chore(deps): bump the npm_and_yarn group across 8 directories with 14 updates by dependabot[bot] · Pull Request #107 · zapabob/codex

dependabot · 2026-03-15T01:29:38Z

Bumps the npm_and_yarn group with 1 update in the /codex-rs/tauri-gui directory: rollup.
Bumps the npm_and_yarn group with 2 updates in the /extensions directory: ajv and flatted.
Bumps the npm_and_yarn group with 5 updates in the /gui directory:

Package	From	To
flatted	`3.3.4`	`3.4.1`
systeminformation	`5.30.6`	`5.30.8`
dompurify	`3.3.0`	`3.3.3`
lodash-es	`4.17.21`	`4.17.23`
qs	`6.14.1`	`6.15.0`

Bumps the npm_and_yarn group with 2 updates in the /gui-tests directory: systeminformation and qs.
Bumps the npm_and_yarn group with 3 updates in the /packages/protocol-client directory: ajv, flatted and rollup.
Bumps the npm_and_yarn group with 6 updates in the /prism-mcp-server directory:

Package	From	To
ajv	`8.17.1`	`8.18.0`
qs	`6.14.1`	`6.15.0`
@modelcontextprotocol/sdk	`1.25.3`	`1.26.0`
simple-git	`3.30.0`	`3.32.3`
@hono/node-server	`1.19.9`	`1.19.11`
hono	`4.11.5`	`4.12.8`

Bumps the npm_and_yarn group with 6 updates in the /prism-web directory:

Package	From	To
ajv	`6.12.6`	`6.14.0`
flatted	`3.3.3`	`3.4.1`
minimatch	`9.0.5`	`9.0.9`
minimatch	`3.1.2`	`3.1.5`
rollup	`4.52.5`	`4.59.0`
next	`14.2.35`	`15.5.10`
tar	`7.4.3`	`7.5.11`

Bumps the npm_and_yarn group with 1 update in the /sdk directory: minimatch.

Updates rollup from 4.53.2 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

#6252: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6253: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6254: Fully include dynamic imports in a try-catch (@lukastaegert)

... (truncated)

Commits

ae84695 4.59.0
b39616e Update audit-resolve
c60770d Validate bundle stays within output dir (#6275)
33f39c1 4.58.0
b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
7f00689 Extend agent instructions
e7b2b85 chore(deps): lock file maintenance (#6270)
2aa5da9 fix(deps): update minor/patch updates (#6267)
4319837 chore(deps): update dependency lru-cache to v11 (#6269)
c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates flatted from 3.3.3 to 3.4.1

Commits

2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
d3418c7 3.4.0
7eb65d8 Merge pull request #88 from WebReflection/avoid-recusrion
7774aae Avoid recursion on parse due possible shenanigans
Additional commits viewable in compare view

Updates flatted from 3.3.4 to 3.4.1

Commits

2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
d3418c7 3.4.0
7eb65d8 Merge pull request #88 from WebReflection/avoid-recusrion
7774aae Avoid recursion on parse due possible shenanigans
Additional commits viewable in compare view

Updates systeminformation from 5.30.6 to 5.30.8

Release notes

Sourced from systeminformation's releases.

v5.30.8

Full Changelog: sebhildebrandt/systeminformation@v5.30.7...v5.30.8

v5.30.7

Full Changelog: sebhildebrandt/systeminformation@v5.30.6...v5.30.7

Changelog

Sourced from systeminformation's changelog.

Changelog

Major Changes - Version 5

New Functions

audio() detailed audio information

bluetoothDevices() detailed information detected bluetooth devices

dockerImages() detailed information docker images

dockerVolumes() detailed information docker volumes

printers() detailed printer information

usb() detailed USB information

wifiInterfaces() detected Wi-Fi interfaces

wifiConnections() active Wi-Fi connections

Breaking Changes

Be aware, that the new version 5.x is NOT fully backward compatible to version 4.x ...

We had to make several interface changes to keep systeminformation as consistent as possible. We highly recommend to go through the complete list and adapt your own code to be again compatible to the new version 5.

Function Old New (V5) Comments

unsupported values -1 null values which are unknown orunsupported on platform

battery() hasbatterycyclecountischargingdesignedcapacitymaxcapacityacconnectedtimeremaining hasBatterycycleCountisChargingdesignedCapacitymaxCapacityacConnectedtimeRemaining pascalCase conformity

blockDevices() fstype fsType pascalCase conformity

cpu() speedminspeedmax speedMinspeedMax pascalCase conformity

cpu().speedcpu().speedMincpu().speedMax string values now returningnumerical values better value handling

cpuCurrentspeed() cpuCurrentSpeed() function name changedpascalCase conformity

currentLoad() avgloadcurrentloadcurrentload_usercurrentload_systemcurrentload_nicecurrentload_idlecurrentload_irqraw_currentload avgLoadcurrentLoadcurrentLoadUsercurrentLoadSystemcurrentLoadNicecurrentLoadIdlecurrentLoadIrqrawCurrentLoad pascalCase conformity

dockerContainerStats() mem_usagemem_limitmem_percentcpu_percentcpu_statsprecpu_statsmemory_stats memUsagememLimitmemPercentcpuPercentcpuStatsprecpuStatsmemoryStats pascalCase conformity

dockerContainerProcesses() pid_host pidHost pascalCase conformity

graphics().display pixeldepthresolutionxresolutionysizexsizey pixelDepthresolutionXresolutionYsizeXsizeY pascalCase conformity

networkConnections() localaddresslocalportpeeraddresspeerport localAddresslocalPortpeerAddresspeerPort pascalCase conformity

networkInterfaces() carrier_changes carrierChanges pascalCase conformity

processes() mem_vszmem_rsspcpupcpuupcpuspmem memVszmemRsscpucpuucpusmem pascalCase conformityrenamed attributes

processLoad() result as object result as array of objects function now allows to provide more thanone process (as a comma separated list)

services() pcpupmem cpumem renamed attributes

vbox() HPETPAEAPICX2APICACPIIOAPICbiosAPICmodeTRC hpetpaeapicx2ApicacpiioApicbiosApicModertc pascalCase conformity

Other Improvements and Changes

baseboard(): added memMax, memSlots

bios(): added language and features (linux)

blockDevices() added raid group member (linux)

cpu(): extended AMD processor list

... (truncated)

Commits

612d97e 5.30.8
22242aa wifiNetworks() fixed CWE-78 command injection issue (linux)
41c7ea4 5.30.7
f4ff1d9 networkInterfaces() fixed getWindowsIEEE8021x issue (windows)
See full diff in compare view

Updates dompurify from 3.3.0 to 3.3.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

Fixed an engine requirement for Node 20 which caused hiccups, thanks @Rotzbua

DOMPurify 3.3.2

Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters

Fixed a prototype pollution issue when working with custom elements, thanks @christos-eth

Fixed a lenient config parsing in _isValidAttribute, thanks @christos-eth

Bumped and removed several dependencies, thanks @Rotzbua

Fixed the test suite after bumping dependencies, thanks @Rotzbua

DOMPurify 3.3.1

Updated ADD_FORBID_CONTENTS setting to extend default list, thanks @MariusRumpf

Updated the ESM import syntax to be more correct, thanks @binhpv

Commits

8bcbf73 chore: Preparing 3.3.3 release
5faddd6 fix: engine requirement (#1210)
0f91e3a Update README.md
d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
c3efd48 fix: moved back from jsdom 28 to jsdom 20
988b888 fix: moved back from jsdom 28 to jsdom 20
2726c74 chore: Preparing 3.3.2 release
6202c7e build(deps): bump @tootallnate/once and jsdom (#1204)
302b51d fix: Expanded the regex ever so slightly to also cover script
cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
Additional commits viewable in compare view

Updates lodash-es from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates qs from 6.14.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates systeminformation from 5.27.14 to 5.30.8

Release notes

Sourced from systeminformation's releases.

v5.30.8

Full Changelog: sebhildebrandt/systeminformation@v5.30.7...v5.30.8

v5.30.7

Full Changelog: sebhildebrandt/systeminformation@v5.30.6...v5.30.7

Changelog

Sourced from systeminformation's changelog.

Changelog

Major Changes - Version 5

New Functions

audio() detailed audio information

bluetoothDevices() detailed information detected bluetooth devices

dockerImages() detailed information docker images

dockerVolumes() detailed information docker volumes

printers() detailed printer information

usb() detailed USB information

wifiInterfaces() detected Wi-Fi interfaces

wifiConnections() active Wi-Fi connections

Breaking Changes

Be aware, that the new version 5.x is NOT fully backward compatible to version 4.x ...

We had to make several interface changes to keep systeminformation as consistent as possible. We highly recommend to go through the complete list and adapt your own code to be again compatible to the new version 5.

Function Old New (V5) Comments

unsupported values -1 null values which are unknown orunsupported on platform

battery() hasbatterycyclecountischargingdesignedcapacitymaxcapacityacconnectedtimeremaining hasBatterycycleCountisChargingdesignedCapacitymaxCapacityacConnectedtimeRemaining pascalCase conformity

blockDevices() fstype fsType pascalCase conformity

cpu() speedminspeedmax speedMinspeedMax pascalCase conformity

cpu().speedcpu().speedMincpu().speedMax string values now returningnumerical values better value handling

cpuCurrentspeed() cpuCurrentSpeed() function name changedpascalCase conformity

currentLoad() avgloadcurrentloadcurrentload_usercurrentload_systemcurrentload_nicecurrentload_idlecurrentload_irqraw_currentload avgLoadcurrentLoadcurrentLoadUsercurrentLoadSystemcurrentLoadNicecurrentLoadIdlecurrentLoadIrqrawCurrentLoad pascalCase conformity

dockerContainerStats() mem_usagemem_limitmem_percentcpu_percentcpu_statsprecpu_statsmemory_stats memUsagememLimitmemPercentcpuPercentcpuStatsprecpuStatsmemoryStats pascalCase conformity

dockerContainerProcesses() pid_host pidHost pascalCase conformity

graphics().display pixeldepthresolutionxresolutionysizexsizey pixelDepthresolutionXresolutionYsizeXsizeY pascalCase conformity

networkConnections() localaddresslocalportpeeraddresspeerport localAddresslocalPortpeerAddresspeerPort pascalCase conformity

networkInterfaces() carrier_changes carrierChanges pascalCase conformity

processes() mem_vszmem_rsspcpupcpuupcpuspmem memVszmemRsscpucpuucpusmem pascalCase conformityrenamed attributes

processLoad() result as object result as array of objects function now allows to provide more thanone process (as a comma separated list)

services() pcpupmem cpumem renamed attributes

vbox() HPETPAEAPICX2APICACPIIOAPICbiosAPICmodeTRC hpetpaeapicx2ApicacpiioApicbiosApicModertc pascalCase conformity

Other Improvements and Changes

baseboard(): added memMax, memSlots

bios(): added language and features (linux)

blockDevices() added raid group member (linux)

cpu(): extended AMD processor list

... (truncated)

Commits

612d97e 5.30.8
22242aa wifiNetworks() fixed CWE-78 command injection issue (linux)
41c7ea4 5.30.7
f4ff1d9 networkInterfaces() fixed getWindowsIEEE8021x issue (windows)
See full diff in compare view

Updates qs from 6.14.1 to 6.14.2

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates flatted from 3.3.3 to 3.4.1

Commits

2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
d3418c7 3.4.0
7eb65d8 Merge pull request #88 from WebReflection/avoid-recusrion
7774aae Avoid recursion on parse due possible shenanigans
Additional commits viewable in compare view

Updates rollup from 4.52.5 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

#6252: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6253: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6254: Fully include dynamic imports in a try-catch (@lukastaegert)

... (truncated)

Commits...

Description has been truncated

… updates Bumps the npm_and_yarn group with 1 update in the /codex-rs/tauri-gui directory: [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 2 updates in the /extensions directory: [ajv](https://github.com/ajv-validator/ajv) and [flatted](https://github.com/WebReflection/flatted). Bumps the npm_and_yarn group with 5 updates in the /gui directory: | Package | From | To | | --- | --- | --- | | [flatted](https://github.com/WebReflection/flatted) | `3.3.4` | `3.4.1` | | [systeminformation](https://github.com/sebhildebrandt/systeminformation) | `5.30.6` | `5.30.8` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.3.0` | `3.3.3` | | [lodash-es](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [qs](https://github.com/ljharb/qs) | `6.14.1` | `6.15.0` | Bumps the npm_and_yarn group with 2 updates in the /gui-tests directory: [systeminformation](https://github.com/sebhildebrandt/systeminformation) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 3 updates in the /packages/protocol-client directory: [ajv](https://github.com/ajv-validator/ajv), [flatted](https://github.com/WebReflection/flatted) and [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 6 updates in the /prism-mcp-server directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` | | [qs](https://github.com/ljharb/qs) | `6.14.1` | `6.15.0` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.25.3` | `1.26.0` | | [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.30.0` | `3.32.3` | | [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.11` | | [hono](https://github.com/honojs/hono) | `4.11.5` | `4.12.8` | Bumps the npm_and_yarn group with 6 updates in the /prism-web directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.1` | | [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [rollup](https://github.com/rollup/rollup) | `4.52.5` | `4.59.0` | | [next](https://github.com/vercel/next.js) | `14.2.35` | `15.5.10` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.11` | Bumps the npm_and_yarn group with 1 update in the /sdk directory: [minimatch](https://github.com/isaacs/minimatch). Updates `rollup` from 4.53.2 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.2...v4.59.0) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `flatted` from 3.3.3 to 3.4.1 - [Commits](WebReflection/flatted@v3.3.3...v3.4.1) Updates `flatted` from 3.3.4 to 3.4.1 - [Commits](WebReflection/flatted@v3.3.3...v3.4.1) Updates `systeminformation` from 5.30.6 to 5.30.8 - [Release notes](https://github.com/sebhildebrandt/systeminformation/releases) - [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md) - [Commits](sebhildebrandt/systeminformation@v5.30.6...v5.30.8) Updates `dompurify` from 3.3.0 to 3.3.3 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.3.0...3.3.3) Updates `lodash-es` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `systeminformation` from 5.27.14 to 5.30.8 - [Release notes](https://github.com/sebhildebrandt/systeminformation/releases) - [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md) - [Commits](sebhildebrandt/systeminformation@v5.30.6...v5.30.8) Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `flatted` from 3.3.3 to 3.4.1 - [Commits](WebReflection/flatted@v3.3.3...v3.4.1) Updates `rollup` from 4.52.5 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.2...v4.59.0) Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `@modelcontextprotocol/sdk` from 1.25.3 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0) Updates `simple-git` from 3.30.0 to 3.32.3 - [Release notes](https://github.com/steveukx/git-js/releases) - [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md) - [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.32.3/simple-git) Updates `@hono/node-server` from 1.19.9 to 1.19.11 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.9...v1.19.11) Updates `hono` from 4.11.5 to 4.12.8 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.11.5...v4.12.8) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `flatted` from 3.3.3 to 3.4.1 - [Commits](WebReflection/flatted@v3.3.3...v3.4.1) Updates `minimatch` from 9.0.5 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) Updates `rollup` from 4.52.5 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.2...v4.59.0) Updates `next` from 14.2.35 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v15.5.10) Updates `tar` from 7.4.3 to 7.5.11 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.11) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: systeminformation dependency-version: 5.30.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: dompurify dependency-version: 3.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash-es dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: systeminformation dependency-version: 5.30.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: simple-git dependency-version: 3.32.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@hono/node-server" dependency-version: 1.19.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-03-15T01:29:41Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
codex	Error		Mar 15, 2026 1:29am

dependabot · 2026-03-20T15:35:19Z

Superseded by #114.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 15, 2026

dependabot bot requested a review from zapabob as a code owner March 15, 2026 01:29

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 15, 2026

dependabot bot mentioned this pull request Mar 15, 2026

chore(deps): bump the npm_and_yarn group across 8 directories with 13 updates #106

Closed

vercel bot had a problem deploying to Preview March 15, 2026 01:29 Failure

dependabot bot closed this Mar 20, 2026

dependabot bot deleted the dependabot/npm_and_yarn/codex-rs/tauri-gui/npm_and_yarn-80a9fbdb94 branch March 20, 2026 15:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 8 directories with 14 updates#107

chore(deps): bump the npm_and_yarn group across 8 directories with 14 updates#107
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/codex-rs/tauri-gui/npm_and_yarn-80a9fbdb94

dependabot bot commented on behalf of github Mar 15, 2026 •

edited

Loading

Uh oh!

vercel bot commented Mar 15, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Mar 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Function	Old	New (V5)	Comments
unsupported values	-1	null	values which are unknown orunsupported on platform
`battery()`	hasbatterycyclecountischargingdesignedcapacitymaxcapacityacconnectedtimeremaining	hasBatterycycleCountisChargingdesignedCapacitymaxCapacityacConnectedtimeRemaining	pascalCase conformity
`blockDevices()`	fstype	fsType	pascalCase conformity
`cpu()`	speedminspeedmax	speedMinspeedMax	pascalCase conformity
`cpu().speedcpu().speedMincpu().speedMax`	string values	now returningnumerical values	better value handling
`cpuCurrentspeed()`		cpuCurrentSpeed()	function name changedpascalCase conformity
`currentLoad()`	avgloadcurrentloadcurrentload_usercurrentload_systemcurrentload_nicecurrentload_idlecurrentload_irqraw_currentload	avgLoadcurrentLoadcurrentLoadUsercurrentLoadSystemcurrentLoadNicecurrentLoadIdlecurrentLoadIrqrawCurrentLoad	pascalCase conformity
`dockerContainerStats()`	mem_usagemem_limitmem_percentcpu_percentcpu_statsprecpu_statsmemory_stats	memUsagememLimitmemPercentcpuPercentcpuStatsprecpuStatsmemoryStats	pascalCase conformity
`dockerContainerProcesses()`	pid_host	pidHost	pascalCase conformity
`graphics().display`	pixeldepthresolutionxresolutionysizexsizey	pixelDepthresolutionXresolutionYsizeXsizeY	pascalCase conformity
`networkConnections()`	localaddresslocalportpeeraddresspeerport	localAddresslocalPortpeerAddresspeerPort	pascalCase conformity
`networkInterfaces()`	carrier_changes	carrierChanges	pascalCase conformity
`processes()`	mem_vszmem_rsspcpupcpuupcpuspmem	memVszmemRsscpucpuucpusmem	pascalCase conformityrenamed attributes
`processLoad()`	result as object	result as array of objects	function now allows to provide more thanone process (as a comma separated list)
`services()`	pcpupmem	cpumem	renamed attributes
`vbox()`	HPETPAEAPICX2APICACPIIOAPICbiosAPICmodeTRC	hpetpaeapicx2ApicacpiioApicbiosApicModertc	pascalCase conformity

Conversation

dependabot bot commented on behalf of github Mar 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.59.0

4.59.0

Features

Pull Requests

v4.58.0

4.58.0

Features

Pull Requests

v4.57.1

4.57.1

Bug Fixes

Pull Requests

4.59.0

Features

Pull Requests

4.58.0

Features

Pull Requests

4.57.1

Bug Fixes

Pull Requests

v5.30.8

v5.30.7

Changelog

Major Changes - Version 5

New Functions

Breaking Changes

Other Improvements and Changes

DOMPurify 3.3.3

DOMPurify 3.3.2

DOMPurify 3.3.1

6.15.0

6.14.2

v5.30.8

v5.30.7

Changelog

Major Changes - Version 5

New Functions

Breaking Changes

Other Improvements and Changes

6.15.0

6.14.2

v4.59.0

4.59.0

Features

Pull Requests

v4.58.0

4.58.0

Features

Pull Requests

v4.57.1

4.57.1

Bug Fixes

Pull Requests

4.59.0

Features

Pull Requests

4.58.0

Features

Pull Requests

4.57.1

Bug Fixes

Pull Requests

Uh oh!

vercel bot commented Mar 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Mar 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Mar 15, 2026 •

edited

Loading

vercel bot commented Mar 15, 2026 •

edited

Loading