Skip to content

chore(deps): bump the npm_and_yarn group across 7 directories with 10 updates#6

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/npm_and_yarn-2642d2d9cb
Open

chore(deps): bump the npm_and_yarn group across 7 directories with 10 updates#6
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/npm_and_yarn-2642d2d9cb

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 28, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package From To
turbo 2.8.13 2.9.14
electron 40.4.1 40.8.5
nitro 3.0.1-alpha.1 3.0.1-alpha.2
@modelcontextprotocol/sdk 1.25.2 1.26.0
drizzle-orm 1.0.0-beta.16-ea816b6 1.0.0-beta.20
minimatch 10.0.3 10.2.3
dompurify 3.3.1 3.4.0
@astrojs/cloudflare 12.6.3 13.1.10
astro 5.7.13 6.1.10
wrangler 4.50.0 4.59.1

Bumps the npm_and_yarn group with 2 updates in the /packages/console/app directory: nitro and wrangler.
Bumps the npm_and_yarn group with 1 update in the /packages/desktop-electron directory: electron.
Bumps the npm_and_yarn group with 1 update in the /packages/enterprise directory: nitro.
Bumps the npm_and_yarn group with 3 updates in the /packages/opencode directory: @modelcontextprotocol/sdk, drizzle-orm and minimatch.
Bumps the npm_and_yarn group with 1 update in the /packages/ui directory: dompurify.
Bumps the npm_and_yarn group with 2 updates in the /packages/web directory: @astrojs/cloudflare and astro.

Updates turbo from 2.8.13 to 2.9.14

Release notes

Sourced from turbo's releases.

Turborepo v2.9.14

[!NOTE] This release contains important security fixes.

High:

Low:

What's Changed

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

Turborepo v2.9.13-canary.1

What's Changed

Changelog

... (truncated)

Commits

Updates electron from 40.4.1 to 40.8.5

Release notes

Sourced from electron's releases.

electron v40.8.5

Release Notes for v40.8.5

Fixes

  • Fixed a bug where Windows notification icons could fail to save because their temporary filenames contained invalid characters. #50484 (Also in 41)
  • Fixed a crash in clipboard.readImage() when the clipboard contains malformed image data. #50491 (Also in 39, 41, 42)
  • Fixed a crash when calling an offscreen shared texture's release() after the texture object was garbage collected. #50500 (Also in 39, 41, 42)
  • Fixed an accessibility issue where the AXMenuOpened event was not fired on menu creation. #50505 (Also in 41, 42)
  • Fixed an issue where an app shortcut may lose its icon after auto-updating on Windows. #50518

Other Changes

  • Backported fix for chromium:475877320. #50438

electron v40.8.4

Release Notes for v40.8.4

Fixes

  • Fixed an issue where nodeIntegrationInWorker overrides in setWindowOpenHandler were not honored for child windows sharing a renderer process with their opener. #50467 (Also in 38, 39, 41)
  • Fixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. #50401 (Also in 39, 41, 42)
  • Fixed improper focus tracking in BaseWindow on MacOS. #50337 (Also in 39, 41, 42)
  • Fixed logic bug that rendered certain window types un-resizable on MAS builds. #50355 (Also in 41, 42)
  • Fixed utilityProcess exit event reporting incorrect exit codes on Windows when the exit code has the high bit. #50387 (Also in 41, 42)
  • Fixed window freeze when failing to enter/exit fullscreen on macOS. #50344 (Also in 39, 41, 42)

Other Changes

  • Added support for using a proxy during yarn install. #50352 (Also in 39, 41, 42)
  • Backported fix for 485935305. #50441
  • Backported fix for 489381399. #50449
  • Backported fixes for 484751092, 487117772. #50460

electron v40.8.3

Release Notes for v40.8.3

Fixes

  • Added additional ASAR support to additional fs copy methods. #50287 (Also in 39, 41, 42)
  • Fixed an issue where some DevTools functionality didn't work as expected. #50275 (Also in 41, 42)
  • Fixed user resizing of transparent windows on win32 platform. #50301 (Also in 39, 41, 42)

electron v40.8.2

Release Notes for v40.8.2

Other Changes

  • Backported fix for b/491421267. #50229
  • Fixed an issue where running app icons were not correctly retrieved on macOS Tahoe. #50188

electron v40.8.1

... (truncated)

Commits
  • c09e2aa fix: outdated execution path for COM activation (#50518)
  • 44f02f6 fix: hex-encode Windows notification icon temp filenames (#50484)
  • 904fbbd fix: fall back to default DPI when GTK returns 0 on Linux (#50488)
  • 36c88a4 fix: [a11y] fire AXMenuOpened event when ARIA menu is added to DOM (#50505)
  • 9bf9c36 refactor: remove dead named-window lookup from guest-window-manager (#50495)
  • d284168 fix: crash calling OSR shared texture release() after texture GC'd (#50500)
  • 4aa3610 fix: crash in clipboard.readImage() on malformed image data (#50491)
  • e1c17fd chore: cherry-pick fbfb27470bf6 from chromium (#50438)
  • 2871c1d fix: read nodeIntegrationInWorker from per-frame WebPreferences (#50122) (#50...
  • 0d3f57f chore: cherry-pick 074d472db745 from chromium (#50449)
  • Additional commits viewable in compare view

Updates nitro from 3.0.1-alpha.1 to 3.0.1-alpha.2

Release notes

Sourced from nitro's releases.

v3.0.1-alpha.2

🔋 This release contains many improvements since the alpha.1 release.

⏳ We took extra time to ensure everything works well by testing against real-world projects using Nitro v3.

🎯 We are closer to Beta now. Expect more regular v3 releases!

💬 Join the Nitro Discord for discussions and to report any issues you encounter with Nitro v3 alpha.

🌟 What’s new?

🔥 Rolldown-optimized

We optimized all internal and built-in Nitro plugins and configurations for first-class Rolldown support. We recommend that everyone migrate to rolldown and vite@beta, powered by rolldown.

[!TIP] Upgrade to the latest Nitro v3 with vite@beta (rolldown) and enjoy a seriously mind-blowing performance boost 🚀

📦 Dependencies are bundled by default

Nitro always generates an optimized and portable build output, containing all of your production dependencies.

Previously, all dependencies were copied (traced) into .output/server/node_modules unless configured to be inlined (bundled).

After adopting Rolldown, we found that bundling produces a more optimized and predictable output, but also is WAY faster to bundle dependencies with Rolldown rather than tracing (copying) them. Nitro now bundles dependencies by default using Rolldown (or Rollup).

Nitro has a built-in list of known dependencies with native Node.js bindings or incompatibilities. Only those dependencies are traced.

[!TIP] If you need to trace additional dependencies that are incompatible with bundling, use the new traceDeps: [] config option to mark them as traced.

⚛ React Server Components Support

Thanks to @​hi-ogawa, you can now use Nitro with @vitejs/plugin-rsc.

[!TIP] Cheeckout vite-rsc example for demo.

⬆️ Migration

We have added an experimental feature to support path aliases from tsconfig.json. The experimental flag is now disabled by default.

With vite@beta, you can use rolldown's native support:

import { defineConfig } from "vite"; 
import { nitro } from "nitro/vite";
export default defineConfig({
plugins: [ nitro({ serverDir: "./server" })],
</tr></table>

... (truncated)

Commits
  • c782414 chore(release): v3.0.1-alpha.2
  • 28f908a chore: update lockfile
  • b2b3788 fix: use static replacement for websocket feature (#3964)
  • 22bd0c6 fix: avoid naming node_modules/.* as lib chunk
  • 722efdc feat: rolldownConfig (#3887)
  • d2383f0 refactor: include name of hoisted libs in chunk name (#3962)
  • 795e774 feat(netlify-edge): support req.ip (#3946)
  • 74e8d67 feat(vercel, netlify, cloudflare): support req.ip (#3952)
  • ca1a9de build: show name of all grouped lib names
  • e5f6fee chore: update deps
  • Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.25.2 to 1.26.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

Commits
  • fe9c07b chore: bump version to 1.26.0 (#1479)
  • 4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
  • a05be17 Merge commit from fork
  • 50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
  • aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
  • 6aba065 chore: bump v1.25.3 for backport fixes (#1412)
  • 6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
  • 12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
  • See full diff in compare view

Updates drizzle-orm from 1.0.0-beta.16-ea816b6 to 1.0.0-beta.20

Release notes

Sourced from drizzle-orm's releases.

1.0.0-beta.20

  • Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

v1.0.0-beta.19

New Features

sqlcommenter support for PostgreSQL and MySQL

You can now add custom tags to the query. These tags will be appended to the end of each query, helping the database add metadata/tags to it. This will be especially useful with PlanetScale’s new Database Traffic Control feature

// raw string support
db.select().from().comment("key='val'");
db.select().from().comment("my_first_tag");
// developer friendly dedicated to tags
db.select().from().comment({ key: 'val' });

Example:

db.select().from(comments).comment({ priority: 'high', category: "analytics" });
select "id", "name" from "comments" /*priority='high',category='analytics'*/

The only limitation is that you can't use comments with a prepared statement:

// can't be used
const p = db.select().from().prepare();
// ❌
p.comment({ key: 'val' }).execute();

Bug fixes

... (truncated)

Commits

Updates minimatch from 10.0.3 to 10.2.3

Changelog

Sourced from minimatch's changelog.

change log

10.2

  • Add braceExpandMax option

10.1

  • Add magicalBraces option for escape
  • Fix makeRe when partial: true is set.
  • Fix makeRe when pattern ends in a final ** path part.

10.0

  • Require node 20 or 22 and higher

9.0

  • No default export, only named exports.

8.0

  • Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
  • Bump required Node.js version

7.4

  • Add escape() method
  • Add unescape() method
  • Add Minimatch.hasMagic() method

7.3

  • Add support for posix character classes in a unicode-aware way.

7.2

  • Add windowsNoMagicRoot option

7.1

  • Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

... (truncated)

Commits

Updates dompurify from 3.3.1 to 3.4.0

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.0

Most relevant changes:

  • Fixed a problem with FORBID_TAGS not winning over ADD_TAGS, thanks @​kodareef5
  • Fixed several minor problems and typos regarding MathML attributes, thanks @​DavidOliver
  • Fixed ADD_ATTR/ADD_TAGS function leaking into subsequent array-based calls, thanks @​1Jesper1
  • Fixed a missing SAFE_FOR_TEMPLATES scrub in RETURN_DOM path, thanks @​bencalif
  • Fixed a prototype pollution via CUSTOM_ELEMENT_HANDLING, thanks @​trace37labs
  • Fixed an issue with ADD_TAGS function form bypassing FORBID_TAGS, thanks @​eddieran
  • Fixed an issue with ADD_ATTR predicates skipping URI validation, thanks @​christos-eth
  • Fixed an issue with USE_PROFILES prototype pollution, thanks @​christos-eth
  • Fixed an issue leading to possible mXSS via Re-Contextualization, thanks @​researchatfluidattacks and others
  • Fixed an issue with closing tags leading to possible mXSS, thanks @​frevadiscor
  • Fixed a problem with the type dentition patcher after Node version bump
  • Fixed freezing BS runs by reducing the tested browsers array
  • Bumped several dependencies where possible
  • Added needed files for OpenSSF scorecard checks

Published Advisories are here: https://github.com/cure53/DOMPurify/security/advisories?state=published

DOMPurify 3.3.3

  • Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua

DOMPurify 3.3.2

  • Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
  • Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
  • Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
  • Bumped and removed several dependencies, thanks @​Rotzbua
  • Fixed the test suite after bumping dependencies, thanks @​Rotzbua
Commits
  • 5b16e0b Getting 3.x branch ready for 3.4.0 release (#1250)
  • 8bcbf73 chore: Preparing 3.3.3 release
  • 5faddd6 fix: engine requirement (#1210)
  • 0f91e3a Update README.md
  • d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
  • c3efd48 fix: moved back from jsdom 28 to jsdom 20
  • 988b888 fix: moved back from jsdom 28 to jsdom 20
  • 2726c74 chore: Preparing 3.3.2 release
  • 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
  • 302b51d fix: Expanded the regex ever so slightly to also cover script
  • Additional commits viewable in compare view

Updates @astrojs/cloudflare from 12.6.3 to 13.1.10

Changelog

Sourced from @​astrojs/cloudflare's changelog.

13.1.10

Patch Changes

  • #16320 a43eb4b Thanks @​matthewp! - Uses redirect: 'manual' for remote image fetches in the Cloudflare binding image transform, consistent with all other image fetch paths

  • #16307 a81dd3e Thanks @​matthewp! - Surfaces console.log and console.warn output from workerd during prerendering

  • Updated dependencies []:

    • @​astrojs/underscore-redirects@​1.0.3

13.1.9

Patch Changes

  • #16210 e030bd0 Thanks @​matthewp! - Fixes .svelte files in node_modules failing with Unknown file extension ".svelte" when using the Cloudflare adapter with prerenderEnvironment: 'node'

  • Updated dependencies []:

    • @​astrojs/underscore-redirects@​1.0.3

13.1.8

Patch Changes

  • #16225 756e7be Thanks @​travisbreaks! - Fixes ERR_MULTIPLE_CONSUMERS error when using Cloudflare Queues with prerendered pages. The prerender worker config callback now excludes queues.consumers from the entry worker config, since the prerender worker only renders static HTML and should not register as a queue consumer. Queue producers (bindings) are preserved.

  • #16192 79d86b8 Thanks @​alexanderniebuhr! - Removes an unused function re-export from the /info package path

  • Updated dependencies []:

    • @​astrojs/underscore-redirects@​1.0.3

13.1.7

Patch Changes

  • Updated dependencies [814406d]:
    • @​astrojs/underscore-redirects@​1.0.3

13.1.6

Patch Changes

  • #16151 4978165 Thanks @​matthewp! - Fixes a dev-mode crash loop in the Cloudflare adapter when using Starlight by excluding @astrojs/starlight from SSR dependency optimization

13.1.5

Patch Changes

  • #16109 c887b4a Thanks @​matthewp! - Fix HMR crash when editing content collection files caused by Vite's SSR transform colliding with zod v4's meta export

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​astrojs/cloudflare since your current version.


Updates astro from 5.7.13 to 6.1.10

Release notes

Sourced from astro's releases.

astro@6.1.10

Patch Changes

  • #16479 1058428 Thanks @​matthewp! - Fixes a spurious [WARN] [content] Content config not loaded warning during astro dev for projects that don't use content collections

  • #16457 3d82220 Thanks @​matthewp! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one

  • #16481 152700e Thanks @​matthewp! - Fixes a spurious 404 request for a dev toolbar sourcemap during astro dev caused by the browser mis-resolving a relative sourceMappingURL from the /@id/ URL prefix

  • #16480 1bcb43b Thanks @​matthewp! - Fixes an unnecessary full page reload on first navigation during dev

astro@6.1.9

Patch Changes

  • #16448 99464ed Thanks @​matthewp! - Updates vite, picomatch, and unstorage to latest patch versions

  • #16422 a3951d7 Thanks @​matthewp! - Hardens astro-island export resolution and hydration error handling for malformed component metadata

  • #16420 e21de1d Thanks @​matthewp! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation

  • #16419 f3485c3 Thanks @​matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

  • #16022 a002540 Thanks @​mathieumaf! - Fixes an issue where i18n domains would return 404 when trailingSlash is set to never.

  • Updated dependencies [99464ed, f3485c3]:

    • @​astrojs/internal-helpers@​0.9.0
    • @​astrojs/markdown-remark@​7.1.1

astro@6.1.8

Patch Changes

  • #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

  • #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

  • #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

  • #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

  • #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

  • #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

  • #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

  • Updated dependencies [e0b240e]:

    • @​astrojs/telemetry@​3.3.1
Changelog

Sourced from astro's changelog.

6.1.10

Patch Changes

  • #16479 1058428 Thanks @​matthewp! - Fixes a spurious [WARN] [content] Content config not loaded warning during astro dev for projects that don't use content collections

  • #16457 3d82220 Thanks @​matthewp! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one

  • #16481 152700e Thanks @​matthewp! - Fixes a spurious 404 request for a dev toolbar sourcemap during astro dev caused by the browser mis-resolving a relative sourceMappingURL from the /@id/ URL prefix

  • #16480 1bcb43b Thanks @​matthewp! - Fixes an unnecessary full page reload on first navigation during dev

6.1.9

Patch Changes

  • #16448 99464ed Thanks @​matthewp! - Updates vite, picomatch, and unstorage to latest patch versions

  • #16422 a3951d7 Thanks @​matthewp! - Hardens astro-island export resolution and hydration error handling for malformed component metadata

  • #16420 e21de1d Thanks @​matthewp! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation

  • #16419 f3485c3 Thanks @​matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

  • #16022 a002540 Thanks @​mathieumaf! - Fixes an issue where i18n domains would return 404 when trailingSlash is set to never.

  • Updated dependencies [

… updates

Bumps the npm_and_yarn group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [turbo](https://github.com/vercel/turborepo) | `2.8.13` | `2.9.14` |
| [electron](https://github.com/electron/electron) | `40.4.1` | `40.8.5` |
| [nitro](https://github.com/nitrojs/nitro) | `3.0.1-alpha.1` | `3.0.1-alpha.2` |
| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.25.2` | `1.26.0` |
| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `1.0.0-beta.16-ea816b6` | `1.0.0-beta.20` |
| [minimatch](https://github.com/isaacs/minimatch) | `10.0.3` | `10.2.3` |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.0` |
| [@astrojs/cloudflare](https://github.com/withastro/astro/tree/HEAD/packages/integrations/cloudflare) | `12.6.3` | `13.1.10` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.7.13` | `6.1.10` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.50.0` | `4.59.1` |

Bumps the npm_and_yarn group with 2 updates in the /packages/console/app directory: [nitro](https://github.com/nitrojs/nitro) and [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler).
Bumps the npm_and_yarn group with 1 update in the /packages/desktop-electron directory: [electron](https://github.com/electron/electron).
Bumps the npm_and_yarn group with 1 update in the /packages/enterprise directory: [nitro](https://github.com/nitrojs/nitro).
Bumps the npm_and_yarn group with 3 updates in the /packages/opencode directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk), [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) and [minimatch](https://github.com/isaacs/minimatch).
Bumps the npm_and_yarn group with 1 update in the /packages/ui directory: [dompurify](https://github.com/cure53/DOMPurify).
Bumps the npm_and_yarn group with 2 updates in the /packages/web directory: [@astrojs/cloudflare](https://github.com/withastro/astro/tree/HEAD/packages/integrations/cloudflare) and [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).


Updates `turbo` from 2.8.13 to 2.9.14
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.8.13...v2.9.14)

Updates `electron` from 40.4.1 to 40.8.5
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v40.4.1...v40.8.5)

Updates `nitro` from 3.0.1-alpha.1 to 3.0.1-alpha.2
- [Release notes](https://github.com/nitrojs/nitro/releases)
- [Changelog](https://github.com/nitrojs/nitro/blob/main/changelog.config.ts)
- [Commits](nitrojs/nitro@v3.0.1-alpha.1...v3.0.1-alpha.2)

Updates `@modelcontextprotocol/sdk` from 1.25.2 to 1.26.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@v1.25.2...v1.26.0)

Updates `drizzle-orm` from 1.0.0-beta.16-ea816b6 to 1.0.0-beta.20
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](https://github.com/drizzle-team/drizzle-orm/commits/v1.0.0-beta.20)

Updates `minimatch` from 10.0.3 to 10.2.3
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v10.0.3...v10.2.3)

Updates `dompurify` from 3.3.1 to 3.4.0
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.1...3.4.0)

Updates `@astrojs/cloudflare` from 12.6.3 to 13.1.10
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/cloudflare/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/cloudflare@13.1.10/packages/integrations/cloudflare)

Updates `astro` from 5.7.13 to 6.1.10
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.1.10/packages/astro)

Updates `wrangler` from 4.50.0 to 4.59.1
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.59.1/packages/wrangler)

Updates `nitro` from 3.0.1-alpha.1 to 3.0.1-alpha.2
- [Release notes](https://github.com/nitrojs/nitro/releases)
- [Changelog](https://github.com/nitrojs/nitro/blob/main/changelog.config.ts)
- [Commits](nitrojs/nitro@v3.0.1-alpha.1...v3.0.1-alpha.2)

Updates `wrangler` from 4.50.0 to 4.59.1
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.59.1/packages/wrangler)

Updates `electron` from 40.4.1 to 40.8.5
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v40.4.1...v40.8.5)

Updates `nitro` from 3.0.1-alpha.1 to 3.0.1-alpha.2
- [Release notes](https://github.com/nitrojs/nitro/releases)
- [Changelog](https://github.com/nitrojs/nitro/blob/main/changelog.config.ts)
- [Commits](nitrojs/nitro@v3.0.1-alpha.1...v3.0.1-alpha.2)

Updates `@modelcontextprotocol/sdk` from 1.25.2 to 1.26.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@v1.25.2...v1.26.0)

Updates `drizzle-orm` from 1.0.0-beta.16-ea816b6 to 1.0.0-beta.20
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](https://github.com/drizzle-team/drizzle-orm/commits/v1.0.0-beta.20)

Updates `minimatch` from 10.0.3 to 10.2.3
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v10.0.3...v10.2.3)

Updates `dompurify` from 3.3.1 to 3.4.0
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.1...3.4.0)

Updates `@astrojs/cloudflare` from 12.6.3 to 13.1.10
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/cloudflare/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/cloudflare@13.1.10/packages/integrations/cloudflare)

Updates `astro` from 5.7.13 to 6.1.10
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.1.10/packages/astro)

---
updated-dependencies:
- dependency-name: turbo
  dependency-version: 2.9.14
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: electron
  dependency-version: 40.8.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: nitro
  dependency-version: 3.0.1-alpha.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.26.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: drizzle-orm
  dependency-version: 1.0.0-beta.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 10.2.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.4.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@astrojs/cloudflare"
  dependency-version: 13.1.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: astro
  dependency-version: 6.1.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: wrangler
  dependency-version: 4.59.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: nitro
  dependency-version: 3.0.1-alpha.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: wrangler
  dependency-version: 4.59.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: electron
  dependency-version: 40.8.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: nitro
  dependency-version: 3.0.1-alpha.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.26.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: drizzle-orm
  dependency-version: 1.0.0-beta.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 10.2.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.4.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@astrojs/cloudflare"
  dependency-version: 13.1.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: astro
  dependency-version: 6.1.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants