Bump the npm_and_yarn group across 1 directory with 11 updates #1

dependabot · 2025-07-25T10:06:07Z

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
@babel/traverse	`7.22.8`	`7.28.0`
braces	`3.0.2`	`3.0.3`
express	`4.18.2`	`4.21.2`
follow-redirects	`1.15.2`	`1.15.9`
http-proxy-middleware	`2.0.6`	`2.0.9`
webpack-dev-middleware	`5.3.3`	`5.3.4`
webpack	`5.88.2`	`5.100.2`

Updates @babel/traverse from 7.22.8 to 7.28.0

Release notes

Sourced from @babel/traverse's releases.

v7.28.0 (2025-07-02)

🚀 New Feature

babel-node

#17147 Support top level await in node repl (@liuxingbaoyu)

babel-types

#17258 feat(matchesPattern): support super/private/meta (@JLHwung)

babel-compat-data, babel-preset-env

#17355 Add explicit resource management to preset-env (@JLHwung)

babel-core, babel-parser

#17390 Support sourceType: "commonjs" (@JLHwung)

babel-generator, babel-parser

#17346 Materialize explicitResourceManagement parser plugin (@JLHwung)

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types

#17391 LVal coverage updates (Part 2) (@JLHwung)

babel-parser, babel-traverse, babel-types

#17378 Accept bigints in t.bigIntLiteral factory (@JLHwung)

babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types

#17277 Transform discard binding (@JLHwung)

babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types

#17163 Parse discard binding (@JLHwung)

🐛 Bug Fix

babel-helper-globals, babel-plugin-transform-classes, babel-traverse

#17297 Create babel-helper-globals (@JLHwung)

babel-types

#17009 feature: TSTypeOperator: keyof (#16799) (@coderaiser)

🏠 Internal

babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3

#17403 Update babel-polyfill packages (@nicolo-ribaudo)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

coderaiser (@coderaiser)

v7.27.7 (2025-06-26)

Thanks @arthur-mountain and @evankanderson for your first PRs!

👓 Spec Compliance

babel-parser, babel-plugin-transform-classes

#17203 Interepret parser allow* options as top level only (@JLHwung)

babel-parser

#17371 fix: disable using in ambient context (@JLHwung)

🐛 Bug Fix

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.28.0 (2025-07-02)

🚀 New Feature

babel-node

#17147 Support top level await in node repl (@liuxingbaoyu)

babel-types

#17258 feat(matchesPattern): support super/private/meta (@JLHwung)

babel-compat-data, babel-preset-env

#17355 Add explicit resource management to preset-env (@JLHwung)

babel-core, babel-parser

#17390 Support sourceType: "commonjs" (@JLHwung)

babel-generator, babel-parser

#17346 Materialize explicitResourceManagement parser plugin (@JLHwung)

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types

#17391 LVal coverage updates (Part 2) (@JLHwung)

babel-parser, babel-traverse, babel-types

#17378 Accept bigints in t.bigIntLiteral factory (@JLHwung)

babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types

#17277 Transform discard binding (@JLHwung)

babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types

#17163 Parse discard binding (@JLHwung)

🐛 Bug Fix

babel-helper-globals, babel-plugin-transform-classes, babel-traverse

#17297 Create babel-helper-globals (@JLHwung)

babel-types

#17009 feature: TSTypeOperator: keyof (#16799) (@coderaiser)

🏠 Internal

babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3

#17403 Update babel-polyfill packages (@nicolo-ribaudo)

v7.27.7 (2025-06-26)

👓 Spec Compliance

babel-parser, babel-plugin-transform-classes

#17203 Interepret parser allow* options as top level only (@JLHwung)

babel-parser

#17371 fix: disable using in ambient context (@JLHwung)

🐛 Bug Fix

babel-core

#17392 Improve TS babel config loading (@JLHwung)

babel-types

#17376 fix: support negative bigint in valueToNode (@JLHwung)

babel-plugin-transform-parameters

#17352 fix: Params of async function* should throw synchronously (@liuxingbaoyu)

🏠 Internal

babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread

#17389 Use NodePath#splitExportDeclaration in destructuring transforms (@JLHwung)

... (truncated)

Commits

ccc5fae v7.28.0
4b4e7e2 Create babel-helper-globals (#17297)
cf5ae03 LVal coverage updates (Part 2) (#17391)
6ca9df4 Accept bigints in t.bigIntLiteral factory (#17378)
75f0140 Parse discard binding (#17163)
4ce7dfd v7.27.7
6c8faf1 add generateUidBasedOnNode test cases (#17381)
f68ac51 chore: Avoid CITGM errors (#17382)
7d06930 v7.27.4
05f28c8 [Babel 8] Change scope.{references,uids} to Set (#16624)
Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

1faf228 4.21.2
2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
59fc270 deps: path-to-regexp@0.1.11 (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates follow-redirects from 1.15.2 to 1.15.9

Commits

e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
458ca8e Fix native URL test for Node 20.
ca49e44 Handle KeepAlive connections in tests.
f3711d7 Test on Node 20 and 22.
fda0faf Fix typo.
760757f Release version 1.15.7 of the npm package.
Additional commits viewable in compare view

Updates http-proxy-middleware from 2.0.6 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

fix(fixRequestBody): check readableLength by @chimurai in chimurai/http-proxy-middleware#1097

chore(package): v2.0.9 by @chimurai in chimurai/http-proxy-middleware#1099

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

fix(fixRequestBody): prevent multiple .write() calls by @chimurai in chimurai/http-proxy-middleware#1090

fix(fixRequestBody): handle invalid request by @chimurai in chimurai/http-proxy-middleware#1091

chore(package): v2.0.8 by @chimurai in chimurai/http-proxy-middleware#1094

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

v2.0.7

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7

v2.0.7-beta.1

Full Changelog: chimurai/http-proxy-middleware@v2.0.7-beta.0...v2.0.7-beta.1

v2.0.7-beta.0

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7-beta.0

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

fix(fixRequestBody): check readableLength

v2.0.8

fix(fixRequestBody): prevent multiple .write() calls

fix(fixRequestBody): handle invalid request

v2.0.7

ci(github actions): add publish.yml

fix(filter): handle errors

Commits

617a7c9 chore(package): v2.0.9 (#1099)
d22d587 fix(fixRequestBody): check readableLength (#1097)
d03d51b chore(package): v2.0.8 (#1094)
c50dd06 fix(fixRequestBody): handle invalid request (#1091)
76a9d8d fix(fixRequestBody): prevent multiple .write() calls (#1090)
1e92339 ci(github-actions): fix npm tag
90afb7c chore(package): v2.0.7
0b4274e fix(filter): handle errors
1bd6dd5 ci(github actions): add publish.yml
See full diff in compare view

Updates rollup from 3.27.2 to 3.29.5

Release notes

Sourced from rollup's releases.

v3.29.5

3.29.5

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5671: Fix DOM Clobbering CVE (@lukastaegert)

Changelog

Sourced from rollup's changelog.

3.29.5

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5671: Fix DOM Clobbering CVE (@lukastaegert)

4.22.4

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5670: refactor: Use object.prototype to check for reserved properties (@YuHyeonWook)

#5671: Fix DOM Clobbering CVE (@lukastaegert)

4.22.3

2024-09-21

Bug Fixes

Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

#5669: Ensure impure dependencies of pure modules are added (@lukastaegert)

4.22.2

2024-09-20

Bug Fixes

Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

#5667: Partially revert #5658 and re-apply #5644 (@lukastaegert)

4.22.1

... (truncated)

Commits

dfd233d 3.29.5
2ef77c0 Fix DOM Clobbering CVE
a6448b9 3.29.4
4e92d60 Deoptimize all parameters when losing track of a function (#5158)
801ffd1 3.29.3
353e462 Fully deoptimize first level path when deoptimizing nested parameter paths (#...
a1a89e7 chore(deps): update dependency @vue/eslint-config-typescript to v12 (#5148)
cc14f70 chore(deps): lock file maintenance minor/patch updates (#5149)
1e8355b docs: improve the docs repl appearance in the light mode (#5145)
5950fc8 Adapt branches in REPL workflow
Additional commits viewable in compare view

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

@UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

Remove link renderization in html while redirecting

Commits

9d2db99 0.19.0
ae4f298 Merge commit from fork
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serialize-javascript from 4.0.0 to 6.0.1

Release notes

Sourced from serialize-javascript's releases.

v6.0.1

What's Changed

Bump mocha from 9.0.1 to 9.0.2 by @dependabot in yahoo/serialize-javascript#126

Bump mocha from 9.0.2 to 9.0.3 by @dependabot in yahoo/serialize-javascript#127

Bump path-parse from 1.0.6 to 1.0.7 by @dependabot in yahoo/serialize-javascript#129

Bump mocha from 9.0.3 to 9.1.0 by @dependabot in yahoo/serialize-javascript#130

Bump mocha from 9.1.0 to 9.1.1 by @dependabot in yahoo/serialize-javascript#131

Bump mocha from 9.1.1 to 9.1.2 by @dependabot in yahoo/serialize-javascript#132

Bump mocha from 9.1.2 to 9.1.3 by @dependabot in yahoo/serialize-javascript#133

Bump mocha from 9.1.3 to 9.1.4 by @dependabot in yahoo/serialize-javascript#137

Bump mocha from 9.1.4 to 9.2.0 by @dependabot in yahoo/serialize-javascript#138

Bump chai from 4.3.4 to 4.3.6 by @dependabot in yahoo/serialize-javascript#140

Bump ansi-regex from 5.0.0 to 5.0.1 by @dependabot in yahoo/serialize-javascript#141

Bump mocha from 9.2.0 to 9.2.2 by @dependabot in yahoo/serialize-javascript#143

Bump minimist from 1.2.5 to 1.2.6 by @dependabot in yahoo/serialize-javascript#144

Bump mocha from 9.2.2 to 10.0.0 by @dependabot in yahoo/serialize-javascript#145

Bump mocha from 10.0.0 to 10.1.0 by @dependabot in yahoo/serialize-javascript#149

Bump chai from 4.3.6 to 4.3.7 by @dependabot in yahoo/serialize-javascript#150

ci: test.yml - actions bump by @piwysocki in yahoo/serialize-javascript#151

Bump minimatch from 3.0.4 to 3.1.2 by @dependabot in yahoo/serialize-javascript#152

Bump mocha from 10.1.0 to 10.2.0 by @dependabot in yahoo/serialize-javascript#153

Bump json5 from 2.1.3 to 2.2.3 by @dependabot in yahoo/serialize-javascript#155

Fix serialization issue for 0n. by @momocow in yahoo/serialize-javascript#156

Release v6.0.1 by @okuryu in yahoo/serialize-javascript#157

New Contributors

@piwysocki made their first contribution in yahoo/serialize-javascript#151

@momocow made their first contribution in yahoo/serialize-javascript#156

Full Changelog: yahoo/serialize-javascript@v6.0.0...v6.0.1

v6.0.0

Changelog

Add support for URL's (#123)

Bump mocha from 9.0.0 to 9.0.1 (#124)

Bump mocha from 8.4.0 to 9.0.0 (#121)

Update Node.js CI matrix (#122)

Bump mocha from 8.3.2 to 8.4.0 (#120)

Bump lodash from 4.17.19 to 4.17.21 (#119)

Bump y18n from 4.0.0 to 4.0.1 (#116)

Bump chai from 4.3.3 to 4.3.4 (#115)

Bump mocha from 8.3.1 to 8.3.2 (#114)

Bump mocha from 8.3.0 to 8.3.1 (#113)

Bump chai from 4.3.1 to 4.3.3 (#112)

Bump chai from 4.2.0 to 4.3.1 (#111)

Bump mocha from 8.2.1 to 8.3.0 (#109)

Bump mocha from 8.1.3 to 8.2.1 (#105)

Drop Travis CI settings (#100)

Change default branch name to main (#99)

GitHub Aactions (#98)

... (truncated)

Commits

7139f92 Release v6.0.1 (#157)
7e23ae8 Fix serialization issue for 0n. (#156)
343abd9 Bump json5 from 2.1.3 to 2.2.3 (#155)
38d0e70 Bump mocha from 10.1.0 to 10.2.0 (#153)
a472d9d Bump minimatch from 3.0.4 to 3.1.2 (#152)
d9ad87c ci: bump GitHub Actions
07e8205 Bump chai from 4.3.6 to 4.3.7 (#150)
0cbf6ae Bump mocha from 10.0.0 to 10.1.0 (#149)
c68e16a Bump mocha from 9.2.2 to 10.0.0 (#145)
8097fe2 Bump minimist from 1.2.5 to 1.2.6 (#144)
Additional commits viewable in compare view

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

v1.16.2

What's Changed

encodeurl@~2.0.0 by @wesleytodd in expressjs/serve-static#180

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

bump send to 0.19 by @tommasini in expressjs/serve-static#176

New Contributors

@tommasini made their first contribution in expressjs/serve-static#176

Full Changelog: expressjs/serve-static@1.16.0...v1.16.1

1.16.0

What's Changed

Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

@UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

deps: send@0.19.0

1.16.0 / 2024-09-10

Remove link renderization in html while redirecting

Commits

ec9c5ec 1.16.2
f454d37 fix(deps): encodeurl@~2.0.0
77a8255 1.16.1
4263f49 fix(deps): send@0.19.0
48c7397 1.16.0
0c11fad Merge commit from fork
See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates webpack-dev-middleware from 5.3.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1779) (189c4ac)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1779) (189c4ac)

Commits

86071ea chore(release): 5.3.4
189c4ac fix(security): do not allow to read files above (#1779)
See full diff in compare view

Updates webpack from 5.88.2 to 5.100.2

Release notes

Sourced from webpack's releases.

v5.100.2

Fixes

Keep consistent CSS order

Dependency without the source order attribute must keep their original index

Keep module traversal consistent across reexport scenarios

Performance Improvements

Extend importPhasesPlugin only when enable deferImport (#19689)

v5.100.1

Fixes

Tree-shaking unused ignored modules

[Types] Compatibility with old Node.js versions

v5.100.0

Fixes

Fixed the case where an ES modules entry chunk depends on the runtime chunk hash

Handle function exports in webpack module wrapper

Ensure dependent chunks are imported before startup & fix duplicate export of 'default'

Generate lose closing brace when exports are unprovided

CleanPlugin doesn't unlink same file twice

Fixed unexpected error codes from fs.unlink on Windows

Typescript types

Features

HMR support for ES modules output

ES module output mode now fully supports splitChunks when external variables and runtimeChunk are not set.

Added support using keyword

Implemented tc39 Defer Module Evaluation (experiment)

Support dynamic template literals expressions for new URL(...)

Enable ES modules worker chunk loading for Node.js targets

Improved support for destructing in DefinePlugin

Added VirtualUrlPlugin to support virtual: scheme

Performance Improvements

Remove useless startup entrypoint runtime for ES modules output

Cache new URL(...) evaluate expression

v5.99.9

Fixes

HMR might fail if there are new initial chunks

Destructuring namespace import with default

Destructuring namespace import with computed-property

... (truncated)

Commits

21fcdbb chore(release): 5.100.2
2c8d1f1 chore(deps): bump the dependencies group with 2 updates (#19701)
89eb6a3 fix: keep module traversal consistent across reexport scenarios (#19702)
fdb0c4e fix: dependency without the sourceOrder attribute must keep their original in...
d76af00 fix: types (#19699)
503ed53 docs: update examples (#19694)
e251891 refactor: import dependency generation for defer module with async dependenci...
9eb9642 perf: extend importPhasesPlugin only when enable deferImport (#19689)
0a98446 fix: keep consistent css order (#19686)
6de2dfd fix(test): TestRunner avoids using jest mock's require (#19685)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alte...

Description has been truncated

Bumps the npm_and_yarn group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.22.8` | `7.28.0` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.9` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` | | [webpack](https://github.com/webpack/webpack) | `5.88.2` | `5.100.2` | Updates `@babel/traverse` from 7.22.8 to 7.28.0 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.0/packages/babel-traverse) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `follow-redirects` from 1.15.2 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9) Updates `http-proxy-middleware` from 2.0.6 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.9) Updates `rollup` from 3.27.2 to 3.29.5 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v3.27.2...v3.29.5) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serialize-javascript` from 4.0.0 to 6.0.1 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v4.0.0...v6.0.1) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) Updates `webpack` from 5.88.2 to 5.100.2 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.88.2...v5.100.2) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-version: 7.28.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 3.29.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-version: 5.3.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.100.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-09-10T04:07:48Z

Superseded by #2.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 25, 2025

dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-8f7da12415 branch from 5d7d239 to a96f5f5 Compare July 25, 2025 10:06

dependabot bot closed this Sep 10, 2025

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-8f7da12415 branch September 10, 2025 04:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 1 directory with 11 updates #1

Bump the npm_and_yarn group across 1 directory with 11 updates #1

Uh oh!

dependabot bot commented on behalf of github Jul 25, 2025

Uh oh!

dependabot bot commented on behalf of github Sep 10, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the npm_and_yarn group across 1 directory with 11 updates #1

Bump the npm_and_yarn group across 1 directory with 11 updates #1

Uh oh!

Conversation

dependabot bot commented on behalf of github Jul 25, 2025

v7.28.0 (2025-07-02)

🚀 New Feature

🐛 Bug Fix

🏠 Internal

Committers: 5

v7.27.7 (2025-06-26)

👓 Spec Compliance

🐛 Bug Fix

v7.28.0 (2025-07-02)

🚀 New Feature

🐛 Bug Fix

🏠 Internal

v7.27.7 (2025-06-26)

👓 Spec Compliance

🐛 Bug Fix

🏠 Internal

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

v2.0.9

What's Changed

v2.0.8

What's Changed

v2.0.7

v2.0.7-beta.1

v2.0.7-beta.0

v2.0.9

v2.0.8

v2.0.7

v3.29.5

3.29.5

Bug Fixes

Pull Requests

3.29.5

Bug Fixes

Pull Requests

4.22.4

Bug Fixes

Pull Requests

4.22.3

Bug Fixes

Pull Requests

4.22.2

Bug Fixes

Pull Requests

4.22.1

0.19.0

What's Changed

New Contributors

0.19.0 / 2024-09-10

v6.0.1

What's Changed

New Contributors

v6.0.0

v1.16.2

What's Changed

v1.16.1

What's Changed

New Contributors

1.16.0

What's Changed