Skip to content

Bump the npm_and_yarn group across 6 directories with 12 updates#1

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/utils/hsts-prune/npm_and_yarn-b98d36ef2e
Open

Bump the npm_and_yarn group across 6 directories with 12 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/utils/hsts-prune/npm_and_yarn-b98d36ef2e

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Feb 20, 2026

Bumps the npm_and_yarn group with 4 updates in the /utils/hsts-prune directory: request, xml2js, json-schema and lodash.
Bumps the npm_and_yarn group with 1 update in the /utils/trivialize-rules directory: xml2js.
Bumps the npm_and_yarn group with 4 updates in the /utils/trivialize-cdn-rules directory: xml2js, lodash, js-yaml and tmp.
Bumps the npm_and_yarn group with 1 update in the /utils/rewriter directory: xmldom.
Bumps the npm_and_yarn group with 2 updates in the /utils/eslint directory: lodash and js-yaml.
Bumps the npm_and_yarn group with 5 updates in the /chromium directory:

Package From To
lodash 4.17.21 4.17.23
js-yaml 3.13.1 3.14.2
@babel/traverse 7.11.0 7.29.0
braces 3.0.2 3.0.3
json5 2.1.3 2.2.3

Updates request from 2.88.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

Commits

Updates xml2js from 0.4.19 to 0.5.0

Commits
  • 9f730bb Update package.json with latest PR
  • 50a492a Merge pull request #603 from autopulated/master
  • 7bc3c5d Merge pull request #598 from fnimick/master
  • f412a12 Merge pull request #635 from wisesimpson/patch-1
  • d318ce0 Update README.md
  • 581b19a use Object.create(null) to create all parsed objects (prevent prototype repla...
  • a212950 Add documentation for explicitCharkey option
  • 1832e0b Merge pull request #512 from economia/master
  • 198063c Merge pull request #556 from Omega-Ariston/fix-issue544
  • 0d71785 Merge pull request #562 from Omega-Ariston/addDocExample
  • Additional commits viewable in compare view

Updates json-schema from 0.2.3 to 0.4.0

Commits
  • f6f6a3b Use a little more robust method of checking instances
  • ef60987 Update version
  • b62f1da Protect against constructor modification, #84
  • fb427cd Link to json-schema-org repository in addition to site, fixes #54
  • 22f1461 Don't allow proto property to be used for schema default/coerce, fixes #84
  • c52a27c Get basic test to pass
  • b3f42b3 Add security policy
  • 3b0cec3 Update version
  • c28470f Update readme to acknowledge the state of the package
  • 7dff9cd Merge pull request #81 from hodovani/patch-1
  • Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

Updates tough-cookie from 2.4.3 to 2.5.0

Commits
  • 7c1fdf1 2.5.0
  • 9ff4ba5 Qualify the store.removeAllCookies documentation
  • 1855bf3 Additional documentation for removeAllCookies
  • 5cc9bd2 Extract tests, cover multiple error path
  • 28f0808 Only call removeAllCookies if actually implemented
  • 62802ef remove all cookies from cookie jar at once (#115)
  • 8783d46 Remove left-over mention of MPL from README
  • 8302ebc Merge pull request #121 from salesforce/punycode-2.1
  • d6ea115 Merge pull request #120 from salesforce/no-package-lock
  • b897b49 Merge pull request #119 from salesforce/inline-version
  • Additional commits viewable in compare view

Updates xml2js from 0.4.19 to 0.5.0

Commits
  • 9f730bb Update package.json with latest PR
  • 50a492a Merge pull request #603 from autopulated/master
  • 7bc3c5d Merge pull request #598 from fnimick/master
  • f412a12 Merge pull request #635 from wisesimpson/patch-1
  • d318ce0 Update README.md
  • 581b19a use Object.create(null) to create all parsed objects (prevent prototype repla...
  • a212950 Add documentation for explicitCharkey option
  • 1832e0b Merge pull request #512 from economia/master
  • 198063c Merge pull request #556 from Omega-Ariston/fix-issue544
  • 0d71785 Merge pull request #562 from Omega-Ariston/addDocExample
  • Additional commits viewable in compare view

