Bump the npm_and_yarn group across 1 directory with 2 updates #1
Conversation
Bumps the npm_and_yarn group with 2 updates in the / directory: [image-size](https://github.com/image-size/image-size) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `image-size` from 1.2.0 to 1.2.1 - [Release notes](https://github.com/image-size/image-size/releases) - [Commits](image-size/image-size@v1.2.0...v1.2.1) Updates `vite` from 6.2.2 to 6.3.4 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.3.4/packages/vite) --- updated-dependencies: - dependency-name: image-size dependency-version: 1.2.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.3.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Compliance Checks
Thank you for your Pull Request! We have run several checks on this pull request in order to make sure it's suitable for merging into this project. The results are listed in the following section.
Issue Reference
In order to be considered for merging, the pull request description must refer to a specific issue number. This is described in our Contributing Guide. We are closing this pull request for now but you can update the pull request description and reopen the pull request.
The check is looking for a phrase similar to: "Fixes #XYZ" or "Resolves #XYZ" where XYZ is the issue number that this PR is meant to address.
Conventional Commit PR Title
In order to be considered for merging, the pull request title must match the specification in conventional commits. You can edit the title in order for this check to pass.
Most often, our PR titles are something like one of these:
- docs: correct typo in README
- feat: implement dark mode"
- fix: correct remove button behavior
Linting Errors
- Found type "null", must be one of "feat","fix","docs","style","refactor","perf","test","build","ci","chore","revert"
- No subject found
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
Rebasing might not happen immediately, so don't worry if this takes some time.
Note: if you make any changes to this PR yourself, they will take precedence over the rebase.
Bumps the npm_and_yarn group with 2 updates in the / directory: image-size and vite.
Updates
image-sizefrom 1.2.0 to 1.2.1Release notes
Sourced from image-size's releases.
Commits
a4178fb1.2.1640a67dfix potential Denial of Service via specially crafted payloadsUpdates
vitefrom 6.2.2 to 6.3.4Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
b040d54release: v6.3.4c22c43dfix: check static serve file inside sirv (#19965)efc5eabfix(optimizer): return plain object when usingrequireto import externals ...d6d01c2refactor: remove duplicate plugin context type (#19935)db9eb97release: v6.3.3e4d5201fix: ignore malformed uris in tranform middleware (#19853)55cfd04perf: skip sourcemap generation for renderChunk hook of import-analysis-build...ffab442fix(css): resolve relative imports in sass properly on Windows (#19920)16a73c0fix(assets): ensure ?no-inline is not included in the asset url in the produc...9399cdatest(ssr): testssrTransformre-export deps and test stacktrace with first ...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.