Skip to content

Bump the dev-dependencies group across 1 directory with 4 updates#7

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-57009670e2
Open

Bump the dev-dependencies group across 1 directory with 4 updates#7
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-57009670e2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 2, 2026
edited
Loading

Bumps the dev-dependencies group with 4 updates in the / directory: @substrate-system/web-component, esbuild, typescript and vite.

Updates @substrate-system/web-component from 0.0.46 to 0.0.51

Changelog

Sourced from @​substrate-system/web-component's changelog.

v0.0.51

Merged

Commits

v0.0.50 - 2026-04-15

Commits

  • add .off eead0fe
  • test: verify Preact disabled prop reflects to attribute on web component 339cbe0
  • style: wrap preact.h() props to respect 80-column limit a41e9af

v0.0.49 - 2026-03-15

v0.0.48 - 2026-03-15

Merged

Commits

  • test: add failing tests for property-to-attribute reflection 5bc5c47
  • FEATURE: Reflect class properties for preact c920a51
  • feat: add declarative property-to-attribute reflection 3a0dad3

v0.0.47 - 2026-03-15

Commits

  • test: add failing tests for property-to-attribute reflection a6bc570
  • FEATURE: Reflect class properties for preact 7f0724c
  • feat: add declarative property-to-attribute reflection 0c1e80e
Commits
  • a30ec69 0.0.51
  • df7601d 0.0.50
  • 26046be add .off
  • 00ec11f Disable esModuleInterop in tsconfig.json
  • 1820cc3 Merge pull request #38 from mycelial-systems/dependabot/npm_and_yarn/vite-8.0.3
  • ed3decc Bump vite from 7.3.1 to 8.0.3
  • f3dae55 Merge pull request #39 from mycelial-systems/dependabot/npm_and_yarn/typescri...
  • ac00d81 Bump typescript from 5.9.3 to 6.0.2
  • 421a005 Merge pull request #40 from mycelial-systems/dependabot/npm_and_yarn/esbuild-...
  • 170d563 Bump esbuild from 0.27.7 to 0.28.0
  • Additional commits viewable in compare view

Updates esbuild from 0.27.7 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0

  • Add support for with { type: 'text' } imports (#4435)

    The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

    import string from './example.txt' with { type: 'text' }
console.log(string)

  • Add integrity checks to fallback download path (#4343)

    Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

    This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

  • Update the Go compiler from 1.25.7 to 1.26.1

    This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

    • It now uses the new garbage collector that comes with Go 1.26.
    • The Go compiler is now more aggressive with allocating memory on the stack.
    • The executable format that the Go linker uses has undergone several changes.
    • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

    You can read the Go 1.26 release notes for more information.

Changelog

Sourced from esbuild's changelog.

0.28.0

  • Add support for with { type: 'text' } imports (#4435)

    The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

    import string from './example.txt' with { type: 'text' }
console.log(string)

  • Add integrity checks to fallback download path (#4343)

    Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

    This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

  • Update the Go compiler from 1.25.7 to 1.26.1

    This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

    • It now uses the new garbage collector that comes with Go 1.26.
    • The Go compiler is now more aggressive with allocating memory on the stack.
    • The executable format that the Go linker uses has undergone several changes.
    • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

    You can read the Go 1.26 release notes for more information.

Commits
  • 6a794df publish 0.28.0 to npm
  • 64ee0ea fix #4435: support with { type: text } imports
  • ef65aee fix sort order in snapshots_packagejson.txt
  • 1a26a8e try to fix test-old-ts, also shuffle CI tasks
  • 556ce6c use '' instead of null to omit build hashes
  • 8e675a8 ci: allow missing binary hashes for tests
  • 7067763 Reapply "update go 1.25.7 => 1.26.1"
  • 39473a9 fix #4343: integrity check for binary download
  • See full diff in compare view

Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG
  • af4caac Update LKG
  • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
  • Additional commits viewable in compare view

Updates vite from 7.3.3 to 8.0.13

Release notes

Sourced from vite's releases.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.13 (2026-05-14)

Features

  • bundled-dev: add lazy bundling support (#21406) (4f0949f)
  • optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#22357) (47071ce)
  • update rolldown to 1.0.1 (#22444) (8c766a6)

Bug Fixes

  • build: copy public directory after building same environment with write=false (#22328) (158e8ae)
  • css: await sass/less/styl worker disposal on teardown (fix #22274) (#22275) (b7edcb7)
  • css: keep deprecated name/originalFileName in synthetic assetFileNames call (#22439) (8e59c97)
  • make isBundled per environment (#22257) (a576326)
  • ssr: avoid rewriting labels that collide with imports (#22451) (d9b18e0)

Miscellaneous Chores

8.0.12 (2026-05-11)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22420) (2be6000)
  • module-runner: prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (#22369) (f5a22e6)
  • refer to rolldownOptions instead of deprecated rollupOptions in messages (#22400) (b675c7b)
  • worker: apply build.target to worker bundle (#22404) (3c93fde)
  • worker: forward define to worker bundle transform (#22408) (d4838a0)

Miscellaneous Chores

8.0.11 (2026-05-07)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22334) (672c962)
  • deps: update all non-major dependencies (#22382) (5c0cfcb)
  • glob: align hmr matcher options with glob enumeration (#22306) (30028f9)
  • make separate object instance for each environment (#22276) (7c2aa3b)

... (truncated)

Commits
  • a46f11a release: v8.0.13
  • d9b18e0 fix(ssr): avoid rewriting labels that collide with imports (#22451)
  • 4f0949f feat(bundled-dev): add lazy bundling support (#21406)
  • 158e8ae fix(build): copy public directory after building same environment with `write...
  • 47071ce feat(optimizer): improve the esbuild plugin converter to pass some properties...
  • 8e59c97 fix(css): keep deprecated name/originalFileName in synthetic `assetFileNa...
  • a576326 fix: make isBundled per environment (#22257)
  • 8c766a6 feat: update rolldown to 1.0.1 (#22444)
  • b7edcb7 fix(css): await sass/less/styl worker disposal on teardown (fix #22274) (#22275)
  • fcdc87c chore: update changelog (#22413)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 2, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 2, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedesbuild@​0.28.0911007390100
Added@​substrate-system/​web-component@​0.0.51761001009480
Updatedtypescript@​5.9.3 ⏵ 6.0.3100 +110090 +19890

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 2, 2026
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

@dependabot
Bump the dev-dependencies group across 1 directory with 4 updates
faf1460 
Bumps the dev-dependencies group with 4 updates in the / directory: [@substrate-system/web-component](https://github.com/substrate-system/web-component), [esbuild](https://github.com/evanw/esbuild), [typescript](https://github.com/microsoft/TypeScript) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `@substrate-system/web-component` from 0.0.46 to 0.0.51
- [Changelog](https://github.com/mycelial-systems/web-component/blob/main/CHANGELOG.md)
- [Commits](mycelial-systems/web-component@v0.0.46...v0.0.51)

Updates `esbuild` from 0.27.7 to 0.28.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.7...v0.28.0)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

Updates `vite` from 7.3.3 to 8.0.13
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.13/packages/vite)

---
updated-dependencies:
- dependency-name: "@substrate-system/web-component"
  dependency-version: 0.0.49
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: esbuild
  dependency-version: 0.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: typescript
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: vite
  dependency-version: 8.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-57009670e2 branch from 7ad73b0 to faf1460 Compare May 17, 2026 16:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants