Skip to content

Bump @xmldom/xmldom and msw in /forms-flow-web#3280

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/forms-flow-web/multi-7cb5744dc0
Open

Bump @xmldom/xmldom and msw in /forms-flow-web#3280
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/forms-flow-web/multi-7cb5744dc0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026
edited by github-actions Bot
Loading

User description

Removes @xmldom/xmldom. It's no longer used after updating ancestor dependency msw. These dependencies need to be updated together.

Removes @xmldom/xmldom

Updates msw from 0.36.8 to 2.13.5

Release notes

Sourced from msw's releases.

v2.13.5 (2026-04-23)

Bug Fixes

  • reset generator state on .resetHandlers()/.restoreHandlers() (#2725) (8d16801cacd89e5aff336c43e888df19fad04417) @​kettanaito

v2.13.4 (2026-04-16)

Bug Fixes

v2.13.3 (2026-04-14)

Bug Fixes

v2.13.2 (2026-04-08)

Bug Fixes

  • delay: prevent infinite mode from throwing (#2697) (613d4a1d6cd96e006af126d6a13e32e884f48733) @​kettanaito

v2.13.1 (2026-04-07)

Bug Fixes

  • annotate life-cycle events correctly (#2694) (e7890e91627c828bd4d788f09e179bffbc8a8506) @​kettanaito

v2.13.0 (2026-04-06)

Features

  • use the network source architecture (defineNetwork) (#2650) (2b73790082d412580047c430519340958025226d) @​kettanaito @​felmonon
  • handlers are now grouped internally by kind, making handler lookup a O(1) operation.
  • handlers filtering no longer uses an instanceof check. Instead, the kind property of the handler is used.

Bug fixes

  • fix an issue where a WebSocket connection would be logged in the console even when there are no matching event handlers for it.

v2.12.14 (2026-03-21)

Bug Fixes

... (truncated)

Commits
  • d814fc8 chore(release): v2.13.5
  • 8d16801 fix: reset generator state on .resetHandlers()/.restoreHandlers() (#2725)
  • edeb058 chore: replace missing ServiceWorkerIncomingRequest with `IncomingWorkerReq...
  • 20521b9 chore(release): v2.13.4
  • 580256b fix: implement proper ServiceWorkerSource singleton pattern (#2715)
  • 9dedf52 fix: use verbatimModuleSyntax consistently in exports (#2702)
  • d0cbd2d fix: update dependencies (#2719)
  • 429e05c fix(sse): respect request.signal for the underlying stream (#2718)
  • 41f725d chore(release): v2.13.3
  • feee3ed fix: update rettime to 0.11.7 (#2711)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for msw since your current version.

Install script changes

This version modifies postinstall script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

PR Type

Other

Description

  • Upgrade msw development dependency

  • Move from ^0.36.0 to ^2.13.5

Diagram Walkthrough

flowchart LR
  pkg["forms-flow-web/package.json"]
  old["msw ^0.36.0"]
  new["msw ^2.13.5"]
  pkg -- "updates" --> old
  old -- "bumped to" --> new
Loading

File Walkthrough
Relevant files
Dependencies
package.json
Upgrade `msw` development dependency version                         

forms-flow-web/package.json

  • Updated the msw devDependency version
  • Bumped msw from ^0.36.0 to ^2.13.5
 +1/-1     

@dependabot
Bump @xmldom/xmldom and msw in /forms-flow-web
9b40f6d 
Removes [@xmldom/xmldom](https://github.com/xmldom/xmldom). It's no longer used after updating ancestor dependency [msw](https://github.com/mswjs/msw). These dependencies need to be updated together.


Removes `@xmldom/xmldom`

Updates `msw` from 0.36.8 to 2.13.5
- [Release notes](https://github.com/mswjs/msw/releases)
- [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md)
- [Commits](mswjs/msw@v0.36.8...v2.13.5)

---
updated-dependencies:
- dependency-name: "@xmldom/xmldom"
  dependency-version: 
  dependency-type: indirect
- dependency-name: msw
  dependency-version: 2.13.5
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 23, 2026
@dependabot dependabot Bot requested review from a team as code owners April 23, 2026 01:59
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 23, 2026
@dependabot dependabot Bot mentioned this pull request Apr 23, 2026
Closed
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 23, 2026

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis ❌

2718 - Not compliant

Non-compliant requirements:

  • Bump http-proxy-middleware from 2.0.7 to 2.0.9
  • Apply the change in /forms-flow-web-root-config

2725 - Partially compliant

Compliant requirements:

  • Use a meaningful PR title

Non-compliant requirements:

  • Add a dependency so view_process_diagram requires view_history_permission
  • Update changelog

2702 - Partially compliant

Compliant requirements:

  • Use a meaningful PR title

Non-compliant requirements:

  • Deliver the client submission bug fixes described by FWF-4430
  • Update changelog
⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ No major issues detected

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 23, 2026

PR Code Suggestions ✨

No code suggestions found for the PR.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 23, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code Review effort 1/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants