build(deps): bump the npm_and_yarn group across 5 directories with 12 updates#2
Conversation
… updates Bumps the npm_and_yarn group with 3 updates in the /clients directory: [next](https://github.com/vercel/next.js), [postcss](https://github.com/postcss/postcss) and [yaml](https://github.com/eemeli/yaml). Bumps the npm_and_yarn group with 2 updates in the /server/polar/backoffice directory: [postcss](https://github.com/postcss/postcss) and [picomatch](https://github.com/micromatch/picomatch). Bumps the npm_and_yarn group with 6 updates in the /server/emails directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` | | [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` | | [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` | | [rollup](https://github.com/rollup/rollup) | `4.53.5` | `4.60.3` | | [tar](https://github.com/isaacs/node-tar) | `7.5.2` | `7.5.14` | | [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` | Bumps the npm_and_yarn group with 7 updates in the /handbook directory: | Package | From | To | | --- | --- | --- | | [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.3.9` | `5.7.3` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.5` | `4.2.6` | | [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.0` | `5.3.1` | Bumps the npm_and_yarn group with 7 updates in the /docs directory: | Package | From | To | | --- | --- | --- | | [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `4.5.6` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.5` | `4.2.6` | | [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.1.0` | `5.3.1` | Updates `next` from 16.2.0 to 16.2.3 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.2.0...v16.2.3) Updates `postcss` from 8.5.8 to 8.5.10 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.8...8.5.10) Updates `yaml` from 2.8.2 to 2.8.3 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.8.2...v2.8.3) Updates `fast-xml-parser` from 5.4.1 to 5.7.3 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.3.9...v5.7.3) Updates `postcss` from 8.5.6 to 8.5.14 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.8...8.5.10) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `brace-expansion` from 2.0.2 to 2.1.0 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v2.0.2...v2.1.0) Updates `minimatch` from 5.1.6 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v5.1.6...v5.1.9) Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `rollup` from 4.53.5 to 4.60.3 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.5...v4.60.3) Updates `tar` from 7.5.2 to 7.5.14 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.2...v7.5.14) Updates `socket.io-parser` from 4.2.4 to 4.2.6 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.4...socket.io-parser@4.2.6) Updates `yaml` from 2.8.2 to 2.8.4 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.8.2...v2.8.3) Updates `brace-expansion` from 1.1.12 to 1.1.14 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v2.0.2...v2.1.0) Updates `fast-xml-parser` from 5.3.9 to 5.7.3 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.3.9...v5.7.3) Updates `follow-redirects` from 1.15.11 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `socket.io-parser` from 4.2.5 to 4.2.6 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.4...socket.io-parser@4.2.6) Updates `basic-ftp` from 5.2.0 to 5.3.1 - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.2.0...v5.3.1) Updates `yaml` from 2.8.2 to 2.8.4 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.8.2...v2.8.3) Updates `brace-expansion` from 1.1.12 to 1.1.14 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v2.0.2...v2.1.0) Updates `fast-xml-parser` from 4.5.3 to 4.5.6 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.3.9...v5.7.3) Updates `follow-redirects` from 1.15.11 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `socket.io-parser` from 4.2.5 to 4.2.6 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.4...socket.io-parser@4.2.6) Updates `basic-ftp` from 5.1.0 to 5.3.1 - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.2.0...v5.3.1) --- updated-dependencies: - dependency-name: next dependency-version: 16.2.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.10 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 2.8.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: 5.7.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 2.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.60.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-version: 4.2.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 2.8.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: 5.7.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-version: 4.2.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: basic-ftp dependency-version: 5.3.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 2.8.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: 4.5.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-version: 4.2.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: basic-ftp dependency-version: 5.3.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
AI Code Review by LlamaPReview
🎯 TL;DR & Recommendation
Recommendation: Request Changes
This PR updates multiple npm dependencies across five directories, including critical patches to Next.js 16.2.3 that fix HMR and styled-jsx bugs. However, four directories have lock file changes without corresponding package.json updates, risking version drift, and minor bumps (e.g., zod, fast-xml-parser) may introduce breaking changes.
| Priority | File | Category | Impact Summary | Anchors |
|---|---|---|---|---|
| P1 | clients/apps/web/package.json | Bug | Patch bump fixes HMR and styled-jsx bugs | |
| P2 | clients/apps/web/package.json | Maintainability | Missing package.json updates for 4 directories | |
| P2 | clients/apps/web/package.json | Maintainability | Minor version bump may cause typing changes |
⚠️ **Unanchored Suggestions (Manual Review Recommended)**
The following suggestions could not be precisely anchored to a specific line in the diff. This can happen if the code is outside the changed lines, has been significantly refactored, or if the suggestion is a general observation. Please review them carefully in the context of the full file.
📁 File: clients/apps/web/package.json
Speculative: The PR correctly updates package.json for clients/apps/web and clients/packages/mdx, but the file changes show that for the handbook, docs, server/emails, and server/polar/backoffice directories only pnpm-lock.yaml files were modified, not their respective package.json files. This is inconsistent because lock files are generated from package.json constraints. If the package.json constraints remain at the old versions, the lock file updates may be stale or incorrect, leading to potential version drift, unpinned dependencies in CI/CD, or failed audits. The snippet above demonstrates the expected pattern where both package.json and the lock file are updated together. The absence of package.json changes for these four directories indicates either an incomplete PR or that the package.json updates were committed separately – either outcome risks breaking the reproducibility of builds in those subprojects.
Related Code:
💡 Have feedback? We'd love to hear it in our GitHub Discussions.
✨ This review was generated by LlamaPReview Advanced, which is free for all open-source projects. Learn more.
| "markdown-to-jsx": "^8.0.0", | ||
| "nanoid": "^5.1.7", | ||
| "next": "^16.2.0", | ||
| "next": "^16.2.3", |
There was a problem hiding this comment.
P1 | Confidence: High
The update of next from 16.2.0 to 16.2.3 is a patch bump within a widely-used framework. However, the changelog (visible in the PR description) includes several critical fixes such as “manifest.ts breaks HMR in Next.js 16.2” and “Fix styled-jsx race condition: styles lost due to concurrent rendering.” If the project uses manifest.ts files, HMR, or styled-jsx, these fixes resolve real runtime bugs that could cause incorrect behavior (e.g., missing styles or broken HMR loops). While this is a positive change, the PR does not include any explicit test modifications or regression checks to confirm the fixes don’t introduce new issues in the project’s specific configuration. Additionally, the lock file for clients shows massive updates (1591 additions, 735 deletions), which includes transitive dependencies that may have changed in ways not covered by the package.json bumps. I recommend running the full end-to-end test suite for the clients directory and verifying that the Next.js build and development server work as expected, especially HMR and style-related behaviour.
| "tailwindcss-radix": "^4.0.2", | ||
| "tw-animate-css": "^1.4.0", | ||
| "zod": "^4.3.6" | ||
| "zod": "^4.4.3" |
There was a problem hiding this comment.
P2 | Confidence: Medium
Speculative: The update of zod from ^4.3.6 to ^4.4.3 is a minor version bump. Zod 4.x has undergone significant changes (e.g., schema definition syntax, pipe API). While ^4.4.3 is within the same major range, minor versions can introduce deprecations or subtle behavior changes. Without related context on how Zod is used in the codebase (e.g., z.object, custom types, transformers), there is a risk of runtime type-checking failures or subtle logic errors if the project relies on now-deprecated APIs. The same concern applies to other minor bumps in this PR (e.g., yaml from 2.8.2 to 2.8.3, fast-xml-parser from 5.3.9 to 5.7.3 in handbook – note: fast-xml-parser 5.7.0 introduced breaking entity-processing changes). I recommend reviewing the changelogs of all minor-version upgrades and verifying that the project's test suite (especially type-system and integration tests) still passes.
Bumps the npm_and_yarn group with 3 updates in the /clients directory: next, postcss and yaml.
Bumps the npm_and_yarn group with 2 updates in the /server/polar/backoffice directory: postcss and picomatch.
Bumps the npm_and_yarn group with 6 updates in the /server/emails directory:
2.0.22.1.05.1.65.1.94.0.34.0.44.53.54.60.37.5.27.5.144.2.44.2.6Bumps the npm_and_yarn group with 7 updates in the /handbook directory:
2.8.22.8.41.1.121.1.145.3.95.7.31.15.111.16.02.3.12.3.24.2.54.2.65.2.05.3.1Bumps the npm_and_yarn group with 7 updates in the /docs directory:
2.8.22.8.41.1.121.1.144.5.34.5.61.15.111.16.02.3.12.3.24.2.54.2.65.1.05.3.1Updates
nextfrom 16.2.0 to 16.2.3Release notes
Sourced from next's releases.
... (truncated)
Commits
d5f649bv16.2.32873928[16.x] Avoid consuming cyclic models multiple times (#75)d7c7765[backport]: Ensure app-page reports stale ISR revalidation errors via onReque...c573e8cfix(server-hmr): metadata routes overwrite page runtime HMR handler (#92273)57b8f65next-core: deduplicate output assets and detect content conflicts on emit (#9...f158df1Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)356d605turbo-tasks-backend: stability fixes for task cancellation and error handling...3b77a6eFix DashMap read-write self-deadlock in task_cache causing hangs (#92210)b2f208aBackport: new view-transitions guide, update and fixes (#92264)52faae3v16.2.2Updates
postcssfrom 8.5.8 to 8.5.10Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
33b9790Release 8.5.10 version536c79eEscape </style> in CSS output (#2074)afa96b2Update dependencies (#2073)effe88bTypo (#2072)3ee79a2Thread model (#2071)2e0683dCreate incident response docs (#2070)fe88ac2Release 8.5.9 versionc551632Avoid RegExp when we can use simple JS89a6b74Move SECURITY.txt for docs folder to keep GitHub page cleaner6ceb8a4Create SECURITY.mdUpdates
yamlfrom 2.8.2 to 2.8.3Release notes
Sourced from yaml's releases.
Commits
ce145872.8.31e84ebbfix: Catch stack overflow during node composition6b24090ci: Include Prettier check in lint action9424deechore: Refresh lockfiled1aca82Add trailingComma ToString option for multiline flow formatting (#670)4321509ci: Drop the branch filter from GitHub PR actions47207d0chore: Update docs-slate5212faechore: Update docs-slateUpdates
fast-xml-parserfrom 5.4.1 to 5.7.3Release notes
Sourced from fast-xml-parser's releases.
... (truncated)
Changelog
Sourced from fast-xml-parser's changelog.
... (truncated)
Commits
d6d8042update to released263370remove dev dependency 'he'f9c9a2cupdate builder to 1.1.7b65da87update changelog and mark addEntity deprecatedc2ca631update fxbda75191fix stop node expression when ns prefix is removed31bbc99fix: alwaysCreateTextNode should create text node when attributes are present...dab327aremove unnecessaryab04eebupdate docs383cb3fRevise security information for v6 releaseUpdates
postcssfrom 8.5.6 to 8.5.14Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
33b9790Release 8.5.10 version536c79eEscape </style> in CSS output (#2074)afa96b2Update dependencies (#2073)effe88bTypo (#2072)3ee79a2Thread model (#2071)2e0683dCreate incident response docs (#2070)fe88ac2Release 8.5.9 versionc551632Avoid RegExp when we can use simple JS89a6b74Move SECURITY.txt for docs folder to keep GitHub page cleaner6ceb8a4Create SECURITY.mdUpdates
picomatchfrom 2.3.1 to 2.3.2Release notes
Sourced from picomatch's releases.
Changelog
Sourced from picomatch's changelog.
... (truncated)
Commits
81cba8dPublish 2.3.2fc1f6b6Merge commit from forkeec17aeMerge commit from fork78f8ca4Merge pull request #156 from micromatch/backport-1443f4f10eMerge pull request #144 from Jason3S/jdent-object-propertiesUpdates
brace-expansionfrom 2.0.2 to 2.1.0Commits
1ee4a902.1.0b0302acAdd opt-in { max } mitigation to v2 legacy line (#100)73b54592.0.3311ac0dBackport fix for GHSA-f886-m6hf-6m8v to v2 (#96)Updates
minimatchfrom 5.1.6 to 5.1.9Commits
4419b6e5.1.9383ce59docs: add warning about ReDoSb02ef18fix partial matching of globstar patternse92ae295.1.879e4447limit recursion for **, improve perf considerably85ec0fflockfile update647146elock node version to 1485646c85.1.7977c2d8update CI matrix and actions421ad12update test expectations for coalesced consecutive starsUpdates
picomatchfrom 4.0.3 to 4.0.4Release notes
Sourced from picomatch's releases.
Changelog
Sourced from picomatch's changelog.
... (truncated)
Commits
81cba8dPublish 2.3.2fc1f6b6Merge commit from forkeec17aeMerge commit from fork78f8ca4Merge pull request #156 from micromatch/backport-1443f4f10eMerge pull request #144 from Jason3S/jdent-object-propertiesUpdates
rollupfrom 4.53.5 to 4.60.3Release notes
Sourced from rollup's releases.
... (truncated)
Changelog
Sourced from rollup's changelog.
... (truncated)
Commits
b47bdab4.60.315c5f33Add again some unneeded dev dependencies, to make some builds succeed12195dcfix: do not rename nested "exports" bindings that do not conflict (#6360)b74aa39Migrate instructions to AGENTS.mdaa5a377fix(deps): update minor/patch updates (#6365)197e68bchore(deps): update msys2/setup-msys2 digest to e989830 (#6364)cded70afix(deps): update swc monorepo (major) (#6366)bb2b8a5docs: add missing backticks inplugin-development(#6368)20af1c4chore(deps): lock file maintenance (#6367)a6be82b4.60.2Updates
tarfrom 7.5.2 to 7.5.14Commits
6244eb37.5.149704d8cstricter protection against hardlinks preempting their targets700734fupdate workflows and depsd6611ae7.5.13119c401fix(extract): prevent raced symlink writes outside cwd2a294d37.5.1201082a4fix: reject top promise on floating addFilesAsync rejectionsdd1c36alinting35a1ffedoc: more clarity in security warningbf776f67.5.11Maintainer changes
This version was pushed to npm by isaacs, a new releaser for tar since your current version.
Install script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.Updates
socket.io-parserfrom 4.2.4 to 4.2.6Release notes
Sourced from socket.io-parser's releases.
Commits
522edcdchore(release): socket.io-parser@4.2.63fff7cafix(parser): add a limit to the number of binary attachments37aad11fix: cleanup pending acks on timeout to prevent memory leakba9cd69revert: fix: cleanup pending acks on timeout to prevent memory leak84c2fb7chore(release): engine.io@6.6.607cbe15fix(eio): add@types/wsas dependency (#5458)44ed73ffix(eio): emit initial_headers and headers events in uServer (#5460)da04267fix: cleanup pending acks on timeout to prevent memory leak (#5442)74599a6fix(types): properly import http moduled48718cci: use actions/checkout@v6 and actions/setup-node@v6 (#5449)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for socket.io-parser since your current version.
Updates
yamlfrom 2.8.2 to 2.8.4Release notes
Sourced from yaml's releases.
Commits
ce145872.8.31e84ebbfix: Catch stack overflow during node composition6b24090ci: Include Prettier check in lint action9424deechore: Refresh lockfiled1aca82Add trailingComma ToString option for multiline flow formatting (#670)4321509ci: Drop the branch filter from GitHub PR actions47207d0chore: Update docs-slate5212faechore: Update docs-slateUpdates
brace-expansionfrom 1.1.12 to 1.1.14Commits
1ee4a902.1.0b0302acAdd opt-in { max } mitigation to v2 legacy line (#100)73b54592.0.3311ac0dBackport fix for GHSA-f886-m6hf-6m8v to v2 (#96)Updates
fast-xml-parserfrom 5.3.9 to 5.7.3Release notes
Sourced from fast-xml-parser's releases.