chore(deps-dev): bump the development-dependencies group across 1 directory with 2 updates

[dependabot]

Bumps the development-dependencies group with 2 updates in the / directory: esbuild and semver.

Updates esbuild from 0.27.2 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

• Preserve URL fragments in data URLs (#4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.3

• Preserve URL fragments in data URLs (#4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

... (truncated)

Commits

• 9129e00 publish 0.27.3 to npm
• e20e411 small fix to release notes
• 0dc0f2d fix #4322: parse and print CSS @scope rules
• 55fe391 update firefox css gradient support
• 2c35297 update gradient lowering transform
• 9209e44 Update Go to 1.25.7 (#4388)
• e8d861b close #4374: compat table for the using feature
• 19b8887 no longer need williamkapke/node-compat-table
• 7e44218 the kangax/compat-table repo moved to a new url
• 23b9338 run make update-compat-table
• Additional commits viewable in compare view

Updates semver from 7.7.3 to 7.7.4

Release notes

Sourced from semver's releases.

v7.7.4

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

Changelog

Sourced from semver's changelog.

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

Commits

• 5993c2e chore: release 7.7.4 (#839)
• 120968b deps: @​npmcli/template-oss@​4.29.0 (#840)
• a29faa5 fix(cli): pass options to semver.valid() for loose version validation (#835)
• 1d28d5e docs: fix typos and update -n CLI option documentation (#836)
• 5816d4c chore: bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829)
• ab9e28a chore: bump @​npmcli/template-oss from 4.27.1 to 4.28.0 (#827)
• 44d7130 chore: bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824)
• 7073576 chore: reorder parameters in invalid-versions.js test (#820)
• 16a35f5 chore: bump @​npmcli/template-oss from 4.26.0 to 4.27.1 (#823)
• 3a3459d chore: bump @​npmcli/template-oss from 4.25.1 to 4.26.0 (#818)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[netlify]

✅ Deploy Preview for pepr-docs ready!

Name	Link
🔨 Latest commit	2f6711b
🔍 Latest deploy log	https://app.netlify.com/projects/pepr-docs/deploys/698e6f62c4af5100081f4014
😎 Deploy Preview	https://deploy-preview-208--pepr-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 90 (🟢 up 17 from production) Accessibility: 100 (no change from production) Best Practices: 83 (no change from production) SEO: 100 (no change from production) PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.