Skip to content

Bump the npm_and_yarn group across 6 directories with 16 updates#51

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/VolunteerEngagement/Portal-EDM/npm_and_yarn-1f28fabd30
Open

Bump the npm_and_yarn group across 6 directories with 16 updates#51
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/VolunteerEngagement/Portal-EDM/npm_and_yarn-1f28fabd30

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 2 updates in the /VolunteerEngagement/Portal-EDM directory: dompurify and undici.
Bumps the npm_and_yarn group with 10 updates in the /VolunteerManagement/VolunteerManagement/Resources/PCFs/EngagementOpportunitySummary directory:

Package From To
@babel/core 7.26.9 7.29.7
flatted 3.3.3 3.4.2
js-yaml 4.1.0 4.3.0
lodash 4.17.23 4.18.1
postcss 8.5.3 8.5.16
@babel/plugin-transform-modules-systemjs 7.25.9 7.29.7
follow-redirects 1.15.9 1.16.0
immutable 5.0.3 5.1.9
serialize-javascript 6.0.2 removed
webpack 5.98.0 5.108.3

Bumps the npm_and_yarn group with 8 updates in the /VolunteerManagement/VolunteerManagement/Resources/PCFs/GetStarted directory:

Package From To
flatted 3.3.3 3.4.2
lodash 4.17.21 4.18.1
postcss 8.5.3 8.5.16
@babel/plugin-transform-modules-systemjs 7.25.9 7.29.7
eazy-logger 4.0.1 4.1.0
follow-redirects 1.15.9 1.16.0
immutable 5.0.3 5.1.9
webpack 5.98.0 5.108.3

Bumps the npm_and_yarn group with 12 updates in the /VolunteerManagement/VolunteerManagement/Resources/PCFs/OnboardingStageView directory:

Package From To
@babel/core 7.26.9 7.29.7
minimatch 3.1.2 3.1.5
flatted 3.3.3 3.4.2
js-yaml 4.1.1 4.3.0
lodash 4.17.23 4.18.1
postcss 8.5.3 8.5.16
@babel/plugin-transform-modules-systemjs 7.25.9 7.29.7
eazy-logger 4.0.1 4.1.0
fast-uri 3.0.6 3.1.3
follow-redirects 1.15.9 1.16.0
immutable 5.0.3 5.1.9
serialize-javascript 6.0.2 removed

Bumps the npm_and_yarn group with 8 updates in the /VolunteerManagement/VolunteerManagement/Resources/PCFs/SendMessages directory:

Package From To
flatted 3.3.3 3.4.2
lodash 4.17.23 4.18.1
undici 6.21.3 6.27.0
eazy-logger 4.0.1 4.1.0
fast-uri 3.0.6 3.1.3
follow-redirects 1.15.9 1.16.0
serialize-javascript 6.0.2 removed
webpack 5.98.0 5.108.3

Bumps the npm_and_yarn group with 4 updates in the /VolunteerManagement/VolunteerManagement/Resources/WebResources directory: flatted, serialize-javascript, uuid and webpack.

Updates dompurify from 3.4.9 to 3.4.11

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.11

  • Fixed an issue with a leaky config for hooks via setConfig, thanks @​trace37labs
  • Bumped vulnerable development dependencies to arrive at plain 0 with npm audit
  • Updated the osv-scanner suppression list as no vulnerable dependencies are left for now
  • Updated up the linting tool-chain and removed now-redundant lint directives
  • Updated the documentation is several spots, README, wiki, etc.
  • Bumped several dependencies where possible

DOMPurify 3.4.10

  • Refactored codebase for clarity: extracted the public type declarations into types.ts
  • Decomposed the three largest sanitizer functions into focused helpers
  • Removed duplicated defaults and dead branches, consolidated SAFE_FOR_TEMPLATES scrubbing into single shared path
  • Improved per-node performance by hoisting the mXSS probe regexes and testing textContent before innerHTML
  • Added a deterministic micro-benchmark harness (npm run bench) with a --compare mode
  • Reduced CI cost by running the full three-engine browser suite once per PR
  • Refreshed the demos/ folder so every demo runs again, and added a SVG-via-<img> demo
  • Documented the bench and test:happydom scripts in the README
  • Completed the Attack Classes & Bypass History wiki page
  • Bumped several dependencies where possible
Commits

Updates undici from 7.27.2 to 7.28.0

Release notes

Sourced from undici's releases.

v7.28.0

⚠️ Security Release

This release line addresses 7 security advisories, all shipped in v7.28.0.

Action required: Upgrade to undici 7.28.0 or later.

npm install undici@^7.28.0

The v7 line is not affected by GHSA-38rv-x7px-6hhq (CVE-2026-9675), which is an 8.x-only regression.

Note on GHSA-hm92-r4w5-c3mj: this fix shipped in v7.28.0, not the earlier 7.2x line — the vulnerable single-pool code was still present through v7.27.2. The per-origin pool fix is 3805b8f8 (#5041).

Summary

Advisory CVE Severity (CVSS) Fixed in Fix commit
GHSA-vxpw-j846-p89q CVE-2026-12151 High (7.5) 7.28.0 8cb10f98
GHSA-vmh5-mc38-953g CVE-2026-9697 High (7.4) 7.28.0 04201f89
GHSA-hm92-r4w5-c3mj CVE-2026-6734 High (7.5) 7.28.0 3805b8f8
GHSA-pr7r-676h-xcf6 CVE-2026-9678 Moderate (5.9) 7.28.0 85a24055
GHSA-p88m-4jfj-68fv CVE-2026-9679 Moderate (5.9) 7.28.0 d0574cc4
GHSA-g8m3-5g58-fq7m CVE-2026-11525 Low (3.7) 7.28.0 d0574cc4
GHSA-35p6-xmwp-9g52 CVE-2026-6733 Low (3.7) 7.28.0 ea8930cf

High severity

WebSocket DoS via fragment count bypass — CVE-2026-12151

GHSA-vxpw-j846-p89q · CWE-400, CWE-770 Fix: 8cb10f98 websocket: limit the number of fragments in a message (part of backport a027a4a0 Backport WebSocket maxPayloadSize fixes to v7.x, #5423)

A malicious WebSocket server can stream a large number of small or empty continuation frames. Undici enforced a limit on cumulative payload size but did not limit the number of fragments per message, leading to unbounded memory growth and denial of service.

  • Affected: applications using new WebSocket(...) or WebSocketStream against untrusted endpoints.
  • Workaround: none — upgrade is required.

TLS certificate validation bypass in SOCKS5 ProxyAgent — CVE-2026-9697

GHSA-vmh5-mc38-953g · CWE-295

... (truncated)

Commits
  • f9eba0a Bumped v7.28.0 (#5430)
  • a027a4a Backport WebSocket maxPayloadSize fixes to v7.x (#5423)
  • 8cb10f9 websocket: limit the number of fragments in a message
  • 04201f8 fix: honor requestTls when proxy is SOCKS5
  • fcd642f fix(socks5): preserve dispatch backpressure return value (#5166)
  • bc98c97 fix(socks5): use configured connector in Socks5ProxyAgent (#5168)
  • 9e1c743 fix(socks5): encode embedded IPv4 tails in IPv6 literals correctly (#5099)
  • 376c8be fix(socks5): enforce authenticated state before CONNECT (#5097)
  • 3805b8f fix(socks5-proxy-agent): use per-origin pools to prevent cross-origin routing...
  • 85a2405 fix(cache): trim qualified field names
  • Additional commits viewable in compare view

Updates @babel/core from 7.26.9 to 7.29.7

Release notes

Sourced from @​babel/core's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

Committers: 3

v7.29.5 (2026-05-05)

🏠 Internal

  • babel-preset-env
    • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

  • babel-plugin-transform-modules-systemjs
    • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

  • babel-parser

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/core since your current version.


Updates flatted from 3.3.3 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.3.0

Changelog

Sourced from js-yaml's changelog.

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.

... (truncated)

Commits
  • 33d05b5 4.3.0 released
  • 663bfab Drop demo publish, to not override new v5 one.
  • 1cb8c7b Add v4-legacy tag for publish
  • 02f27af Restore umd builds back to es5
  • 8be84ed Fix es5 compatibility
  • 59423c6 Replace maxMergeSeqLength option with maxTotalMergeKeys (more robust). Ba...
  • 6842ef6 doc polish
  • 590dbab 4.2.0 released
  • f944dc5 Add package.json funding field
  • f692719 Changelog update
  • Additional commits viewable in compare view

Updates lodash from 4.17.23 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

  • Add security notice for _.template in threat model and API docs (#6099)
  • Document lower > upper behavior in _.random (#6115)
  • Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

Commits
  • cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
  • 75535f5 chore: prune stale advisory refs (#6170)
  • 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
  • 59be2de release(minor): bump to 4.18.0 (#6161)
  • af63457 fix: broken tests for _.template 879aaa9
  • 1073a76 fix: linting issues
  • 879aaa9 fix: validate imports keys in _.template
  • fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
  • 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
  • b819080 ci: add dist sync validation workflow (#6137)
  • Additional commits viewable in compare view

Updates postcss from 8.5.3 to 8.5.16

Release notes

Sourced from postcss's releases.

8.5.16

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

Changelog

Sourced from postcss's changelog.

8.5.16

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for postcss since your current version.


Updates @babel/plugin-transform-modules-systemjs from 7.25.9 to 7.29.7

Release notes

Sourced from @​babel/plugin-transform-modules-systemjs's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

Committers: 3

v7.29.5 (2026-05-05)

🏠 Internal

  • babel-preset-env
    • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

  • babel-plugin-transform-modules-systemjs
    • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

  • babel-parser

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/plugin-transform-modules-systemjs since your current version.


Updates follow-redirects from 1.15.9 to 1.16.0

Commits
  • 0c23a22 Release version 1.16.0 of the npm package.
  • 844c4d3 Add sensitiveHeaders option.
  • 5e8b8d0 ci: add Node.js 24.x to the CI matrix
  • 7953e22 ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6
  • 86dc1f8 Sanitizing input.
  • 21ef28a Release version 1.15.11 of the npm package.
  • 7c88135 Roll back tree shaking.
  • 6e389ba Release version 1.15.10 of the npm package.
  • 5bc496e Shake me up before you go-go.
  • 694d6b4 Bump minimist from 1.2.5 to 1.2.8
  • See full diff in compare view

Updates immutable from 5.0.3 to 5.1.9

Release notes

Sourced from immutable's releases.

v5.1.9

What's Changed

Full Changelog: immutable-js/immutable-js@v5.1.8...v5.1.9

v5.1.8

What's Changed

Full Changelog: immutable-js/immutable-js@v5.1.7...v5.1.8

v5.1.7

What's Changed

internal

New Contributors

Full Changelog: immutable-js/immutable-js@v5.1.6...v5.1.7

v5.1.6

What's Changed

... (truncated)

Changelog

Sourced from immutable's changelog.

5.1.9

  • fix(List): a List grown past 32 elements while all its values are undefined no longer reads those values back as null (affected get, iteration, toArray, equals and hashCode)

5.1.8

4.3.9

5.1.7

  • fix(Repeat): lastIndexOf returned size instead of size - 1 by @​chatman-media in immutable-js/immutable-js#2227. Fixes CVE CVE-2026-29063
  • fix(IndexedCollection): has(index) on a lazy Seq of unknown size now checks index existence instead of searching for a value equal to the index #2203
  • [TypeScript]: reduce/reduceRight without an initial value now infer the result type from the collection's values when the reducer returns a value (e.g. list.reduce((a, b) => a + b) infers number), matching Array#reduce. Previously an explicit type argument was required. #2205

5.1.6

  • fix(reverseFactory): read reversedSequence.size in __iterator instead of this #2196

5.1.5

  • Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

5.1.4

Documentation

Internal

... (truncated)

Commits
  • 329f7a6 5.1.9
  • 21fabd9 changelog
  • 009164f Merge pull request #2235 from immutable-js/fix/avoid-null-when-setsize33
  • 5b65bfb fix(List): preserve undefined values when grown past 32 elements
  • 50bf39e Update CHANGELOG.md for versions 5.1.8 and 4.3.9
  • 6496539 5.1.8
  • 808a83a Merge commit from fork
  • e51d49f perf(Map): index large hash-collision buckets for faster lookups
  • 25c58b0 fix typescript in tests
  • a1a1ee4 Merge commit from fork
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for immutable since your current version.


Removes serialize-javascript

Updates webpack from 5.98.0 to 5.108.3

Release notes

Sourced from webpack's releases.

v5.108.3

Patch Changes

  • Speed up CSS parsing and reduce CSS AST node memory. (by @​alexander-akait in #21285)

  • Fix HMR codegen crash for harmony accept with unresolved imports. (by @​xiaoxiaojx in #21302)

  • Match harmony accept depend...

    Description has been truncated

Bumps the npm_and_yarn group with 2 updates in the /VolunteerEngagement/Portal-EDM directory: [dompurify](https://github.com/cure53/DOMPurify) and [undici](https://github.com/nodejs/undici).
Bumps the npm_and_yarn group with 10 updates in the /VolunteerManagement/VolunteerManagement/Resources/PCFs/EngagementOpportunitySummary directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.26.9` | `7.29.7` |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.3.0` |
| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |
| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.16` |
| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.7` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |
| [immutable](https://github.com/immutable-js/immutable-js) | `5.0.3` | `5.1.9` |
| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |
| [webpack](https://github.com/webpack/webpack) | `5.98.0` | `5.108.3` |

Bumps the npm_and_yarn group with 8 updates in the /VolunteerManagement/VolunteerManagement/Resources/PCFs/GetStarted directory:

| Package | From | To |
| --- | --- | --- |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |
| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.16` |
| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.7` |
| [eazy-logger](https://github.com/shakyshane/easy-logger) | `4.0.1` | `4.1.0` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |
| [immutable](https://github.com/immutable-js/immutable-js) | `5.0.3` | `5.1.9` |
| [webpack](https://github.com/webpack/webpack) | `5.98.0` | `5.108.3` |

Bumps the npm_and_yarn group with 12 updates in the /VolunteerManagement/VolunteerManagement/Resources/PCFs/OnboardingStageView directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.26.9` | `7.29.7` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.3.0` |
| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |
| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.16` |
| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.7` |
| [eazy-logger](https://github.com/shakyshane/easy-logger) | `4.0.1` | `4.1.0` |
| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.3` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |
| [immutable](https://github.com/immutable-js/immutable-js) | `5.0.3` | `5.1.9` |
| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |

Bumps the npm_and_yarn group with 8 updates in the /VolunteerManagement/VolunteerManagement/Resources/PCFs/SendMessages directory:

| Package | From | To |
| --- | --- | --- |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |
| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |
| [undici](https://github.com/nodejs/undici) | `6.21.3` | `6.27.0` |
| [eazy-logger](https://github.com/shakyshane/easy-logger) | `4.0.1` | `4.1.0` |
| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.3` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |
| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |
| [webpack](https://github.com/webpack/webpack) | `5.98.0` | `5.108.3` |

Bumps the npm_and_yarn group with 4 updates in the /VolunteerManagement/VolunteerManagement/Resources/WebResources directory: [flatted](https://github.com/WebReflection/flatted), [serialize-javascript](https://github.com/yahoo/serialize-javascript), [uuid](https://github.com/uuidjs/uuid) and [webpack](https://github.com/webpack/webpack).


Updates `dompurify` from 3.4.9 to 3.4.11
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.9...3.4.11)

Updates `undici` from 7.27.2 to 7.28.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.27.2...v7.28.0)

Updates `@babel/core` from 7.26.9 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `js-yaml` from 4.1.0 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.3.0)

Updates `lodash` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

Updates `postcss` from 8.5.3 to 8.5.16
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.3...8.5.16)

Updates `@babel/plugin-transform-modules-systemjs` from 7.25.9 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs)

Updates `follow-redirects` from 1.15.9 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.9...v1.16.0)

Updates `immutable` from 5.0.3 to 5.1.9
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](immutable-js/immutable-js@v5.0.3...v5.1.9)

Removes `serialize-javascript`

Updates `webpack` from 5.98.0 to 5.108.3
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.98.0...v5.108.3)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

Updates `postcss` from 8.5.3 to 8.5.16
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.3...8.5.16)

Updates `@babel/plugin-transform-modules-systemjs` from 7.25.9 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs)

Updates `eazy-logger` from 4.0.1 to 4.1.0
- [Commits](shakyShane/eazy-logger@v4.0.1...v4.1.0)

Updates `follow-redirects` from 1.15.9 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.9...v1.16.0)

Updates `immutable` from 5.0.3 to 5.1.9
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](immutable-js/immutable-js@v5.0.3...v5.1.9)

Updates `webpack` from 5.98.0 to 5.108.3
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.98.0...v5.108.3)

Updates `@babel/core` from 7.26.9 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.3.0)

Updates `lodash` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

Updates `postcss` from 8.5.3 to 8.5.16
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.3...8.5.16)

Updates `@babel/plugin-transform-modules-systemjs` from 7.25.9 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs)

Updates `eazy-logger` from 4.0.1 to 4.1.0
- [Commits](shakyShane/eazy-logger@v4.0.1...v4.1.0)

Updates `fast-uri` from 3.0.6 to 3.1.3
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.0.6...v3.1.3)

Updates `follow-redirects` from 1.15.9 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.9...v1.16.0)

Updates `immutable` from 5.0.3 to 5.1.9
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](immutable-js/immutable-js@v5.0.3...v5.1.9)

Removes `serialize-javascript`

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `lodash` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

Updates `undici` from 6.21.3 to 6.27.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.27.2...v7.28.0)

Updates `eazy-logger` from 4.0.1 to 4.1.0
- [Commits](shakyShane/eazy-logger@v4.0.1...v4.1.0)

Updates `fast-uri` from 3.0.6 to 3.1.3
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.0.6...v3.1.3)

Updates `follow-redirects` from 1.15.9 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.9...v1.16.0)

Removes `serialize-javascript`

Updates `webpack` from 5.98.0 to 5.108.3
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.98.0...v5.108.3)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Removes `serialize-javascript`

Updates `uuid` from 8.3.2 to 14.0.1
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v8.3.2...v14.0.1)

Updates `webpack` from 5.98.0 to 5.108.3
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.98.0...v5.108.3)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.11
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 7.28.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/core"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: immutable
  dependency-version: 5.1.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version:
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-version: 5.108.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: eazy-logger
  dependency-version: 4.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: immutable
  dependency-version: 5.1.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-version: 5.108.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/core"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: eazy-logger
  dependency-version: 4.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-uri
  dependency-version: 3.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: immutable
  dependency-version: 5.1.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version:
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: eazy-logger
  dependency-version: 4.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-uri
  dependency-version: 3.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version:
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-version: 5.108.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version:
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: uuid
  dependency-version: 14.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-version: 5.108.3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants