Skip to content

deps(deps): bump the major group with 6 updates#72

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/major-4712efc845
Open

deps(deps): bump the major group with 6 updates#72
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/major-4712efc845

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Bumps the major group with 6 updates:

Package From To
puppeteer 24.42.0 25.0.4
webtorrent 2.8.5 3.0.5
@vitejs/plugin-react 5.1.4 6.0.2
@vitest/coverage-v8 3.2.4 4.1.7
eslint 9.39.2 10.4.0
vitest 3.2.4 4.1.7

Updates puppeteer from 24.42.0 to 25.0.4

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v25.0.4

25.0.4 (2026-05-18)

🛠️ Fixes

  • Throw TargetCloseError when session ID not found (#15002) (611abef)

puppeteer: v25.0.4

25.0.4 (2026-05-18)

♻️ Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • puppeteer-core bumped from 25.0.3 to 25.0.4

puppeteer-core: v25.0.3

25.0.3 (2026-05-18)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 3.0.2 to 3.0.3

puppeteer: v25.0.3

25.0.3 (2026-05-18)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 3.0.2 to 3.0.3
      • puppeteer-core bumped from 25.0.2 to 25.0.3

puppeteer-core: v25.0.2

25.0.2 (2026-05-15)

🛠️ Fixes

... (truncated)

Changelog

Sourced from puppeteer's changelog.

25.0.4 (2026-05-18)

♻️ Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • puppeteer-core bumped from 25.0.3 to 25.0.4

🛠️ Fixes

  • Throw TargetCloseError when session ID not found (#15002) (611abef)

25.0.3 (2026-05-18)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 3.0.2 to 3.0.3

25.0.2 (2026-05-15)

♻️ Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 3.0.1 to 3.0.2

🛠️ Fixes

... (truncated)

Commits

Updates webtorrent from 2.8.5 to 3.0.5

Release notes

Sourced from webtorrent's releases.

v3.0.5

3.0.5 (2026-05-25)

Bug Fixes

  • deps: update dependency create-torrent to ^6.1.2 (#3051) (397028a)

v3.0.4

3.0.4 (2026-05-25)

Bug Fixes

v3.0.3

3.0.3 (2026-05-25)

Bug Fixes

  • deps: update dependency bittorrent-dht to ^11.0.12 (#3049) (61b6829)

v3.0.2

3.0.2 (2026-05-25)

v3.0.1

3.0.1 (2026-05-25)

Bug Fixes

v3.0.0

3.0.0 (2026-05-24)

Bug Fixes

... (truncated)

Changelog

Sourced from webtorrent's changelog.

3.0.5 (2026-05-25)

Bug Fixes

  • deps: update dependency create-torrent to ^6.1.2 (#3051) (397028a)

3.0.4 (2026-05-25)

Bug Fixes

3.0.3 (2026-05-25)

Bug Fixes

  • deps: update dependency bittorrent-dht to ^11.0.12 (#3049) (61b6829)

3.0.2 (2026-05-25)

3.0.1 (2026-05-25)

Bug Fixes

3.0.0 (2026-05-24)

Bug Fixes

  • ci: permissions to release (3a5fa92)
  • deps: update dependency bitfield to v5 (#3028) (64cf6c3)
  • deps: update dependency bittorrent-protocol to v5 (#3021) (91351a5)
  • deps: update dependency debug to ^4.4.3 (#2993) (7909a3e)
  • deps: update dependency pump to ^3.0.3 (#2963) (efadcdd)
  • deps: update dependency streamx to v2.25.0 (#3024) (2343c88)
  • deps: update dependency uint8-util to ^2.2.6 (#3023) (79c6cdb)
  • deps: update dependency ut_metadata to v5 (#3026) (cf40b0f)
  • deps: update webtorrent (#3025) (ceeca15)
  • port and connection exhaustion (#3019) (6fb0c21)
  • setting throttleDownload as a float causes error (#2994) (52ef175)
  • simplify service worker documentation (#2996) (40c1381)
  • webpack: update import assertion for package.json (143e5cb)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webtorrent since your current version.


Updates @vitejs/plugin-react from 5.1.4 to 6.0.2

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@6.0.2

Allow all options in reactCompilerPreset (#1189)

This is a type only change. Only compilationMode and target options were available for reactCompilerPreset.

plugin-react@6.0.1

Expand @rolldown/plugin-babel peer dep range (#1146)

Expanded @rolldown/plugin-babel peer dep range to include ^0.2.0.

plugin-react@6.0.0

Remove Babel Related Features (#1123)

Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.

If you are using Babel, you can use @rolldown/plugin-babel together with this plugin:

 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [


react({



  babel: {



    plugins: ['@babel/plugin-proposal-throw-expressions'],



  },



}),





react(),



babel({



  plugins: ['@babel/plugin-proposal-throw-expressions'],



}),

]
})

For React compiler users, you can use reactCompilerPreset for easier setup with preconfigured filter to improve build performance:

 import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [

react({

 babel: {



   plugins: ['babel-plugin-react-compiler'],



</tr></table>

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react's changelog.

6.0.2 (2026-05-14)

Allow all options in reactCompilerPreset (#1189)

This is a type only change. Only compilationMode and target options were available for reactCompilerPreset.

6.0.1 (2026-03-13)

Expand @rolldown/plugin-babel peer dep range (#1146)

Expanded @rolldown/plugin-babel peer dep range to include ^0.2.0.

6.0.0 (2026-03-12)

6.0.0-beta.0 (2026-03-03)

Remove Babel Related Features (#1123)

Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.

If you are using Babel, you can use @rolldown/plugin-babel together with this plugin:

 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [


react({



  babel: {



    plugins: ['@babel/plugin-proposal-throw-expressions'],



  },



}),





react(),



babel({



  plugins: ['@babel/plugin-proposal-throw-expressions'],



}),

]
})

For React compiler users, you can use reactCompilerPreset for easier setup with preconfigured filter to improve build performance:

 import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
</tr></table>

... (truncated)

Commits

Updates @vitest/coverage-v8 from 3.2.4 to 4.1.7

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vitest/coverage-v8 since your current version.


Updates eslint from 9.39.2 to 10.4.0

Release notes

Sourced from eslint's releases.

v10.4.0

Features

  • 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
  • 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

  • 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
  • 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
  • f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

  • 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
  • db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
  • 9084664 docs: Update README (GitHub Actions Bot)
  • 9cc7387 docs: Update README (GitHub Actions Bot)
  • 3d7b548 docs: Update README (GitHub Actions Bot)
  • 191ec3c docs: Update README (GitHub Actions Bot)

Chores

  • 6616856 chore: upgrade knip to v6 (#20875) (Pixel998)
  • d13b084 ci: ensure auto-created PRs run CI (#20860) (lumir)
  • e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862) (dependabot[bot])
  • d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863) (kuldeep kumar)
  • 24db8cb test: add tests for SuppressionsService.save() (#20802) (kuldeep kumar)
  • 2ef0549 chore: update ecosystem plugins (#20857) (github-actions[bot])
  • a429791 ci: remove eslint-webpack-plugin types integration test (#20668) (Milos Djermanovic)
  • 9e37386 chore: replace recast with range approach in code-sample-minimizer (#20682) (Copilot)
  • 0dd1f9f test: disable warning for vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER (#20845) (Francesco Trotta)
  • 9da3c7b refactor: remove deprecated meta.language and migrate meta.dialects (#20716) (Pixel998)
  • 2099ed1 refactor: add meta.defaultOptions to more rules, enable linting (#20800) (xbinaryx)
  • f1dfbc9 chore: update ecosystem plugins (#20836) (github-actions[bot])
  • c759413 ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (#20843) (dependabot[bot])
  • 5b817d6 test: add unit tests for lib/shared/ast-utils (#20838) (kuldeep kumar)
  • 1c13ae3 test: add unit tests for lib/shared/severity (#20835) (kuldeep kumar)

v10.3.0

Features

  • 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

  • b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
  • 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

  • 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
  • 7f47937 docs: Update README (GitHub Actions Bot)

Chores

  • d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
  • 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)

... (truncated)

Commits

Updates vitest from 3.2.4 to 4.1.7

Release notes

Sourced from vitest's releases.

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

... (truncated)

Commits
  • a09d472 chore: release v4.1.7
  • a8fd24c chore: release v4.1.6
  • 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
  • 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
  • e399846 chore: release v4.1.5
  • 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
  • 9787ded fix: respect diff config options in soft assertions (#8696)
  • 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
  • 0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
  • 663b99f fix: alias agent reporter to minimal (#10157)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you ...

Description has been truncated

@dependabot
deps(deps): bump the major group with 6 updates
75d7f55 
Bumps the major group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [puppeteer](https://github.com/puppeteer/puppeteer) | `24.42.0` | `25.0.4` |
| [webtorrent](https://github.com/webtorrent/webtorrent) | `2.8.5` | `3.0.5` |
| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `5.1.4` | `6.0.2` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `3.2.4` | `4.1.7` |
| [eslint](https://github.com/eslint/eslint) | `9.39.2` | `10.4.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.2.4` | `4.1.7` |


Updates `puppeteer` from 24.42.0 to 25.0.4
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md)
- [Commits](puppeteer/puppeteer@puppeteer-v24.42.0...puppeteer-v25.0.4)

Updates `webtorrent` from 2.8.5 to 3.0.5
- [Release notes](https://github.com/webtorrent/webtorrent/releases)
- [Changelog](https://github.com/webtorrent/webtorrent/blob/master/CHANGELOG.md)
- [Commits](webtorrent/webtorrent@v2.8.5...v3.0.5)

Updates `@vitejs/plugin-react` from 5.1.4 to 6.0.2
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.2/packages/plugin-react)

Updates `@vitest/coverage-v8` from 3.2.4 to 4.1.7
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/coverage-v8)

Updates `eslint` from 9.39.2 to 10.4.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.2...v10.4.0)

Updates `vitest` from 3.2.4 to 4.1.7
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/vitest)

---
updated-dependencies:
- dependency-name: puppeteer
  dependency-version: 25.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: webtorrent
  dependency-version: 3.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.7
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: eslint
  dependency-version: 10.4.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: vitest
  dependency-version: 4.1.7
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 25, 2026

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 25, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedvitest@​4.1.7961007999100
Added@​vitest/​coverage-v8@​4.1.7991007999100
Addedeslint@​10.4.08910010095100
Addedpuppeteer@​25.0.4921009097100
Addedwebtorrent@​3.0.59110010099100
Added@​vitejs/​plugin-react@​6.0.210010010092100

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 25, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: npm rollup under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@vitejs/plugin-react@6.0.2npm/vitest@4.1.7npm/rollup@4.60.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rollup@4.60.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Low adoption: npm @humanfs/types

Location: Package overview

From: pnpm-lock.yamlnpm/eslint@10.4.0npm/@humanfs/types@0.15.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@humanfs/types@0.15.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants