Skip to content

chore(deps): bump astro-mermaid from 2.0.1 to 2.0.2 in /web#34

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/web/main/astro-mermaid-2.0.2
Open

chore(deps): bump astro-mermaid from 2.0.1 to 2.0.2 in /web#34
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/web/main/astro-mermaid-2.0.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps astro-mermaid from 2.0.1 to 2.0.2.

Release notes

Sourced from astro-mermaid's releases.

v2.0.2

2.0.2 (2026-06-01)

Bug Fixes

Commits
  • 002bd34 fix: patch vitest UI critical security vulnerability (GHSA-5xrq-8626-4rwp) (#60)
  • fc49f71 chore(deps-dev): bump astro in the npm_and_yarn group across 1 directory (#57)
  • cd7ed56 ci: configure npm trusted publishing oidc (#58)
  • 5055350 chore(deps-dev): bump the npm_and_yarn group across 1 directory with 2 update...
  • 63b204a chore(deps): bump the npm_and_yarn group across 1 directory with 7 updates (#55)
  • 5646a21 chore(deps-dev): bump picomatch (#54)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for astro-mermaid since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 8, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Deploying boiler with  Cloudflare Pages  Cloudflare Pages

Latest commit: 8001e07
Status: ✅  Deploy successful!
Preview URL: https://a05f78ef.boiler-xp9.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-web-oj90.boiler-xp9.pages.dev

View logs

@greptile-apps

greptile-apps Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Greptile Summary

This is an automated Dependabot patch bump of astro-mermaid from 2.0.1 to 2.0.2 in the web package. The upstream release patches a critical security vulnerability in the vitest UI (GHSA-5xrq-8626-4rwp).

  • web/package.json and web/package-lock.json are updated to reflect the new version and its verified integrity hash.
  • No API or interface changes are introduced; this is a pure security patch of a transitive dev dependency.

Confidence Score: 5/5

Safe to merge — minimal patch-level dependency bump with no code changes and a matching lockfile update.

The change only updates astro-mermaid from 2.0.1 to 2.0.2 in both package.json and package-lock.json. The new version patches a known security vulnerability in a dev/test dependency (vitest UI); the lockfile integrity hash is also updated, confirming the correct package was resolved. No production logic, APIs, or interfaces are touched.

No files require special attention.

Important Files Changed

Filename Overview
web/package.json Bumps astro-mermaid from ^2.0.1 to ^2.0.2 — a patch-level dependency update
web/package-lock.json Lockfile updated to resolve astro-mermaid 2.0.2 with a new integrity hash; no other dependency changes

Reviews (2): Last reviewed commit: "chore(deps): bump astro-mermaid from 2.0..." | Re-trigger Greptile

@dependabot
chore(deps): bump astro-mermaid from 2.0.1 to 2.0.2 in /web
8001e07 
Bumps [astro-mermaid](https://github.com/joesaby/astro-mermaid) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/joesaby/astro-mermaid/releases)
- [Commits](joesaby/astro-mermaid@v2.0.1...v2.0.2)

---
updated-dependencies:
- dependency-name: astro-mermaid
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/web/main/astro-mermaid-2.0.2 branch from c6a671e to 8001e07 Compare June 8, 2026 03:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants