chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates by dependabot[bot] · Pull Request #68 · vechain/x-app-template

dependabot · 2026-03-06T21:55:35Z

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
@babel/helpers	`7.24.5`	`7.28.6`
ajv	`6.12.6`	`6.14.0`
basic-ftp	`5.0.5`	`5.2.0`
immutable	`4.3.6`	`4.3.8`
minimatch	`3.1.2`	`3.1.5`
parse-duration	`1.1.0`	`1.1.2`
rollup	`4.58.0`	`4.59.0`
underscore	`1.13.6`	`1.13.8`

Bumps the npm_and_yarn group with 3 updates in the /packages/utils directory: bn.js, minimatch and rollup.

Updates @babel/helpers from 7.24.5 to 7.28.6

Release notes

Sourced from @babel/helpers's releases.

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types

#17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)

babel-plugin-transform-regenerator

#17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)

babel-plugin-transform-react-jsx

#17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

babel-core, babel-standalone

#17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

#17580 Allow Babel 8 in compatible Babel 7 plugins (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-plugin-transform-react-jsx

#17555 perf: Use lighter traversal for jsx __source,__self (@liuxingbaoyu)

Committers: 7

Babel Bot (@babel-bot)

Eliot Pontarelli (@kolvian)

Huáng Jùnliàng (@JLHwung)

Kadhirash Sivakumar (@kadhirash)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

coderaiser (@coderaiser)

v7.28.5 (2025-10-23)

Thank you @CO0Ki3, @Olexandr88, and @youthfulhps for your first PRs!

👓 Spec Compliance

babel-parser

#17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)

babel-helper-validator-identifier

#17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private

#17534 Allow mixing private destructuring and rest (@CO0Ki3)

babel-parser

#17521 Improve @babel/parser error typing (@JLHwung)

#17491 fix: improve ts-only declaration parsing (@JLHwung)

babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

... (truncated)

Commits

d7f4008 v7.28.6
99dcba5 chore: enable some ts-eslint rules (#17592)
c1b55f6 Use eslint.config.mts (#17573)
35055e3 v7.28.4
18d88b8 Improve @babel/core typings (#17471)
ef155f5 v7.28.3
741cbd2 chore: fix various typos across codebase (#17476)
cac0ff4 v7.28.2
f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
baa4cb8 v7.27.6
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @babel/helpers since your current version.

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates basic-ftp from 5.0.5 to 5.2.0

Release notes

Sourced from basic-ftp's releases.

5.2.0

Changed: Skip files with invalid name in downloadToDir.

5.1.0

Added: Add the option to prevent the use of separate transfer host IPs when using PASV. (#259)

Changelog

Sourced from basic-ftp's changelog.

5.2.0

Changed: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see GHSA-5rq4-664w-9x2c.

5.1.0

Added: Add the option to prevent the use of separate transfer host IPs when using PASV. (#259)

Commits

5d41e45 Bump version
49c2e73 Update dependencies
2a2a0e6 Skip invalid filenames
65c90d9 Fix permissions for workflows
593cb78 Set permissions for workflow jobs
36adf11 Remove deprecated CodeQL check
9da4af0 Update changelog
6993039 Improve naming
0b8f756 Improve naming
67a53f2 Bump version
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by patrickjuchli, a new releaser for basic-ftp since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates immutable from 4.3.6 to 4.3.8

Release notes

Sourced from immutable's releases.

v4.3.8

Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

v4.3.7

What's Changed

Fix issue with slice negative of filtered sequence by @jdeniau in immutable-js/immutable-js#2006

Full Changelog: immutable-js/immutable-js@v4.3.6...v4.3.7

Changelog

Sourced from immutable's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning. Dates are formatted as YYYY-MM-DD.

Unreleased

5.1.5

Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

5.1.4

Migrate some files to TS by @jdeniau in immutable-js/immutable-js#2125

Iterator.ts

PairSorting.ts

toJS.ts

Math.ts

Hash.ts

Extract CollectionHelperMethods and convert to TS by @jdeniau in immutable-js/immutable-js#2131

Use npm trusted publishing only to avoid token stealing.

Documentation

Fix/a11y issues by @lyannel in immutable-js/immutable-js#2136

Doc add Map.get signature update by @borracciaBlu in immutable-js/immutable-js#2138

fix(doc):minor-issues#2132 by @JayMeDotDot in immutable-js/immutable-js#2133

Fix algolia search by @jdeniau in immutable-js/immutable-js#2135

Typo in OrderedMap by @jdeniau in immutable-js/immutable-js#2144

Internal

chore: Sort all imports and activate eslint import rule by @jdeniau in immutable-js/immutable-js#2119

5.1.3

TypeScript

fix: allow readonly map entry constructor by @septs in immutable-js/immutable-js#2123

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples. We added a page about browser extensions too: https://immutable-js.com/browser-extension/

Internal

... (truncated)

Commits

485cbe0 4.3.8
6ed4eb6 Merge commit from fork
94bcd3c fix new proto key injection
faeb58b fix Prototype Pollution in mergeDeep, toJS, etc.
37ca417 release 4.3.7 (#2007)
23daf26 Fix issue with slice negative of filtered sequence (#2006)
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for immutable since your current version.

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates parse-duration from 1.1.0 to 1.1.2

Release notes

Sourced from parse-duration's releases.

v1.1.2

What's Changed

style: improve typings by @nordluf in jkroso/parse-duration#22

feat: enable default import syntax in typescript by @alonesuperman in jkroso/parse-duration#24

Make available unit types section a heading by @SparshithNR in jkroso/parse-duration#31

Add typings for translations by @piotr-musialek-skyrise in jkroso/parse-duration#38

feat(types): export units type by @sawa-ko in jkroso/parse-duration#39

Fix typings resolution when using TypeScript 4.7+ with ESM by @Nitive in jkroso/parse-duration#42

Fix ESM types by @remcohaszing in jkroso/parse-duration#43

fix return type by @trim21 in jkroso/parse-duration#50

Fix the type definitions for CJS by @remcohaszing in jkroso/parse-duration#48

Fix ESM types by @remcohaszing in jkroso/parse-duration#47

Fix types - use null instead of undefined by @Mykhailo-Sichkaruk in jkroso/parse-duration#53

Add next unit support by @dy in jkroso/parse-duration#55

Prevent using prototype properties as units by @goto-bus-stop in jkroso/parse-duration#56

New Contributors

@nordluf made their first contribution in jkroso/parse-duration#22

@alonesuperman made their first contribution in jkroso/parse-duration#24

@SparshithNR made their first contribution in jkroso/parse-duration#31

@piotr-musialek-skyrise made their first contribution in jkroso/parse-duration#38

@sawa-ko made their first contribution in jkroso/parse-duration#39

@Nitive made their first contribution in jkroso/parse-duration#42

@remcohaszing made their first contribution in jkroso/parse-duration#43

@trim21 made their first contribution in jkroso/parse-duration#50

@Mykhailo-Sichkaruk made their first contribution in jkroso/parse-duration#53

@goto-bus-stop made their first contribution in jkroso/parse-duration#56

Full Changelog: jkroso/parse-duration@v0.4.0...v1.1.2

Commits

18fe90a 1.1.2
c99127b Merge pull request #56 from goto-bus-stop/prototype
9c46937 Prevent using prototype properties as units
99f6e5e add failing tests for prototype properties
c70a87e Create tea.yaml
136ec3d Merge pull request #55 from jkroso/next-unit
f590aaa 1.1.1
ca66aab Update Readme.md
06141a9 Add lowercase test
8ee316c Update index.mjs
Additional commits viewable in compare view

Updates rollup from 4.58.0 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

Commits

ae84695 4.59.0
b39616e Update audit-resolve
c60770d Validate bundle stays within output dir (#6275)
See full diff in compare view

Updates underscore from 1.13.6 to 1.13.8

Commits

9374840 Merge branch 'release/1.13.8'
309ad7e Re-generate annotated sources and minified codemaps
a1ac1d3 Add links to diff and docs in 1.13.8 change log entry
b579595 Mention CVE-2026-27601 in comments and documentation (#3011)
45ea015 Revert obfuscations from 42823bb.
4a4019e Update minified bundles
1ccfdd0 Add preliminary release notes for 1.13.8
42823bb Temporarily obfuscate comments
a6e23ae Make _.isEqual nonrecursive
f2b5164 Add regression test against stack overflow in _.isEqual
Additional commits viewable in compare view

Updates bn.js from 4.12.0 to 4.12.3

Commits

39fe438 4.12.3
67ecb35 backport(4.x): fix imaskn state (#317)
c4098ba 4.12.2
6277fd7 backport(4.x): Fix imuln/muln with zero (backport of #313) (#314)
ac0d4af 4.12.1
a5f14b4 Fix serious issue in .toString(16) (#309)
0cd2661 Remove package-lock.json added by npm
See full diff in compare view

Updates bn.js from 5.2.1 to 5.2.3

Commits

39fe438 4.12.3
67ecb35 backport(4.x): fix imaskn state (#317)
c4098ba 4.12.2
6277fd7 backport(4.x): Fix imuln/muln with zero (backport of #313) (#314)
ac0d4af 4.12.1
a5f14b4 Fix serious issue in .toString(16) (#309)
0cd2661 Remove package-lock.json added by npm
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates rollup from 4.21.3 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

Commits

ae84695 4.59.0
b39616e Update audit-resolve
c60770d Validate bundle stays within output dir (#6275)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…updates Bumps the npm_and_yarn group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.24.5` | `7.28.6` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.2.0` | | [immutable](https://github.com/immutable-js/immutable-js) | `4.3.6` | `4.3.8` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [parse-duration](https://github.com/jkroso/parse-duration) | `1.1.0` | `1.1.2` | | [rollup](https://github.com/rollup/rollup) | `4.58.0` | `4.59.0` | | [underscore](https://github.com/jashkenas/underscore) | `1.13.6` | `1.13.8` | Bumps the npm_and_yarn group with 3 updates in the /packages/utils directory: [bn.js](https://github.com/indutny/bn.js), [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Updates `@babel/helpers` from 7.24.5 to 7.28.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-helpers) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `basic-ftp` from 5.0.5 to 5.2.0 - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.0.5...v5.2.0) Updates `immutable` from 4.3.6 to 4.3.8 - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](immutable-js/immutable-js@v4.3.6...v4.3.8) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `parse-duration` from 1.1.0 to 1.1.2 - [Release notes](https://github.com/jkroso/parse-duration/releases) - [Commits](jkroso/parse-duration@v1.1.0...v1.1.2) Updates `rollup` from 4.58.0 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.58.0...v4.59.0) Updates `underscore` from 1.13.6 to 1.13.8 - [Commits](jashkenas/underscore@1.13.6...1.13.8) Updates `bn.js` from 4.12.0 to 4.12.3 - [Release notes](https://github.com/indutny/bn.js/releases) - [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md) - [Commits](indutny/bn.js@v4.12.0...v4.12.3) Updates `bn.js` from 5.2.1 to 5.2.3 - [Release notes](https://github.com/indutny/bn.js/releases) - [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md) - [Commits](indutny/bn.js@v4.12.0...v4.12.3) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `rollup` from 4.21.3 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.58.0...v4.59.0) --- updated-dependencies: - dependency-name: "@babel/helpers" dependency-version: 7.28.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: basic-ftp dependency-version: 5.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: immutable dependency-version: 4.3.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: parse-duration dependency-version: 1.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: underscore dependency-version: 1.13.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bn.js dependency-version: 4.12.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bn.js dependency-version: 5.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 6, 2026

dependabot bot requested a review from a team as a code owner March 6, 2026 21:55

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 6, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates#68

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates#68
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-71133c67e1

dependabot bot commented on behalf of github Mar 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 6, 2026

v7.28.6 (2026-01-12)

🐛 Bug Fix

💅 Polish

🏠 Internal

🏃‍♀️ Performance

Committers: 7

v7.28.5 (2025-10-23)

👓 Spec Compliance

🐛 Bug Fix

5.2.0

5.1.0

5.2.0

5.1.0

v4.3.8

v4.3.7

What's Changed

Changelog

Unreleased

5.1.5

5.1.4

Documentation

Internal

5.1.3

TypeScript

Documentation

Internal

v1.1.2

What's Changed

New Contributors

v4.59.0

4.59.0

Features

Pull Requests

4.59.0

Features

Pull Requests

v4.59.0

4.59.0

Features

Pull Requests

4.59.0

Features

Pull Requests

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants