chore(deps): bump the npm_and_yarn group across 2 directories with 23 updates by dependabot[bot] · Pull Request #6 · trizist/dev

dependabot · 2026-01-20T23:51:20Z

Bumps the npm_and_yarn group with 19 updates in the / directory:

Package	From	To
@openzeppelin/contracts	`4.9.2`	`4.9.6`
axios	`1.3.4`	`1.12.0`
ws	`7.4.6`	`7.5.10`
@adobe/css-tools	`4.3.1`	`4.4.4`
@babel/helpers	`7.23.2`	`7.28.6`
@solana/web3.js	`1.87.2`	`1.98.4`
base-x	`3.0.9`	`3.0.11`
brace-expansion	`1.1.11`	`1.1.12`
cipher-base	`1.0.4`	`1.0.7`
es5-ext	`0.10.62`	`0.10.64`
esbuild	`0.19.5`	`0.19.12`
express	`4.18.2`	`4.22.1`
min-document	`2.19.0`	`2.19.2`
parse-duration	`1.1.0`	`1.1.2`
pbkdf2	`3.1.2`	`3.1.5`
secp256k1	`3.8.0`	`3.8.1`
sha.js	`2.4.11`	`2.4.12`
tar-fs	`1.16.3`	`1.16.6`
undici	`5.26.5`	`5.29.0`

Bumps the npm_and_yarn group with 1 update in the /packages/dev-frontend directory: axios.

Updates @openzeppelin/contracts from 4.9.2 to 4.9.6

Release notes

Sourced from @openzeppelin/contracts's releases.

v4.9.6

Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

v4.9.5

Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

v4.9.4

ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.

Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.

v4.9.3

Note This release contains a fix for GHSA-g4vp-m682-qqmp.

ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)

ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

Changelog

Sourced from @openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

4.9.5 (2023-12-08)

Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

4.9.3 (2023-07-28)

ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)

ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

Commits

dc44c9f Release v4.9.6 (#4931)
a6286d0 Port Base64 tests to truffle (#4926) (#4929)
bd325d5 Release v4.9.5 (#4790)
ad6a5b6 Add changeset
88ac712 Replace double functionDelegateCall
a83918d Bump node CI version to 16.x
0d5f54e Release v4.9.4 (#4784)
ccfffe1 Make Multicall context-aware
9329cfa Remove Wizard page from 4.x
e1b3d8c Remove Wizard from 4.x navigation
Additional commits viewable in compare view

Updates axios from 1.3.4 to 1.12.0

Release notes

Sourced from axios's releases.

Release v1.12.0

Release notes:

Bug Fixes

adding build artifacts (9ec86de)

dont add dist on release (a2edc36)

fetch-adapter: set correct Content-Type for Node FormData (#6998) (a9f47af)

node: enforce maxContentLength for data: URLs (#7011) (945435f)

package exports (#5627) (aa78ac2)

params: removing '[' and ']' from URL encode exclude characters (#3316) (#5715) (6d84189)

release pr run (fd7f404)

types: change the type guard on isCancel (#5595) (0dbb7fd)

Features

adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)

fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)

support reviver on JSON.parse (#5926) (2a97634), closes #5924

types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

Willian Agostini

Dmitriy Mozgovoy

khani

Ameer Assadi

Emiedonmokumo Dick-Boro

Zeroday BYTE

Jason Saayman

최예찬

Gligor Kotushevski

Aleksandar Dimitrov

Release v1.11.0

Release notes:

Bug Fixes

form-data npm pakcage (#6970) (e72c193)

prevent RangeError when using large Buffers (#6961) (a2214ca)

types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

izzy goldman

Manish Sahani

Noritaka Kobayashi

James Nail

Tejaswi1305

... (truncated)

Changelog

Sourced from axios's changelog.

1.12.0 (2025-09-11)

Bug Fixes

adding build artifacts (9ec86de)

dont add dist on release (a2edc36)

fetch-adapter: set correct Content-Type for Node FormData (#6998) (a9f47af)

node: enforce maxContentLength for data: URLs (#7011) (945435f)

package exports (#5627) (aa78ac2)

params: removing '[' and ']' from URL encode exclude characters (#3316) (#5715) (6d84189)

release pr run (fd7f404)

types: change the type guard on isCancel (#5595) (0dbb7fd)

Features

adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)

fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)

support reviver on JSON.parse (#5926) (2a97634), closes #5924

types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

Willian Agostini

Dmitriy Mozgovoy

khani

Ameer Assadi

Emiedonmokumo Dick-Boro

Zeroday BYTE

Jason Saayman

최예찬

Gligor Kotushevski

Aleksandar Dimitrov

1.11.0 (2025-07-22)

Bug Fixes

form-data npm pakcage (#6970) (e72c193)

prevent RangeError when using large Buffers (#6961) (a2214ca)

types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

izzy goldman

Manish Sahani

Noritaka Kobayashi

James Nail

... (truncated)

Commits

0d8ad6e chore(release): v1.12.0 (#7013)
fd7f404 fix: release pr run
a2edc36 fix: dont add dist on release
9ec86de fix: adding build artifacts
945435f fix(node): enforce maxContentLength for data: URLs (#7011)
28e5e30 chore(sponsor): update sponsor block (#7005)
d03f245 chore(CI): fixed release info script to use npm registry instead of git as fi...
a0bc911 chore: removing dist files from src (#7002)
c959ff2 feat(fetch): add fetch, Request, Response env config variables for the adapte...
a9f47af fix(fetch-adapter): set correct Content-Type for Node FormData (#6998)
Additional commits viewable in compare view

Updates ws from 7.4.6 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

Backported 0fdcc0af to the 7.x release line (2758ed35).

Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

Backported b8186dd1 to the 7.x release line (73dec34b).

Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

Backported 6a72da3e to the 7.x release line (76087fbf).

Backported 869c9892 to the 7.x release line (27997933).

7.5.3

Bug fixes

The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).

Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).

Fixed a bug that allowed WebSocket connections to be established after WebSocketServer.prototype.close() was called (772236a1).

7.5.2

Bug fixes

... (truncated)

Commits

d962d70 [dist] 7.5.10
22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
8a78f87 [dist] 7.5.9
0435e6e [security] Fix same host check for ws+unix: redirects
4271f07 [dist] 7.5.8
dc1781b [security] Drop sensitive headers when following insecure redirects
2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
a370613 [dist] 7.5.7
1f72e2e [security] Drop sensitive headers when following redirects (#2013)
8ecd890 [dist] 7.5.6
Additional commits viewable in compare view

Updates @adobe/css-tools from 4.3.1 to 4.4.4

Changelog

Sourced from @adobe/css-tools's changelog.

[4.4.4] - 2025-07-22

Changed

Switch from yarn to npm for package management

Switch from eslint to biome for code formatting and linting

Reformat codebase to comply with biome recommendations

Switch from webpack to rollup for bundling

Fixed

Fix module exports to ensure proper compatibility with bundlers

Add validation check to prevent future export issues

[4.4.3] - 2025-05-15

Security

Fix polynomial regular expression vulnerability on uncontrolled data

Refactor code to enable GitHub security static analysis

Performance

Improve parsing performance with minor optimizations

Replace regex patterns with string search (indexOf-based) for better performance

Added

Add new utility functions with comprehensive unit tests

Add improved formatting for CSS Grid template areas (#283 by @jogibear9988)

Fixed

Fix TypeScript error with ConstructorParameters in Parcel bundler (#444)

[4.4.2] - 2025-02-12

Fixed

Fix regular expression for parsing quoted values in parentheses

[4.4.0] - 2024-06-05

Added

Add support for CSS @starting-style at-rule (#319)

[4.3.3] - 2024-01-24

Changed

Update package export configuration (#271)

[4.3.2] - 2023-11-28

Security

Fix ReDoS vulnerability with crafted CSS strings - CVE-2023-48631

Fixed

... (truncated)

Commits

See full diff in compare view

Updates @babel/helpers from 7.23.2 to 7.28.6

Release notes

Sourced from @babel/helpers's releases.

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types

#17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)

babel-plugin-transform-regenerator

#17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)

babel-plugin-transform-react-jsx

#17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

babel-core, babel-standalone

#17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

#17580 Allow Babel 8 in compatible Babel 7 plugins (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-plugin-transform-react-jsx

#17555 perf: Use lighter traversal for jsx __source,__self (@liuxingbaoyu)

Committers: 7

Babel Bot (@babel-bot)

Eliot Pontarelli (@kolvian)

Huáng Jùnliàng (@JLHwung)

Kadhirash Sivakumar (@kadhirash)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

coderaiser (@coderaiser)

v7.28.5 (2025-10-23)

Thank you @CO0Ki3, @Olexandr88, and @youthfulhps for your first PRs!

👓 Spec Compliance

babel-parser

#17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)

babel-helper-validator-identifier

#17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private

#17534 Allow mixing private destructuring and rest (@CO0Ki3)

babel-parser

#17521 Improve @babel/parser error typing (@JLHwung)

#17491 fix: improve ts-only declaration parsing (@JLHwung)

babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

... (truncated)

Changelog

Sourced from @babel/helpers's changelog.

Changelog

Tags:

💥 [Breaking Change]

👓 [Spec Compliance]

🚀 [New Feature]

🐛 [Bug Fix]

📝 [Documentation]

🏠 [Internal]

💅 [Polish]

Note: Gaps between patch versions are faulty, broken or test releases.

This file contains the changelog starting from v7.15.0.

See CHANGELOG - v7.0.0 to v7.14.9 for v7.0.0 to v7.14.9 changes.

See CHANGELOG - v7 prereleases for v7.0.0-alpha.1 to v7.0.0-rc.4 changes.

See CHANGELOG - v4, CHANGELOG - v5, and CHANGELOG - v6 for v4.x-v6.x changes.

See CHANGELOG - 6to5 for the pre-4.0.0 version changelog.

See Babylon's CHANGELOG for the Babylon pre-7.0.0-beta.29 version changelog.

See babel-eslint's releases for the changelog before @babel/eslint-parser 7.8.0.

See eslint-plugin-babel's releases for the changelog before @babel/eslint-plugin 7.8.0.

v7.28.5 (2025-10-23)

👓 Spec Compliance

babel-parser

#17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)

babel-helper-validator-identifier

#17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private

#17534 Allow mixing private destructuring and rest (@CO0Ki3)

babel-parser

#17521 Improve @babel/parser error typing (@JLHwung)

#17491 fix: improve ts-only declaration parsing (@JLHwung)

babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

#17519 fix: rest correctly returns plain array (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types

#17503 Fix JSXIdentifier handling in isReferencedIdentifier (@JLHwung)

babel-traverse

#17504 fix: ensure scope.push register in anonymous fn (@JLHwung)

🏠 Internal

babel-types

#17494 Type checking babel-types scripts (@JLHwung)

... (truncated)

Commits

d7f4008 v7.28.6
99dcba5 chore: enable some ts-eslint rules (#17592)
c1b55f6 Use eslint.config.mts (#17573)
35055e3 v7.28.4
18d88b8 Improve @babel/core typings (#17471)
ef155f5 v7.28.3
741cbd2 chore: fix various typos across codebase (#17476)
cac0ff4 v7.28.2
f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
baa4cb8 v7.27.6
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @babel/helpers since your current version.

Updates @solana/web3.js from 1.87.2 to 1.98.4

Release notes

Sourced from @solana/web3.js's releases.

v1.98.4

1.98.4 (2025-07-31)

Bug Fixes

Add Cost Units (Transaction Cost) (#3750) (c26c13b)

v1.98.3

1.98.3 (2025-07-31)

Reverts

Revert "chore: Add costUnits to transaction classes (#3748)" (#3749) (3d0e82a)

v1.98.2

1.98.2 (2025-04-24)

Bug Fixes

update base-x to 3.0.11 in lockfile (#3731) (6f265af)

v1.98.1

1.98.1 (2025-04-22)

Bug Fixes

patch bigint-buffer (#3727) (d3dc5d5)

v1.98.0

1.98.0 (2024-12-16)

Features

Agave v2 RPC: replace getRecentBlockhash with getLatestBlockhash (#3419) (8ea27fc)

v1.97.0

1.97.0 (2024-12-16)

Features

agave v2 rpc: replace getConfirmedTransaction with getTransaction (#3418) (a805cb9)

v1.96.0

1.96.0 (2024-12-16)

Features

Agave v2 RPC: replace getConfirmedBlock with getBlock (#3417) (60e39a6)

v1.95.8

... (truncated)

Commits

c26c13b fix: Add Cost Units (Transaction Cost) (#3750)
3d0e82a Revert "chore: Add costUnits to transaction classes (#3748)" (#3749)
720a428 chore: Add costUnits to transaction classes (#3748)
6f265af fix: update base-x to 3.0.11 in lockfile (#3731)
d3dc5d5 fix: patch bigint-buffer (#3727)
d0e77cf updated for migrated repo (#3728)
4e9988c chore: readme (#3725)
8ea27fc feat: Agave v2 RPC: replace getRecentBlockhash with getLatestBlockhash (#...
a805cb9 feat: agave v2 rpc: replace getConfirmedTransaction with getTransaction (...
60e39a6 feat: Agave v2 RPC: replace getConfirmedBlock with getBlock (#3417)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by solana-devs, a new releaser for @solana/web3.js since your current version.

Updates base-x from 3.0.9 to 3.0.11

Commits

043a888 3.0.11
2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
3d43c0e 3.0.10
0a35446 Improve decoding performance
See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates cipher-base from 1.0.4 to 1.0.7

Changelog

Sourced from cipher-base's changelog.

v1.0.7 - 2025-09-24

Commits

[Refactor] use to-buffer fd1e5ee

[Dev Deps] update @ljharb/eslint-config 08ba803

v1.0.6 - 2024-11-26

Commits

[Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

[Tests] standard -> eslint, make test dir, etc ae02fd6

[Tests] migrate from travis to GHA 66387d7

[meta] fix package.json indentation 5c02918

[Fix] return valid values on multi-byte-wide TypedArray input 8fd1364

[meta] add auto-changelog 88dc806

[meta] add npmignore and safe-publish-latest 7a137d7

Only apps should have lockfiles 42528f2

[Deps] update inherits, safe-buffer 0e7a2d9

[meta] add missing engines.node f2dc13e

Commits

0056718 v1.0.7
fd1e5ee [Refactor] use to-buffer
08ba803 [Dev Deps] update @ljharb/eslint-config
f5249f9 v1.0.6
b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
f03cebf v1.0.5
88dc806 [meta] add auto-changelog
7a137d7 [meta] add npmignore and safe-publish-latest
5c02918 [meta] fix package.json indentation
8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Updates es5-ext from 0.10.62 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

Comparison since last release

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

Commits

f76b03d chore: Release v0.10.64
2881acd chore: Bump dependencies
c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
16f2b72 docs: Fix date in the changelog
de4e03c chore: Release v0.10.63
3fd53b7 chore: Upgrade lint-staged to v13
bf8ed79 chore: Ensure postinstall script does not crash on Windows
2cbbb07 chore: Bump dependencies
22d0416 chore: Bump LICENSE year
a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
Additional commits viewable in compare view

Updates esbuild from 0.19.5 to 0.19.12

Release notes

Sourced from esbuild's releases.

v0.19.12

The "preserve" JSX mode now preserves JSX text verbatim (#3605)

The JSX specification deliberately doesn't specify how JSX text is supposed to be interpreted and there is no canonical way to interpret JSX text. Two most popular interpretations are Babel and TypeScript. Yes they are different (esbuild deliberately follows TypeScript by the way).

Previou...
Description has been truncated

… updates Bumps the npm_and_yarn group with 19 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts) | `4.9.2` | `4.9.6` | | [axios](https://github.com/axios/axios) | `1.3.4` | `1.12.0` | | [ws](https://github.com/websockets/ws) | `7.4.6` | `7.5.10` | | [@adobe/css-tools](https://github.com/adobe/css-tools) | `4.3.1` | `4.4.4` | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.23.2` | `7.28.6` | | [@solana/web3.js](https://github.com/solana-foundation/solana-web3.js) | `1.87.2` | `1.98.4` | | [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.9` | `3.0.11` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.62` | `0.10.64` | | [esbuild](https://github.com/evanw/esbuild) | `0.19.5` | `0.19.12` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.1` | | [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` | | [parse-duration](https://github.com/jkroso/parse-duration) | `1.1.0` | `1.1.2` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.5` | | [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `3.8.0` | `3.8.1` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `1.16.3` | `1.16.6` | | [undici](https://github.com/nodejs/undici) | `5.26.5` | `5.29.0` | Bumps the npm_and_yarn group with 1 update in the /packages/dev-frontend directory: [axios](https://github.com/axios/axios). Updates `@openzeppelin/contracts` from 4.9.2 to 4.9.6 - [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases) - [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md) - [Commits](OpenZeppelin/openzeppelin-contracts@v4.9.2...v4.9.6) Updates `axios` from 1.3.4 to 1.12.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.3.4...v1.12.0) Updates `ws` from 7.4.6 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.4.6...7.5.10) Updates `@adobe/css-tools` from 4.3.1 to 4.4.4 - [Changelog](https://github.com/adobe/css-tools/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/adobe/css-tools/commits) Updates `@babel/helpers` from 7.23.2 to 7.28.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-helpers) Updates `@solana/web3.js` from 1.87.2 to 1.98.4 - [Release notes](https://github.com/solana-foundation/solana-web3.js/releases) - [Commits](solana-foundation/solana-web3.js@v1.87.2...v1.98.4) Updates `base-x` from 3.0.9 to 3.0.11 - [Commits](cryptocoinjs/base-x@v3.0.9...v3.0.11) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `es5-ext` from 0.10.62 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.62...v0.10.64) Updates `esbuild` from 0.19.5 to 0.19.12 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/v0.19.12/CHANGELOG.md) - [Commits](evanw/esbuild@v0.19.5...v0.19.12) Updates `express` from 4.18.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.2...v4.22.1) Updates `follow-redirects` from 1.15.3 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.3...v1.15.11) Updates `min-document` from 2.19.0 to 2.19.2 - [Commits](Raynos/min-document@v2.19.0...v2.19.2) Updates `parse-duration` from 1.1.0 to 1.1.2 - [Release notes](https://github.com/jkroso/parse-duration/releases) - [Commits](jkroso/parse-duration@v1.1.0...v1.1.2) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `pbkdf2` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.2...v3.1.5) Updates `secp256k1` from 3.8.0 to 3.8.1 - [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases) - [Commits](cryptocoinjs/secp256k1-node@v3.8.0...v3.8.1) Updates `send` from 0.18.0 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serve-static` from 1.15.0 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `tar-fs` from 1.16.3 to 1.16.6 - [Commits](mafintosh/tar-fs@v1.16.3...v1.16.6) Updates `undici` from 5.26.5 to 5.29.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.26.5...v5.29.0) Updates `axios` from 1.3.4 to 1.12.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.3.4...v1.12.0) --- updated-dependencies: - dependency-name: "@openzeppelin/contracts" dependency-version: 4.9.6 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.12.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@adobe/css-tools" dependency-version: 4.4.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/helpers" dependency-version: 7.28.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@solana/web3.js" dependency-version: 1.98.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base-x dependency-version: 3.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-version: 0.10.64 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.19.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: min-document dependency-version: 2.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: parse-duration dependency-version: 1.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: secp256k1 dependency-version: 3.8.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 1.16.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 5.29.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.12.0 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

coderabbitai · 2026-01-20T23:51:37Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 20, 2026

This was referenced Jan 20, 2026

bump axios from 1.3.4 to 1.12.0 #1

Closed

bump pbkdf2 from 3.1.2 to 3.1.3 #2

Closed

bump cipher-base from 1.0.4 to 1.0.6 #3

Closed

chore(deps): bump sha.js from 2.4.11 to 2.4.12 #4

Closed

chore(deps): bump undici from 5.26.5 to 5.29.0 #5

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 2 directories with 23 updates#6

chore(deps): bump the npm_and_yarn group across 2 directories with 23 updates#6
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/npm_and_yarn-50cb1a2930

dependabot bot commented on behalf of github Jan 20, 2026

Uh oh!

coderabbitai bot commented Jan 20, 2026

Review skipped

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Jan 20, 2026

v4.9.6

v4.9.5

v4.9.4

v4.9.3

4.9.6 (2024-02-29)

4.9.5 (2023-12-08)

4.9.3 (2023-07-28)

Release v1.12.0

Release notes:

Bug Fixes

Features

Contributors to this release

Release v1.11.0

Release notes:

Bug Fixes

Contributors to this release

1.12.0 (2025-09-11)

Bug Fixes

Features

Contributors to this release

1.11.0 (2025-07-22)

Bug Fixes

Contributors to this release

7.5.10

Bug fixes

7.5.9

Bug fixes

7.5.8

Bug fixes

7.5.7

Bug fixes

7.5.6

Bug fixes

7.5.5

Bug fixes

7.5.4

Bug fixes

7.5.3

Bug fixes

7.5.2

Bug fixes

[4.4.4] - 2025-07-22

Changed

Fixed

[4.4.3] - 2025-05-15

Security

Performance

Added

Fixed

[4.4.2] - 2025-02-12

Fixed

[4.4.0] - 2024-06-05

Added

[4.3.3] - 2024-01-24

Changed

[4.3.2] - 2023-11-28

Security

Fixed

v7.28.6 (2026-01-12)

🐛 Bug Fix

💅 Polish

🏠 Internal

🏃‍♀️ Performance

Committers: 7

v7.28.5 (2025-10-23)

👓 Spec Compliance

🐛 Bug Fix

Changelog

v7.28.5 (2025-10-23)

👓 Spec Compliance

🐛 Bug Fix

🏠 Internal

v1.98.4

1.98.4 (2025-07-31)

Bug Fixes

v1.98.3

1.98.3 (2025-07-31)

Reverts