket upgrades through new handler API (#4787)
4658cdf feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk (#4676)
a821c56 fix: use OR operator in includesCredentials per WHATWG URL Standard (#4816)
b3326b5 docs: fix syntax highlighting in WebSocket.md (#4814)
393c0da Bumped v7.21.0 (#4813)
47f9b96 fix: set finalizer only for fetch responses (#4803)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Updates jspdf from 3.0.2 to 4.2.0

Release notes

Sourced from jspdf's releases.

v4.2.0

This release fixes three security issues.

What's Changed

Fix PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton children) vulnerability.

Fix Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions vulnerability.

Fix PDF Object Injection via Unsanitized Input in addJS Method vulnerability.

Add "default" property to export section in package.json by @stefan-schweiger in parallax/jsPDF#3953

New Contributors

@stefan-schweiger made their first contribution in parallax/jsPDF#3953

Full Changelog: parallax/jsPDF@v4.1.0...v4.2.0

v4.1.0

This release fixes several security issues.

What's Changed

Upgrade optional dompurify dependency to 3.3.1 in parallax/jsPDF#3948

Fix PDF Injection in AcroForm module allows Arbitrary JavaScript Execution vulnerability

Fix Stored XMP Metadata Injection (Spoofing & Integrity Violation) vulnerability

Fix Shared State Race Condition in addJS Method vulnerability

Fix Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder vulnerability

Full Changelog: parallax/jsPDF@v4.0.0...v4.1.0

v4.0.0

This release fixes a critical path traversal/local file inclusion security vulnerability in the jsPDF Node.js build. File system access is now restricted by default and can be enabled by either using node's --permission flag or the new jsPDF.allowFsRead property.

There are no other breaking changes.

v3.0.4

This release includes a bunch of bugfixes. Thanks to all contributors!

What's Changed

[Snyk] Upgrade @babel/runtime from 7.28.3 to 7.28.4 by @MrRio in parallax/jsPDF#3895

fix: cell function now properly accepts align parameter by @vishal-rathod-07 in parallax/jsPDF#3896

Remove duplicated function "ga" from WebPDecoder.js by @jvdp in parallax/jsPDF#3902

Fix font state management issue #3890 by @srikanth-s2003 in parallax/jsPDF#3891

Fix pages property to always return current array reference ( #3898 ) by @Opineppes in parallax/jsPDF#3899

Fix jsPDF + Vite compatibility issue #3851 by @tishajain25 in parallax/jsPDF#3903

Do not add pages dynamically unless autoPaging is enabled by @anmiles in parallax/jsPDF#3915

Fix: Context2d font regex too restrictive ( #3904 ) by @Opineppes in parallax/jsPDF#3906

Fix Incorrect Typing for Margins in the TableConfig Interface Definition by @Maito1794 in parallax/jsPDF#3816

New Contributors

@survivant made their first contribution in parallax/jsPDF#3897

@vishal-rathod-07 made their first contribution in parallax/jsPDF#3896

@jvdp made their first contribution in parallax/jsPDF#3902

@srikanth-s2003 made their first contribution in parallax/jsPDF#3891

... (truncated)

Commits

7af912c 4.2.0
56b46d4 Merge commit from fork
2e5e156 Merge commit from fork
71ad2db Merge commit from fork
885a777 fix: upgrade @babel/runtime from 7.28.4 to 7.28.6 (#3954)
3b92c7d Add default export to package.json (#3953)
0227381 4.1.0
ae4b93f Merge commit from fork
2863e5c Merge commit from fork
efe54bf Merge commit from fork
Additional commits viewable in compare view

Updates glob from 11.0.3 to 12.0.0

Changelog

Sourced from glob's changelog.

changeglob

13

Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)

Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.

Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

Drop support for node before v20

10.4

Add includeChildMatches: false option

Export the Ignore class

10.3

Add --default -p flag to provide a default pattern

exclude symbolic links to directories when follow and nodir are both set

10.2

Add glob cli

10.1

Return '.' instead of the empty string '' when the current working directory is returned as a match.

Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

2b03cca 12.0.0
d56203d prettier config
bb521e5 Remove --shell option where unsafe to use
2551fb5 11.1.0
47473c0 bin: Do not expose filenames to shell expansion
bc33fe1 skip tilde test on systems that lack tilde expansion
59bf9ca fix notes
dde4fa6 docs(README): add #anchor and improve notes
0559b0e docs: add better links to path-scurry docs
c9773c2 fix: correct typos in README.md
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` | | [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `9.1.1` | `9.1.17` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.4` | `7.1.11` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [jspdf](https://github.com/parallax/jsPDF) | `3.0.2` | `4.2.0` | | [glob](https://github.com/isaacs/node-glob) | `11.0.3` | `12.0.0` | Bumps the npm_and_yarn group with 2 updates in the /packages/react-maplibre directory: [jspdf](https://github.com/parallax/jsPDF) and [glob](https://github.com/isaacs/node-glob). Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `storybook` from 9.1.1 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v9.1.17/code/core) Updates `vite` from 7.1.4 to 7.1.11 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.1.11/packages/vite) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `jspdf` from 3.0.2 to 4.2.0 - [Release notes](https://github.com/parallax/jsPDF/releases) - [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md) - [Commits](parallax/jsPDF@v3.0.2...v4.2.0) Updates `glob` from 11.0.3 to 12.0.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v11.0.3...v12.0.0) Updates `undici` from 7.15.0 to 7.22.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.15.0...v7.22.0) Updates `jspdf` from 3.0.2 to 4.2.0 - [Release notes](https://github.com/parallax/jsPDF/releases) - [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md) - [Commits](parallax/jsPDF@v3.0.2...v4.2.0) Updates `glob` from 11.0.3 to 12.0.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v11.0.3...v12.0.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.1.11 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jspdf dependency-version: 4.2.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 12.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.22.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jspdf dependency-version: 4.2.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 12.0.0 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-09T08:33:12Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 19, 2026

dependabot bot mentioned this pull request Feb 19, 2026

Bump vite from 7.1.4 to 7.1.5 in the npm_and_yarn group across 1 directory #241

Closed

dependabot bot closed this Mar 9, 2026

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-b3cd0452c8 branch March 9, 2026 08:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 2 directories with 7 updates#258

Bump the npm_and_yarn group across 2 directories with 7 updates#258
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-b3cd0452c8

dependabot bot commented on behalf of github Feb 19, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Mar 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v8.18.0

What's Changed

New Contributors

v9.1.17

9.1.17

v9.1.16

9.1.16

10.2.10

10.2.9

10.2.8

10.2.7

10.2.6

10.2.5

10.2.4

10.2.3

v7.1.11

v7.1.10

v7.1.9

v7.1.8

v7.1.7

v7.1.6

v7.1.5

7.1.11 (2025-10-20)

Bug Fixes

Miscellaneous Chores

Code Refactoring

Build System

7.1.10 (2025-10-14)

Bug Fixes

Documentation

Miscellaneous Chores

7.1.9 (2025-10-03)

Reverts

7.1.8 (2025-10-02)

Bug Fixes

v4.2.0

What's Changed

New Contributors

v4.1.0

What's Changed

v4.0.0

v3.0.4

What's Changed

New Contributors

changeglob

13

12

11.1

11.0

10.4

10.3

10.2

10.1

v7.22.0

What's Changed

New Contributors

v7.21.0

What's Changed

New Contributors

v7.20.0

What's Changed

New Contributors

v7.19.2

What's Changed

v4.2.0

What's Changed

New Contributors

v4.1.0

What's Changed

v4.0.0

v3.0.4

What's Changed

New Contributors

changeglob

13

12

11.1

dependabot bot commented on behalf of github Feb 19, 2026 •

edited

Loading