Updates xml2js from 0.4.23 to 0.5.0

Commits
  • 9f730bb Update package.json with latest PR
  • 50a492a Merge pull request #603 from autopulated/master
  • 7bc3c5d Merge pull request #598 from fnimick/master
  • f412a12 Merge pull request #635 from wisesimpson/patch-1
  • d318ce0 Update README.md
  • 581b19a use Object.create(null) to create all parsed objects (prevent prototype repla...
  • a212950 Add documentation for explicitCharkey option
  • 1832e0b Merge pull request #512 from economia/master
  • 198063c Merge pull request #556 from Omega-Ariston/fix-issue544
  • 0d71785 Merge pull request #562 from Omega-Ariston/addDocExample
  • Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

Updates js-yaml from 3.13.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

Removes tmp

Updates xmldom from 0.1.17 to 0.6.0

Release notes

Sourced from xmldom's releases.

0.6.0

0.6.0

Fixes

0.5.0

Fixes

  • Avoid misinterpretation of malicious XML input - GHSA-h6q6-9hqw-rwfv (CVE-2021-21366)

    • Improve error reporting; throw on duplicate attribute BREAKING CHANGE: It is currently not clear how to consistently deal with duplicate attributes, so it's also safer for our users to fail when detecting them. It's possible to configure the DOMParser.errorHandler before parsing, to handle those errors differently.

      To accomplish this and also be able to verify it in tests I needed to

      • create a new Error type ParseError and export it
      • Throw ParseError from errorHandler.fatalError and prevent those from being caught in XMLReader.
      • export DOMHandler constructor as __DOMHandler

    • Preserve quotes in DOCTYPE declaration Since the only purpose of parsing the DOCTYPE is to be able to restore it when serializing, we decided that it would be best to leave the parsed publicId and systemId as is, including any quotes. BREAKING CHANGE: If somebody relies on the actual unquoted values of those ids, they will need to take care of either single or double quotes and the right escaping. (Without this change this would not have been possible because the SAX parser already dropped the information about the quotes that have been used in the source.)

      https://www.w3.org/TR/2006/REC-xml11-20060816/#dtd https://www.w3.org/TR/2006/REC-xml11-20060816/#IDAX1KS (External Entity Declaration)

  • Fix breaking preprocessors' directives when parsing attributes [#171](https://github.com/xmldom/xmldom/issues/171)
  • fix(dom): Escape ]]&gt; when serializing CharData [#181](https://github.com/xmldom/xmldom/issues/181)
  • Switch to (only) MIT license (drop problematic LGPL license option) [#178](https://github.com/xmldom/xmldom/issues/178)
  • Export DOMException; remove custom assertions; etc. [#174](https://github.com/xmldom/xmldom/issues/174)

Docs

0.4.0

Fixes

Docs

... (truncated)

Changelog

Sourced from xmldom's changelog.

0.6.0

Commits

Fixes

0.5.0

Commits

Fixes

  • Avoid misinterpretation of malicious XML input - GHSA-h6q6-9hqw-rwfv (CVE-2021-21366)

    • Improve error reporting; throw on duplicate attribute
      BREAKING CHANGE: It is currently not clear how to consistently deal with duplicate attributes, so it's also safer for our users to fail when detecting them. It's possible to configure the DOMParser.errorHandler before parsing, to handle those errors differently.

      To accomplish this and also be able to verify it in tests I needed to

      • create a new Error type ParseError and export it
      • Throw ParseError from errorHandler.fatalError and prevent those from being caught in XMLReader.
      • export DOMHandler constructor as __DOMHandler

    • Preserve quotes in DOCTYPE declaration Since the only purpose of parsing the DOCTYPE is to be able to restore it when serializing, we decided that it would be best to leave the parsed publicId and systemId as is, including any quotes. BREAKING CHANGE: If somebody relies on the actual unquoted values of those ids, they will need to take care of either single or double quotes and the right escaping. (Without this change this would not have been possible because the SAX parser already dropped the information about the quotes that have been used in the source.)

      https://www.w3.org/TR/2006/REC-xml11-20060816/#dtd https://www.w3.org/TR/2006/REC-xml11-20060816/#IDAX1KS (External Entity Declaration)

  • Fix breaking preprocessors' directives when parsing attributes [#171](https://github.com/xmldom/xmldom/issues/171)

  • fix(dom): Escape ]]&gt; when serializing CharData [#181](https://github.com/xmldom/xmldom/issues/181)

  • Switch to (only) MIT license (drop problematic LGPL license option) [#178](https://github.com/xmldom/xmldom/issues/178)

  • Export DOMException; remove custom assertions; etc. [#174](https://github.com/xmldom/xmldom/issues/174)

Docs

0.4.0

Commits

Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by karfau, a new releaser for xmldom since your current version.


Updates lodash from 4.17.21 to 4.17.23

Commits

Updates js-yaml from 3.14.0 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

Updates lodash from 4.17.21 to 4.17.23

Commits

Updates js-yaml from 3.13.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

Updates @babel/traverse from 7.11.0 to 7.29.0

Release notes

Sourced from @​babel/traverse's releases.

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

  • babel-types
  • babel-standalone

🐛 Bug Fix

  • babel-parser
  • babel-traverse
    • #17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
  • babel-plugin-transform-block-scoping, babel-traverse
    • #17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

🏃‍♀️ Performance

Committers: 6

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

  • babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • babel-plugin-transform-regenerator
  • babel-plugin-transform-react-jsx

💅 Polish

  • babel-core, babel-standalone

🏠 Internal

  • babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/traverse since your current version.


Updates braces from 3.0.2 to 3.0.3

Commits

@dependabot
Bump the npm_and_yarn group across 6 directories with 12 updates
94065ea 
Bumps the npm_and_yarn group with 4 updates in the /utils/hsts-prune directory: [request](https://github.com/request/request), [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js), [json-schema](https://github.com/kriszyp/json-schema) and [lodash](https://github.com/lodash/lodash).
Bumps the npm_and_yarn group with 1 update in the /utils/trivialize-rules directory: [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js).
Bumps the npm_and_yarn group with 4 updates in the /utils/trivialize-cdn-rules directory: [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js), [lodash](https://github.com/lodash/lodash), [js-yaml](https://github.com/nodeca/js-yaml) and [tmp](https://github.com/raszi/node-tmp).
Bumps the npm_and_yarn group with 1 update in the /utils/rewriter directory: [xmldom](https://github.com/xmldom/xmldom).
Bumps the npm_and_yarn group with 2 updates in the /utils/eslint directory: [lodash](https://github.com/lodash/lodash) and [js-yaml](https://github.com/nodeca/js-yaml).
Bumps the npm_and_yarn group with 5 updates in the /chromium directory:

| Package | From | To |
| --- | --- | --- |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.11.0` | `7.29.0` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [json5](https://github.com/json5/json5) | `2.1.3` | `2.2.3` |



Updates `request` from 2.88.0 to 2.88.2
- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)
- [Commits](https://github.com/request/request/commits)

Updates `xml2js` from 0.4.19 to 0.5.0
- [Commits](Leonidas-from-XIV/node-xml2js@0.4.19...0.5.0)

Updates `json-schema` from 0.2.3 to 0.4.0
- [Commits](kriszyp/json-schema@v0.2.3...v0.4.0)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `tough-cookie` from 2.4.3 to 2.5.0
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v2.4.3...v2.5.0)

Updates `xml2js` from 0.4.19 to 0.5.0
- [Commits](Leonidas-from-XIV/node-xml2js@0.4.19...0.5.0)

Updates `xml2js` from 0.4.23 to 0.5.0
- [Commits](Leonidas-from-XIV/node-xml2js@0.4.19...0.5.0)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `js-yaml` from 3.13.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.13.1...3.14.2)

Removes `tmp`

Updates `xmldom` from 0.1.17 to 0.6.0
- [Release notes](https://github.com/xmldom/xmldom/releases)
- [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md)
- [Commits](https://github.com/xmldom/xmldom/commits/0.6.0)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `js-yaml` from 3.14.0 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.13.1...3.14.2)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `js-yaml` from 3.13.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.13.1...3.14.2)

Updates `@babel/traverse` from 7.11.0 to 7.29.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-traverse)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `json5` from 2.1.3 to 2.2.3
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.1.3...v2.2.3)

Updates `serialize-javascript` from 6.0.0 to 6.0.2
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2)

---
updated-dependencies:
- dependency-name: request
  dependency-version: 2.88.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: xml2js
  dependency-version: 0.5.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: json-schema
  dependency-version: 0.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-version: 2.5.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: xml2js
  dependency-version: 0.5.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: xml2js
  dependency-version: 0.5.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: xmldom
  dependency-version: 0.6.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-version: 7.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-version: 3.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: json5
  dependency-version: 2.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version: 6.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants