Bump the npm_and_yarn group across 1 directory with 7 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: next, @babel/runtime, cross-spawn and katex.

Updates next from 14.2.5 to 14.2.26

Commits

• 10a042c v14.2.26
• 8a511d6 Match subrequest handling for edge and node (#77476)
• d36a1f3 v14.2.25
• 5fd3ae8 [backport] Update middleware request header (#77202)
• 756be15 v14.2.24
• ba6453d fix corepack keys
• c482c20 [backport v14] fix: ensure lint worker errors aren't silenced (#75766) (#75779)
• 5791cb6 [Backport v14] add additional x-middleware-set-cookie filtering (#75561) (#75...
• 8129a61 test: fix eslint plugin test (#75687)
• f27ce02 v14.2.23
• Additional commits viewable in compare view

Updates esbuild from 0.23.0 to 0.23.1

Release notes

Sourced from esbuild's releases.

v0.23.1

• Allow using the node: import prefix with es* targets (#3821)

  The node: prefix on imports is an alternate way to import built-in node modules. For example, import fs from "fs" can also be written import fs from "node:fs". This only works with certain newer versions of node, so esbuild removes it when you target older versions of node such as with --target=node14 so that your code still works. With the way esbuild's platform-specific feature compatibility table works, this was added by saying that only newer versions of node support this feature. However, that means that a target such as --target=node18,es2022 removes the node: prefix because none of the es* targets are known to support this feature. This release adds the support for the node: flag to esbuild's internal compatibility table for es* to allow you to use compound targets like this:

  // Original code
  import fs from 'node:fs'
  fs.open
  // Old output (with --bundle --format=esm --platform=node --target=node18,es2022)
  import fs from "fs";
  fs.open;
  // New output (with --bundle --format=esm --platform=node --target=node18,es2022)
  import fs from "node:fs";
  fs.open;

• Fix a panic when using the CLI with invalid build flags if --analyze is present (#3834)

  Previously esbuild's CLI could crash if it was invoked with flags that aren't valid for a "build" API call and the --analyze flag is present. This was caused by esbuild's internals attempting to add a Go plugin (which is how --analyze is implemented) to a null build object. The panic has been fixed in this release.

• Fix incorrect location of certain error messages (#3845)

  This release fixes a regression that caused certain errors relating to variable declarations to be reported at an incorrect location. The regression was introduced in version 0.18.7 of esbuild.

• Print comments before case clauses in switch statements (#3838)

  With this release, esbuild will attempt to print comments that come before case clauses in switch statements. This is similar to what esbuild already does for comments inside of certain types of expressions. Note that these types of comments are not printed if minification is enabled (specifically whitespace minification).

• Fix a memory leak with pluginData (#3825)

  With this release, the build context's internal pluginData cache will now be cleared when starting a new build. This should fix a leak of memory from plugins that return pluginData objects from onResolve and/or onLoad callbacks.

Changelog

Sourced from esbuild's changelog.

0.23.1

• Allow using the node: import prefix with es* targets (#3821)

  The node: prefix on imports is an alternate way to import built-in node modules. For example, import fs from "fs" can also be written import fs from "node:fs". This only works with certain newer versions of node, so esbuild removes it when you target older versions of node such as with --target=node14 so that your code still works. With the way esbuild's platform-specific feature compatibility table works, this was added by saying that only newer versions of node support this feature. However, that means that a target such as --target=node18,es2022 removes the node: prefix because none of the es* targets are known to support this feature. This release adds the support for the node: flag to esbuild's internal compatibility table for es* to allow you to use compound targets like this:

  // Original code
  import fs from 'node:fs'
  fs.open
  // Old output (with --bundle --format=esm --platform=node --target=node18,es2022)
  import fs from "fs";
  fs.open;
  // New output (with --bundle --format=esm --platform=node --target=node18,es2022)
  import fs from "node:fs";
  fs.open;

• Fix a panic when using the CLI with invalid build flags if --analyze is present (#3834)

  Previously esbuild's CLI could crash if it was invoked with flags that aren't valid for a "build" API call and the --analyze flag is present. This was caused by esbuild's internals attempting to add a Go plugin (which is how --analyze is implemented) to a null build object. The panic has been fixed in this release.

• Fix incorrect location of certain error messages (#3845)

  This release fixes a regression that caused certain errors relating to variable declarations to be reported at an incorrect location. The regression was introduced in version 0.18.7 of esbuild.

• Print comments before case clauses in switch statements (#3838)

  With this release, esbuild will attempt to print comments that come before case clauses in switch statements. This is similar to what esbuild already does for comments inside of certain types of expressions. Note that these types of comments are not printed if minification is enabled (specifically whitespace minification).

• Fix a memory leak with pluginData (#3825)

  With this release, the build context's internal pluginData cache will now be cleared when starting a new build. This should fix a leak of memory from plugins that return pluginData objects from onResolve and/or onLoad callbacks.

Commits

• 3327274 publish 0.23.1 to npm
• 38e22ed add a warning/debug log message for #3867
• a15bb51 fix #3825: memory leak of pluginData values
• f6e6481 fix #3838: print comments before case clauses
• 9c13ae1 fix #3853: update go 1.22.4 => 1.22.5
• 78f89e4 fix #3845: some incorrect error message locations
• 892d2a7 fix #3834: cli sometimes panics with --analyze
• 360d472 fix a typo in the release notes
• e3f4e2d fix #3821: allow node: prefix with es* targets
• See full diff in compare view

Updates @babel/runtime from 7.24.8 to 7.27.3

Release notes

Sourced from @​babel/runtime's releases.

v7.27.3 (2025-05-27)

🐛 Bug Fix

• babel-generator
  • #17324 Improve multiline comments handling in yield/await expression (@​JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17328 Correctly set .displayName on GeneratorFunction (@​nicolo-ribaudo)
• babel-plugin-proposal-explicit-resource-management
  • #17319 fix: handle shadowed binding in for using of body (@​JLHwung)
  • #17317 fix: support named evaluation for using declaration (@​JLHwung)
• babel-plugin-proposal-decorators, babel-types
  • #17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@​magic-akari)
• babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
  • #17257 Preserve class id when transforming using declarations with exported class (@​JLHwung)
• babel-parser
  • #17312 fix(parser): properly handle optional markers in generator class methods (@​magic-akari)
  • #17307 fix(parser): Terminate modifier parsing at newline (@​magic-akari)
• babel-generator, babel-parser
  • #17308 Improve import phase parsing (@​JLHwung)

Committers: 7

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Vik R (@​vikr01)
• @​liuxingbaoyu
• @​magic-akari
• fisker Cheung (@​fisker)

v7.27.2 (2025-05-06)

🐛 Bug Fix

• babel-parser
  • #17289 fix: @babel/parser/bin/index.js contains node: protocol require (@​liuxingbaoyu)
  • #17291 fix: Private class method not found when TS and estree (@​liuxingbaoyu)
• babel-plugin-transform-object-rest-spread
  • #17281 Fix: improve object rest handling in array pattern (@​JLHwung)
• babel-plugin-transform-modules-commonjs, babel-template
  • #17284 fix(babel-template): Properly handle empty string replacements (@​magic-akari)

🏃‍♀️ Performance

• babel-cli
  • #17285 Enable Node compile cache for @babel/cli (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• @​magic-akari

... (truncated)

Changelog

Sourced from @​babel/runtime's changelog.

v7.27.3 (2025-05-27)

🐛 Bug Fix

• babel-generator
  • #17324 Improve multiline comments handling in yield/await expression (@​JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17328 Correctly set .displayName on GeneratorFunction (@​nicolo-ribaudo)
• babel-plugin-proposal-explicit-resource-management
  • #17319 fix: handle shadowed binding in for using of body (@​JLHwung)
  • #17317 fix: support named evaluation for using declaration (@​JLHwung)
• babel-plugin-proposal-decorators, babel-types
  • #17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@​magic-akari)
• babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
  • #17257 Preserve class id when transforming using declarations with exported class (@​JLHwung)
• babel-parser
  • #17312 fix(parser): properly handle optional markers in generator class methods (@​magic-akari)
  • #17307 fix(parser): Terminate modifier parsing at newline (@​magic-akari)
• babel-generator, babel-parser
  • #17308 Improve import phase parsing (@​JLHwung)

v7.27.2 (2025-05-06)

🐛 Bug Fix

• babel-parser
  • #17289 fix: @babel/parser/bin/index.js contains node: protocol require (@​liuxingbaoyu)
  • #17291 fix: Private class method not found when TS and estree (@​liuxingbaoyu)
• babel-plugin-transform-object-rest-spread
  • #17281 Fix: improve object rest handling in array pattern (@​JLHwung)
• babel-plugin-transform-modules-commonjs, babel-template
  • #17284 fix(babel-template): Properly handle empty string replacements (@​magic-akari)

🏃‍♀️ Performance

• babel-cli
  • #17285 Enable Node compile cache for @babel/cli (@​JLHwung)

v7.27.1 (2025-04-30)

👓 Spec Compliance

• babel-parser
  • #17254 Allow using of as lexical declaration within for (@​JLHwung)
  • #17230 Disallow get/set in TSPropertySignature (@​JLHwung)
• babel-parser, babel-types
  • #17193 Stricter TSImportType options parsing (@​JLHwung)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse
  • #17137 fix: do expressions should allow early exit (@​kermanx)
• babel-helper-wrap-function, babel-plugin-transform-async-to-generator
  • #17251 Fix: propagate argument evaluation errors through async promise chain (@​magic-akari)
• babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator
  • #17231 fix apply()/call() annotated as pure (@​Lacsw)
• babel-helper-fixtures, babel-parser

... (truncated)

Commits

• da5e371 v7.27.3
• eebd3a0 v7.27.1
• 296cdc5 Remove unused regenerator-runtime dep in @babel/runtime (#17263)
• fdc0fb5 [Babel 8] Bump nodejs requirements to ^20.19.0 || >= 22.12.0 (#17204)
• 5c350ea v7.27.0
• ca4865a Fix: align behaviour to tsc rewriteRelativeImportExtensions (#17118)
• e1ce99d v7.26.10
• d5952e8 Fix processing of replacement pattern with named capture groups (#17173)
• 64bca7b v7.26.9
• 2d95140 v7.26.7
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates katex from 0.16.11 to 0.16.22

Release notes

Sourced from katex's releases.

v0.16.22

0.16.22 (2025-04-09)

Bug Fixes

• \relax in base or exponent of super/subscript (#4045) (1f43c84)

v0.16.21

0.16.21 (2025-01-17)

Bug Fixes

• escape \htmlData attribute name (57914ad)
  • See security advisory GHSA-cg87-wmx4-v546

v0.16.20

0.16.20 (2025-01-12)

Bug Fixes

• \providecommand does not overwrite existing macro (#4000) (6d30fe4), closes #3928

v0.16.19

0.16.19 (2024-12-29)

Bug Fixes

• types: improve strict function type (#4009) (4228b4e)

v0.16.18

0.16.18 (2024-12-18)

Bug Fixes

• Actually publish TypeScript type definitions (#4008) (629b873)

v0.16.17

0.16.17 (2024-12-17)

Bug Fixes

• MathML combines multidigit numbers with sup/subscript, comma separators, and multicharacter text when outputting to DOM (#3999) (7d79e22), closes #3995

... (truncated)

Changelog

Sourced from katex's changelog.

0.16.22 (2025-04-09)

Bug Fixes

• \relax in base or exponent of super/subscript (#4045) (1f43c84)

0.16.21 (2025-01-17)

Bug Fixes

• escape \htmlData attribute name (57914ad)

0.16.20 (2025-01-12)

Bug Fixes

• \providecommand does not overwrite existing macro (#4000) (6d30fe4), closes #3928

0.16.19 (2024-12-29)

Bug Fixes

• types: improve strict function type (#4009) (4228b4e)

0.16.18 (2024-12-18)

Bug Fixes

• Actually publish TypeScript type definitions (#4008) (629b873)

0.16.17 (2024-12-17)

Bug Fixes

• MathML combines multidigit numbers with sup/subscript, comma separators, and multicharacter text when outputting to DOM (#3999) (7d79e22), closes #3995

0.16.16 (2024-12-17)

Features

• ESM exports, TypeScript types (#3992) (ea9c173)

0.16.15 (2024-12-09)

... (truncated)

Commits

• 613c3da chore(release): 0.16.22 [ci skip]
• 1f43c84 fix: \relax in base or exponent of super/subscript (#4045)
• 2fe1941 chore: spelling fixes (#4035)
• aada26a chore(deps): update dependency postcss-preset-env to v7.8.3 [skip netlify] (#...
• 3376056 chore(deps): update dependency caniuse-lite to v1.0.30001695 [skip netlify] (...
• bc4a947 chore: bump GitHub actions to their latest versions (#4026)
• 923f2aa chore(release): 0.16.21 [ci skip]
• 57914ad fix: escape \htmlData attribute name
• ff28995 Merge commit from fork
• 28a0bf5 chore(release): 0.16.20 [ci skip]
• Additional commits viewable in compare view

Updates micromatch from 4.0.7 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

• Fixed React Native support.

3.3.10

• Fixed React Native support (by @​steida).

3.3.9

• Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.11

• Fixed React Native support.

3.3.10

• Fixed React Native support (by @​steida).

3.3.9

• Reduced npm package size.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Commits

• 37289ce Release 3.3.11 version
• 23690b7 Fix CI
• c147962 Fix RN support
• a83734e Move to manually ESM/CJS dual package
• bb12e8a Release 3.3.10 version
• 8f44264 Fix Expo support
• adf9b0c Release 3.3.9 version
• 1c6f088 Remove dev file from npm package
• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
jsantanders-dev	❌ Failed (Inspect)			May 28, 2025 1:37am