Skip to content

chore(deps): Bump the npm_and_yarn group with 5 updates#339

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-21aa38babd
Open

chore(deps): Bump the npm_and_yarn group with 5 updates#339
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-21aa38babd

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 3, 2025

Bumps the npm_and_yarn group with 6 updates:

Package From To
cookie 0.5.0 0.7.2
wrangler 3.114.4 3.114.9
esbuild 0.17.19 0.25.5
vite 4.5.12 6.3.5
wrangler 3.114.9 4.18.0
tar-fs 2.1.2 2.1.3

Updates cookie from 0.5.0 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

  • Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

  • Allow leading dot for domain (#174)
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

  • Add partitioned option
Commits
Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.


Updates wrangler from 3.114.4 to 3.114.9

Release notes

Sourced from wrangler's releases.

wrangler@3.114.9

Patch Changes

wrangler@3.114.8

Patch Changes

  • #9086 a2a56c8 Thanks @​petebacondarwin! - Do not include .wrangler and Wrangler config files in additional modules

    Previously, if you added modules rules such as **/*.js or **/*.json, specified no_bundle: true, and the entry-point to the Worker was in the project root directory, Wrangler could include files that were not intended, such as .wrangler/tmp/xxx.js or the Wrangler config file itself. Now these files are automatically skipped when trying to find additional modules by searching the file tree.

  • #9037 d0d0025 Thanks @​CarmenPopoviciu! - fix: When generating Env types, set type of version metadata binding to WorkerVersionMetadata. This means it now correctly includes the timestamp field.

  • #9093 2f2f7ba Thanks @​CarmenPopoviciu! - fix: Validate input file for Vectorize inserts

  • Updated dependencies [fc04292, a01adca]:

    • miniflare@3.20250408.1

wrangler@3.114.7

Patch Changes

  • #8955 b7eba92 Thanks @​workers-devprod! - When Wrangler encounters an error, if the Bun runtime is detected it will now warn users that Wrangler does not officially support Bun.

  • #8928 8bcb257 Thanks @​dario-piotrowicz! - fix redirected config env validation breaking wrangler pages commands

    a validation check has recently been introduced to make wrangler error on

... (truncated)

Changelog

Sourced from wrangler's changelog.

3.114.9

Patch Changes

3.114.8

Patch Changes

  • #9086 a2a56c8 Thanks @​petebacondarwin! - Do not include .wrangler and Wrangler config files in additional modules

    Previously, if you added modules rules such as **/*.js or **/*.json, specified no_bundle: true, and the entry-point to the Worker was in the project root directory, Wrangler could include files that were not intended, such as .wrangler/tmp/xxx.js or the Wrangler config file itself. Now these files are automatically skipped when trying to find additional modules by searching the file tree.

  • #9037 d0d0025 Thanks @​CarmenPopoviciu! - fix: When generating Env types, set type of version metadata binding to WorkerVersionMetadata. This means it now correctly includes the timestamp field.

  • #9093 2f2f7ba Thanks @​CarmenPopoviciu! - fix: Validate input file for Vectorize inserts

  • Updated dependencies [fc04292, a01adca]:

    • miniflare@3.20250408.1

3.114.7

Patch Changes

  • #8955 b7eba92 Thanks @​workers-devprod! - When Wrangler encounters an error, if the Bun runtime is detected it will now warn users that Wrangler does not officially support Bun.

... (truncated)

Commits
  • 3da4504 Version Packages (#9164)
  • 2c3d8dd V3 Backport #9234: add no-op to getPlatformProxy to fix types mismatch (#9...
  • 8b4f24a V3 Backport #9266: fix: setting triggers.crons:[] in Wrangler config should...
  • b742171 V3 Backport #9257: Revert R2 bucket validation for commands (#9259)
  • b2b5ee8 V3 Backport #9246: fix: strips CF-Connecting-IP header within Wrangler (#9250)
  • 9d4ff5b V3 Backport #7423: Clarify custom build logging (#8957)
  • 7a57c14 V3 Backport (fix(wrangler): strip CF-Connecting-IP header from all outbound r...
  • 4e943b1 [v3] fix(r2): validate bucket names (#9172)
  • 9b4c91d V3 Backport #9161: Fix d1 info command showing read_replication: [object Ob...
  • c535845 fix: remove outdated js-doc comment for unstable_startDevWorker's `entrypoi...
  • Additional commits viewable in compare view

Updates esbuild from 0.17.19 to 0.25.5

Release notes

Sourced from esbuild's releases.

v0.25.5

  • Fix a regression with browser in package.json (#4187)

    The fix to #4144 in version 0.25.3 introduced a regression that caused browser overrides specified in package.json to fail to override relative path names that end in a trailing slash. That behavior change affected the axios@0.30.0 package. This regression has been fixed, and now has test coverage.

  • Add support for certain keywords as TypeScript tuple labels (#4192)

    Previously esbuild could incorrectly fail to parse certain keywords as TypeScript tuple labels that are parsed by the official TypeScript compiler if they were followed by a ? modifier. These labels included function, import, infer, new, readonly, and typeof. With this release, these keywords will now be parsed correctly. Here's an example of some affected code:

    type Foo = [
  value: any,
  readonly?: boolean, // This is now parsed correctly
]

  • Add CSS prefixes for the stretch sizing value (#4184)

    This release adds support for prefixing CSS declarations such as div { width: stretch }. That CSS is now transformed into this depending on what the --target= setting includes:

    div {
  width: -webkit-fill-available;
  width: -moz-available;
  width: stretch;
}

v0.25.4

  • Add simple support for CORS to esbuild's development server (#4125)

    Starting with version 0.25.0, esbuild's development server is no longer configured to serve cross-origin requests. This was a deliberate change to prevent any website you visit from accessing your running esbuild development server. However, this change prevented (by design) certain use cases such as "debugging in production" by having your production website load code from localhost where the esbuild development server is running.

    To enable this use case, esbuild is adding a feature to allow Cross-Origin Resource Sharing (a.k.a. CORS) for simple requests. Specifically, passing your origin to the new cors option will now set the Access-Control-Allow-Origin response header when the request has a matching Origin header. Note that this currently only works for requests that don't send a preflight OPTIONS request, as esbuild's development server doesn't currently support OPTIONS requests.

    Some examples:

    • CLI:

      esbuild --servedir=. --cors-origin=https://example.com

    • JS:

      const ctx = await esbuild.context({})
await ctx.serve({
  servedir: '.',
  cors: {

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

  • Fix TypeScript-specific class transform edge case (#3559)

    The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

    // Original code
class Foo extends Bar {
  #private = 1;
  public: any;
  constructor() {
    super();
  }
}
// Old output (with esbuild v0.19.9)
class Foo extends Bar {
constructor() {
super();
this.#private = 1;
}
#private;
}
// Old output (with esbuild v0.19.10)
class Foo extends Bar {
constructor() {
this.#private = 1;
super();
}
#private;
}
// New output
class Foo extends Bar {
#private = 1;
constructor() {
super();
}
}

  • Minifier: allow reording a primitive past a side-effect (#3568)

    The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

Updates vite from 4.5.12 to 6.3.5

Release notes

Sourced from vite's releases.

v6.3.5

Please refer to CHANGELOG.md for details.

v6.3.4

Please refer to CHANGELOG.md for details.

v6.3.3

Please refer to CHANGELOG.md for details.

v6.3.2

Please refer to CHANGELOG.md for details.

create-vite@6.3.1

Please refer to CHANGELOG.md for details.

v6.3.1

Please refer to CHANGELOG.md for details.

create-vite@6.3.0

Please refer to CHANGELOG.md for details.

v6.3.0

Please refer to CHANGELOG.md for details.

v6.3.0-beta.2

Please refer to CHANGELOG.md for details.

v6.3.0-beta.1

Please refer to CHANGELOG.md for details.

v6.3.0-beta.0

Please refer to CHANGELOG.md for details.

v6.2.7

Please refer to CHANGELOG.md for details.

v6.2.6

Please refer to CHANGELOG.md for details.

v6.2.5

Please refer to CHANGELOG.md for details.

v6.2.4

Please refer to CHANGELOG.md for details.

v6.2.3

Please refer to CHANGELOG.md for details.

v6.2.2

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.3.5 (2025-05-05)

6.3.4 (2025-04-30)

  • fix: check static serve file inside sirv (#19965) (c22c43d), closes #19965
  • fix(optimizer): return plain object when using require to import externals in optimized dependenci (efc5eab), closes #19940
  • refactor: remove duplicate plugin context type (#19935) (d6d01c2), closes #19935

6.3.3 (2025-04-24)

  • fix: ignore malformed uris in tranform middleware (#19853) (e4d5201), closes #19853
  • fix(assets): ensure ?no-inline is not included in the asset url in the production environment (#1949 (16a73c0), closes #19496
  • fix(css): resolve relative imports in sass properly on Windows (#19920) (ffab442), closes #19920
  • fix(deps): update all non-major dependencies (#19899) (a4b500e), closes #19899
  • fix(ssr): fix execution order of re-export (#19841) (ed29dee), closes #19841
  • fix(ssr): fix live binding of default export declaration and hoist exports getter (#19842) (80a91ff), closes #19842
  • perf: skip sourcemap generation for renderChunk hook of import-analysis-build plugin (#19921) (55cfd04), closes #19921
  • test(ssr): test ssrTransform re-export deps and test stacktrace with first line (#19629) (9399cda), closes #19629

6.3.2 (2025-04-18)

6.3.1 (2025-04-17)

6.3.0 (2025-04-16)

... (truncated)

Commits
  • 84e4647 release: v6.3.5
  • fd38d07 fix(ssr): handle uninitialized export access as undefined (#19959)
  • b040d54 release: v6.3.4
  • c22c43d fix: check static serve file inside sirv (#19965)
  • efc5eab fix(optimizer): return plain object when using require to import externals ...
  • d6d01c2 refactor: remove duplicate plugin context type (#19935)
  • db9eb97 release: v6.3.3
  • e4d5201 fix: ignore malformed uris in tranform middleware (#19853)
  • 55cfd04 perf: skip sourcemap generation for renderChunk hook of import-analysis-build...
  • ffab442 fix(css): resolve relative imports in sass properly on Windows (#19920)
  • Additional commits viewable in compare view

Updates wrangler from 3.114.9 to 4.18.0

Release notes

Sourced from wrangler's releases.

wrangler@3.114.9

Patch Changes

wrangler@3.114.8

Patch Changes

  • #9086 a2a56c8 Thanks @​petebacondarwin! - Do not include .wrangler and Wrangler config files in additional modules

    Previously, if you added modules rules such as **/*.js or **/*.json, specified no_bundle: true, and the entry-point to the Worker was in the project root directory, Wrangler could include files that were not intended, such as .wrangler/tmp/xxx.js or the Wrangler config file itself. Now these files are automatically skipped when trying to find additional modules by searching the file tree.

  • #9037 d0d0025 Thanks @​CarmenPopoviciu! - fix: When generating Env types, set type of version metadata binding to WorkerVersionMetadata. This means it now correctly includes the timestamp field.

  • #9093 2f2f7ba Thanks @​CarmenPopoviciu! - fix: Validate input file for Vectorize inserts

  • Updated dependencies [fc04292, a01adca]:

    • miniflare@3.20250408.1

wrangler@3.114.7

Patch Changes

  • #8955 b7eba92 Thanks @​workers-devprod! - When Wrangler encounters an error, if the Bun runtime is detected it will now warn users that Wrangler does not officially support Bun.

  • #8928 8bcb257 Thanks @​dario-piotrowicz! - fix redirected config env validation breaking wrangler pages commands

    a validation check has recently been introduced to make wrangler error on

... (truncated)

Changelog

Sourced from wrangler's changelog.

3.114.9

Patch Changes

3.114.8

Patch Changes

  • #9086 a2a56c8 Thanks @​petebacondarwin! - Do not include .wrangler and Wrangler config files in additional modules

    Previously, if you added modules rules such as **/*.js or **/*.json, specified no_bundle: true, and the entry-point to the Worker was in the project root directory, Wrangler could include files that were not intended, such as .wrangler/tmp/xxx.js or the Wrangler config file itself. Now these files are automatically skipped when trying to find additional modules by searching the file tree.

  • #9037 d0d0025 Thanks @​CarmenPopoviciu! - fix: When generating Env types, set type of version metadata binding to WorkerVersionMetadata. This means it now correctly includes the timestamp field.

  • #9093 2f2f7ba Thanks @​CarmenPopoviciu! - fix: Validate input file for Vectorize inserts

  • Updated dependencies [fc04292, a01adca]:

    • miniflare@3.20250408.1

3.114.7

Patch Changes

  • #8955 b7eba92 Thanks @​workers-devprod! - When Wrangler encounters an error, if the Bun runtime is detected it will now warn users that Wrangler does not officially support Bun.

... (truncated)

Commits
  • 3da4504 Version Packages (#9164)
  • 2c3d8dd V3 Backport #9234: add no-op to getPlatformProxy to fix types mismatch (#9...
  • 8b4f24a V3 Backport #9266: fix: setting triggers.crons:[] in Wrangler config should...
  • b742171 V3 Backport #9257: Revert R2 bucket validation for commands (#9259)
  • b2b5ee8 V3 Backport #9246: fix: strips CF-Connecting-IP header within Wrangler (#9250)
  • 9d4ff5b V3 Backport #7423: Clarify custom build logging (#8957)
  • 7a57c14 V3 Backport (fix(wrangler): strip CF-Connecting-IP header from all outbound r...
  • 4e943b1 [v3] fix(r2): validate bucket names (#9172)
  • 9b4c91d V3 Backport #9161: Fix d1 info command showing read_replication: [object Ob...
  • c535845 fix: remove outdated js-doc comment for unstable_startDevWorker's `entrypoi...
  • Additional commits viewable in compare view

Updates tar-fs from 2.1.2 to 2.1.3

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot com...

Description has been truncated

@dependabot
chore(deps): Bump the npm_and_yarn group with 5 updates
a9453ee 
Bumps the npm_and_yarn group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [cookie](https://github.com/jshttp/cookie) | `0.5.0` | `0.7.2` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `3.114.4` | `3.114.9` |
| [esbuild](https://github.com/evanw/esbuild) | `0.17.19` | `0.25.5` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.5.12` | `6.3.5` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `3.114.9` | `4.18.0` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.2` | `2.1.3` |


Updates `cookie` from 0.5.0 to 0.7.2
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.5.0...v0.7.2)

Updates `wrangler` from 3.114.4 to 3.114.9
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/wrangler@3.114.9/packages/wrangler/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@3.114.9/packages/wrangler)

Updates `esbuild` from 0.17.19 to 0.25.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md)
- [Commits](evanw/esbuild@v0.17.19...v0.25.5)

Updates `vite` from 4.5.12 to 6.3.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.3.5/packages/vite)

Updates `wrangler` from 3.114.9 to 4.18.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/wrangler@3.114.9/packages/wrangler/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@3.114.9/packages/wrangler)

Updates `tar-fs` from 2.1.2 to 2.1.3
- [Commits](https://github.com/mafintosh/tar-fs/commits)

---
updated-dependencies:
- dependency-name: cookie
  dependency-version: 0.7.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: wrangler
  dependency-version: 3.114.9
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.25.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.3.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: wrangler
  dependency-version: 4.18.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Updates to dependency files javascript Updates to Javascript code labels Jun 3, 2025
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jun 3, 2025

Deploying transcript-fish with  Cloudflare Pages  Cloudflare Pages

Latest commit: a9453ee
Status: ✅  Deploy successful!
Preview URL: https://0703afc4.transcript-fish.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-npm.transcript-fish.pages.dev

View logs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Updates to dependency files javascript Updates to Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants