Skip to content

build(deps): Bump the minor-and-patch group across 1 directory with 8 updates#6

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-020a27d754
Closed

build(deps): Bump the minor-and-patch group across 1 directory with 8 updates#6
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-020a27d754

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown

Bumps the minor-and-patch group with 7 updates in the / directory:

Package From To
@fortawesome/fontawesome-svg-core 7.2.0 7.3.0
@fortawesome/free-solid-svg-icons 7.2.0 7.3.0
@tailwindcss/vite 4.3.1 4.3.2
html2canvas-pro 2.2.0 2.2.1
i18next 26.3.2 26.3.4
@playwright/test 1.61.0 1.61.1
@tauri-apps/cli 2.11.3 2.11.4

Updates @fortawesome/fontawesome-svg-core from 7.2.0 to 7.3.0

Release notes

Sourced from @​fortawesome/fontawesome-svg-core's releases.

Release 7.3.0

Change log available at https://fontawesome.com/docs/changelog/

Commits

Updates @fortawesome/free-solid-svg-icons from 7.2.0 to 7.3.0

Release notes

Sourced from @​fortawesome/free-solid-svg-icons's releases.

Release 7.3.0

Change log available at https://fontawesome.com/docs/changelog/

Commits

Updates @tailwindcss/vite from 4.3.1 to 4.3.2

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.3.2

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)
Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.3.2] - 2026-06-26

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)
Commits

Updates html2canvas-pro from 2.2.0 to 2.2.1

Release notes

Sourced from html2canvas-pro's releases.

v2.2.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from html2canvas-pro's changelog.

2.2.1 (2026-06-29)

Bug Fixes

  • #216: strip drop-shadow() from ctx.filter to avoid canvas taint (89ba4fa), closes #216
  • docs: update DeepWiki link in README for consistency (af3eeed)
  • parseCache skips image descriptors + forward maxCacheSize to Cache (f6f6fe7)
Commits
  • 604210f chore(release): v2.2.1
  • 89ba4fa fix(#216): strip drop-shadow() from ctx.filter to avoid canvas taint
  • f6f6fe7 fix: parseCache skips image descriptors + forward maxCacheSize to Cache
  • 94fa2b0 docs: update contribution section in README.md
  • 95f28d5 docs: thorough README grammar review and fix configuration.md inaccuracies
  • b98c52d docs: fix English grammar across all markdown files
  • 94d37ae docs: fix unclosed <p> tag in README.md and strict status in CONTRIBUTING.md
  • af3eeed fix(docs): update DeepWiki link in README for consistency
  • See full diff in compare view

Updates i18next from 26.3.2 to 26.3.4

Release notes

Sourced from i18next's releases.

v26.3.4

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). Thanks to zx (Jace) for the responsible disclosure.

v26.3.3

  • fix(types): selector t($ => $.arr, { returnObjects: true, context }) on a JSON array of heterogeneous objects now preserves each element's full shape (e.g. { transKey1: string; transKey2: string }[]) instead of collapsing to a union of partial element types. Two type-level causes: (1) FilterKeys evaluated the whole array element type at once, so keyof (A | B) only saw the keys common to every element — it now distributes over the object union and filters each element independently; (2) when TypeScript merges mismatched array element types it injects phantom optional undefined keys (e.g. transKey1_withContext?: undefined on elements that don't define it), which the context-detection helpers mistook for real context variants — they now skip keys typed as undefined. Also adds a dedicated context + returnObjects: true selector overload using const Fn + ReturnType<Fn>, so Target is no longer collapsed to unknown via ApplyTarget. Resolves Problem 1 of #2398 (Problem 2 was already fixed on master). Thanks @​sauravgupta-dotcom (#2438). Fixes #2398.
Changelog

Sourced from i18next's changelog.

26.3.4

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). See advisory GHSA-6jcc-5g8w-32mx, CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H). Thanks to zx (Jace) @​manus-use for the responsible disclosure.

26.3.3

  • fix(types): selector t($ => $.arr, { returnObjects: true, context }) on a JSON array of heterogeneous objects now preserves each element's full shape (e.g. { transKey1: string; transKey2: string }[]) instead of collapsing to a union of partial element types. Two type-level causes: (1) FilterKeys evaluated the whole array element type at once, so keyof (A | B) only saw the keys common to every element — it now distributes over the object union and filters each element independently; (2) when TypeScript merges mismatched array element types it injects phantom optional undefined keys (e.g. transKey1_withContext?: undefined on elements that don't define it), which the context-detection helpers mistook for real context variants — they now skip keys typed as undefined. Also adds a dedicated context + returnObjects: true selector overload using const Fn + ReturnType<Fn>, so Target is no longer collapsed to unknown via ApplyTarget. Resolves Problem 1 of #2398 (Problem 2 was already fixed on master). Thanks @​sauravgupta-dotcom (#2438). Fixes #2398.
Commits

Updates tailwindcss from 4.3.1 to 4.3.2

Release notes

Sourced from tailwindcss's releases.

v4.3.2

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)
Changelog

Sourced from tailwindcss's changelog.

[4.3.2] - 2026-06-26

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)
Commits

Updates @playwright/test from 1.61.0 to 1.61.1

Release notes

Sourced from @​playwright/test's releases.

v1.61.1

Bug Fixes

  • #41365 [Bug]: Expect.Extend matcher with same name as default matcher in same expect instance overrides default matchers implementation to custom matcher
  • #41351 [Bug]: Playwright UI mode: apiRequestContext._wrapApiCall reports unexpected number of bytes (same test passes in headed mode)
  • #41360 [Bug]: Trace viewer: message times in websockets are downscaled by 1000
  • #41311 [Bug]: [Regression]: Sync loader throws "context.conditions?.includes is not a function" on Node 22.15
  • #41371 [Regression]: Sync ESM loader (registerHooks) fails to resolve extensionless .ts subpath imports across pnpm workspace symlinks
Commits
  • 39e3553 cherry-pick(#41399): fix(test): load require-reached files as commonjs in syn...
  • 4328122 chore: mark v1.61.1 (#41404)
  • 2c29a94 fix(tracing): stop recording websocket frames outside of chunks (#41398)
  • 4324b19 cherry-pick(#41367): fix(test): keep builtin expect matchers on base extend
  • 041e7e3 cherry-pick(#41364): fix(har): WebSocket message timestamps should be in mi...
  • b8a0fc3 cherry-pick(#41309, #43149): Revert "fix(firefox): treat `navigationCommitted...
  • b5a3175 cherry-pick(#41319): fix(loader): support other node versions
  • d4724a9 cherry-pick(#41290): feat(docker): add Ubuntu 26.04 (Resolute Raccoon) image
  • See full diff in compare view

Updates @tauri-apps/cli from 2.11.3 to 2.11.4

Release notes

Sourced from @​tauri-apps/cli's releases.

@​tauri-apps/cli v2.11.4

[2.11.4]

Bug Fixes

  • 67ffa192a (#15596 by @​FabianLars) Fixed an issue in the AppImage bundler that caused the /.desktop and .DirIcon files to be absolute symlinks instead of relative symlinks which caused problems with AppImage installers like AppManager.

Dependencies

  • Upgraded to tauri-cli@2.11.4
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 30, 2026
@dependabot dependabot Bot changed the title build(deps): Bump the minor-and-patch group with 8 updates chore(deps): Bump the minor-and-patch group across 1 directory with 8 updates Jun 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/minor-and-patch-020a27d754 branch from 298c0aa to a466f49 Compare June 30, 2026 20:20
@dependabot dependabot Bot changed the title chore(deps): Bump the minor-and-patch group across 1 directory with 8 updates build(deps): Bump the minor-and-patch group across 1 directory with 8 updates Jul 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/minor-and-patch-020a27d754 branch from a466f49 to 88a6b42 Compare July 1, 2026 05:07
… updates

Bumps the minor-and-patch group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@fortawesome/fontawesome-svg-core](https://github.com/FortAwesome/Font-Awesome) | `7.2.0` | `7.3.0` |
| [@fortawesome/free-solid-svg-icons](https://github.com/FortAwesome/Font-Awesome) | `7.2.0` | `7.3.0` |
| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.3.1` | `4.3.2` |
| [html2canvas-pro](https://github.com/yorickshan/html2canvas-pro) | `2.2.0` | `2.2.1` |
| [i18next](https://github.com/i18next/i18next) | `26.3.2` | `26.3.4` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.61.0` | `1.61.1` |
| [@tauri-apps/cli](https://github.com/tauri-apps/tauri) | `2.11.3` | `2.11.4` |



Updates `@fortawesome/fontawesome-svg-core` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/FortAwesome/Font-Awesome/releases)
- [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/7.x/CHANGELOG.md)
- [Commits](FortAwesome/Font-Awesome@7.2.0...7.3.0)

Updates `@fortawesome/free-solid-svg-icons` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/FortAwesome/Font-Awesome/releases)
- [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/7.x/CHANGELOG.md)
- [Commits](FortAwesome/Font-Awesome@7.2.0...7.3.0)

Updates `@tailwindcss/vite` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/@tailwindcss-vite)

Updates `html2canvas-pro` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/yorickshan/html2canvas-pro/releases)
- [Changelog](https://github.com/yorickshan/html2canvas-pro/blob/main/CHANGELOG.md)
- [Commits](yorickshan/html2canvas-pro@v2.2.0...v2.2.1)

Updates `i18next` from 26.3.2 to 26.3.4
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next@v26.3.2...v26.3.4)

Updates `tailwindcss` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/tailwindcss)

Updates `@playwright/test` from 1.61.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.61.0...v1.61.1)

Updates `@tauri-apps/cli` from 2.11.3 to 2.11.4
- [Release notes](https://github.com/tauri-apps/tauri/releases)
- [Commits](https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v2.11.3...@tauri-apps/cli-v2.11.4)

---
updated-dependencies:
- dependency-name: "@fortawesome/fontawesome-svg-core"
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@fortawesome/free-solid-svg-icons"
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@tailwindcss/vite"
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@tauri-apps/cli"
  dependency-version: 2.11.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: html2canvas-pro
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: i18next
  dependency-version: 26.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tailwindcss
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/minor-and-patch-020a27d754 branch from 88a6b42 to e4f2c79 Compare July 1, 2026 07:53
@dependabot @github

dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 7, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/minor-and-patch-020a27d754 branch July 7, 2026 06:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants