Skip to content

chore(deps): bump the npm_and_yarn group across 2 directories with 7 updates#83

Open
dependabot[bot] wants to merge 892 commits into
developmentfrom
dependabot/npm_and_yarn/BrowserExtension/npm_and_yarn-5f8e9e0fd1
Open

chore(deps): bump the npm_and_yarn group across 2 directories with 7 updates#83
dependabot[bot] wants to merge 892 commits into
developmentfrom
dependabot/npm_and_yarn/BrowserExtension/npm_and_yarn-5f8e9e0fd1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 16, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 4 updates in the /BrowserExtension directory: minimatch, flatted, handlebars and picomatch.
Bumps the npm_and_yarn group with 4 updates in the /ChromeExtension directory: picomatch, webpack, fast-uri and serialize-javascript.

Updates minimatch from 3.1.2 to 9.0.9

Changelog

Sourced from minimatch's changelog.

change log

10.2

  • Add braceExpandMax option

10.1

  • Add magicalBraces option for escape
  • Fix makeRe when partial: true is set.
  • Fix makeRe when pattern ends in a final ** path part.

10.0

  • Require node 20 or 22 and higher

9.0

  • No default export, only named exports.

8.0

  • Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
  • Bump required Node.js version

7.4

  • Add escape() method
  • Add unescape() method
  • Add Minimatch.hasMagic() method

7.3

  • Add support for posix character classes in a unicode-aware way.

7.2

  • Add windowsNoMagicRoot option

7.1

  • Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

... (truncated)

Commits
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates flatted from 3.3.3 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates handlebars from 4.7.8 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

  • fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
  • fix type "RuntimeOptions" also accepting string partials - eab1d14
  • feat(types): set hash to be a Record<string, any> - de4414d
  • fix non-contiguous program indices - 4512766
  • refactor: rename i to startPartIndex - e497a35
  • security: fix security issues - 68d8df5

Commits

Commits
  • dce542c v4.7.9
  • 8a41389 Update release notes
  • 68d8df5 Fix security issues
  • b2a0831 Fix browser tests
  • 9f98c16 Fix release script
  • 45443b4 Revert "Improve partial indenting performance"
  • 8841a5f Fix CI errors with linting
  • e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
  • e914d60 Improve rendering performance
  • 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
  • Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

4.0.3

What's Changed

New Contributors

Full Changelog: micromatch/picomatch@4.0.2...4.0.3

3.0.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@3.0.1...3.0.2

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

4.0.3

What's Changed

New Contributors

Full Changelog: micromatch/picomatch@4.0.2...4.0.3

3.0.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@3.0.1...3.0.2

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

Updates webpack from 5.96.0 to 5.106.2

Release notes

Sourced from webpack's releases.

v5.106.2

Patch Changes

  • CSS @​import now inherits the parent module's exportType, so a file configured as "text" correctly creates a style tag when @​imported by a "style" parent. (by @​xiaoxiaojx in #20838)

  • Make asset modules available in JS context when referenced from both CSS and a lazily compiled JS chunk. (by @​xiaoxiaojx in #20801)

  • Include missing generator options in hash to ensure persistent cache invalidation when configuration changes (CssGenerator exportsOnly, JsonGenerator JSONParse, WebAssemblyGenerator mangleImports). (by @​xiaoxiaojx in #20821)

  • Fix || default value handling in ProgressPlugin and ManifestPlugin that incorrectly overrode user-provided falsy values (e.g. modules: false, entries: false, entrypoints: false). (by @​xiaoxiaojx in #20823)

  • Migrate from mime-types to mime-db. (by @​alexander-akait in #20812)

  • Handle @charset at-rules in CSS modules. (by @​alexander-akait in #20831)

  • Marked all experimental options in types. (by @​alexander-akait in #20814)

v5.106.1

Patch Changes

  • Fix two ES5-environment regressions in the anonymous default export .name fix-up: the generated code referenced an undeclared __WEBPACK_DEFAULT_EXPORT__ binding causing ReferenceError, and used Reflect.defineProperty which is not available in pre-ES2015 runtimes. The fix-up now references the real assignment target and uses Object.defineProperty / Object.getOwnPropertyDescriptor. (by @​xiaoxiaojx in #20796)

  • Prevent !important from being renamed as a local identifier in CSS modules. (by @​xiaoxiaojx in #20798)

  • Use compiler context instead of module context for CSS modules local ident hashing to avoid hash collisions when files with the same name exist in different directories. (by @​xiaoxiaojx in #20799)

v5.106.0

Minor Changes

  • Add exportType: "style" for CSS modules to inject styles into DOM via HTMLStyleElement, similar to style-loader functionality. (by @​xiaoxiaojx in #20579)

  • Add context option support for VirtualUrlPlugin (by @​xiaoxiaojx in #20449)

    • The context for the virtual module. A string path. Defaults to 'auto', which will try to resolve the context from the module id.
    • Support custom context path for resolving relative imports in virtual modules
    • Add examples demonstrating context usage and filename customization
  • Generate different CssModule instances for different exportType values. (by @​xiaoxiaojx in #20590)

  • Added the localIdentHashFunction option to configure the hash function to be used for hashing. (by @​alexander-akait in #20694) Additionally, the localIdentName option can now be a function.

  • Added support for destructuring assignment require in cjs, allowing for tree shaking. (by @​ahabhgk in #20548)

  • Added the validate option to enable/disable validation in webpack/plugins/loaders, also implemented API to make it inside plugins. (by @​xiaoxiaojx in #20275)

  • Added source support for async WASM modules. (by @​magic-akari in #20364)

Patch Changes

  • Add a static getSourceBasicTypes method to the Module class to prevent errors across multiple versions. (by @​xiaoxiaojx in #20614)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.106.2

Patch Changes

  • CSS @​import now inherits the parent module's exportType, so a file configured as "text" correctly creates a style tag when @​imported by a "style" parent. (by @​xiaoxiaojx in #20838)

  • Make asset modules available in JS context when referenced from both CSS and a lazily compiled JS chunk. (by @​xiaoxiaojx in #20801)

  • Include missing generator options in hash to ensure persistent cache invalidation when configuration changes (CssGenerator exportsOnly, JsonGenerator JSONParse, WebAssemblyGenerator mangleImports). (by @​xiaoxiaojx in #20821)

  • Fix || default value handling in ProgressPlugin and ManifestPlugin that incorrectly overrode user-provided falsy values (e.g. modules: false, entries: false, entrypoints: false). (by @​xiaoxiaojx in #20823)

  • Migrate from mime-types to mime-db. (by @​alexander-akait in #20812)

  • Handle @charset at-rules in CSS modules. (by @​alexander-akait in #20831)

  • Marked all experimental options in types. (by @​alexander-akait in #20814)

5.106.1

Patch Changes

  • Fix two ES5-environment regressions in the anonymous default export .name fix-up: the generated code referenced an undeclared __WEBPACK_DEFAULT_EXPORT__ binding causing ReferenceError, and used Reflect.defineProperty which is not available in pre-ES2015 runtimes. The fix-up now references the real assignment target and uses Object.defineProperty / Object.getOwnPropertyDescriptor. (by @​xiaoxiaojx in #20796)

  • Prevent !important from being renamed as a local identifier in CSS modules. (by @​xiaoxiaojx in #20798)

  • Use compiler context instead of module context for CSS modules local ident hashing to avoid hash collisions when files with the same name exist in different directories. (by @​xiaoxiaojx in #20799)

5.106.0

Minor Changes

  • Add exportType: "style" for CSS modules to inject styles into DOM via HTMLStyleElement, similar to style-loader functionality. (by @​xiaoxiaojx in #20579)

  • Add context option support for VirtualUrlPlugin (by @​xiaoxiaojx in #20449)

    • The context for the virtual module. A string path. Defaults to 'auto', which will try to resolve the context from the module id.
    • Support custom context path for resolving relative imports in virtual modules
    • Add examples demonstrating context usage and filename customization
  • Generate different CssModule instances for different exportType values. (by @​xiaoxiaojx in #20590)

  • Added the localIdentHashFunction option to configure the hash function to be used for hashing. (by @​alexander-akait in #20694) Additionally, the localIdentName option can now be a function.

  • Added support for destructuring assignment require in cjs, allowing for tree shaking. (by @​ahabhgk in #20548)

  • Added the validate option to enable/disable validation in webpack/plugins/loaders, also implemented API to make it inside plugins. (by @​xiaoxiaojx in #20275)

  • Added source support for async WASM modules. (by @​magic-akari in #20364)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack since your current version.


Updates fast-uri from 3.0.3 to 3.1.2

Release notes

Sourced from fast-uri's releases.

v3.1.2

⚠️ Security Release

What's Changed

Full Changelog: fastify/fast-uri@v3.1.1...v3.1.2

v3.1.1

⚠️ Security Release

What's Changed

New Contributors

Full Changelog: fastify/fast-uri@v3.1.0...v3.1.1

v3.1.0

What's Changed

... (truncated)

Commits
  • 919dd8e Bumped v3.1.2
  • c65ba57 fixup: linting
  • 6c86c17 Merge commit from fork
  • a95158a Handle malformed fragment decoding without throwing (#171)
  • cea547c Bumped v3.1.1
  • 876ce79 Merge commit from fork
  • dcdf690 ci: add lock-threads workflow (#169)
  • c860e65 build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)
  • 9b4c6dc build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#166)
  • 85d09a9 build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...
  • Additional commits viewable in compare view

Updates serialize-javascript from 6.0.2 to 7.0.5

Release notes

Sourced from serialize-javascript's releases.

v7.0.5

Fixes

  • Improve robustness and validation for array-like object serialization.
  • Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

  • fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
  • build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

New Contributors

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

  • requires Node.js v20+

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serialize-javascript since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

newtomsoft and others added 30 commits December 6, 2025 20:50
…ording

Added a new GUI interface using Tkinter to launch puzzle solvers. Integrated URL mapping, video recording toggle, and logging functionality. Enhanced Playwright integration to support conditional video recording and improved extension handling.
…documentation

Integrated a GitHub Actions workflow to automate building and releasing Windows executables. Updated `README_EXECUTABLE.md` with usage, installation details, and troubleshooting steps for the executable. Adjusted application default to disable video recording and added splash screen handling for bundled builds.
Ensure Playwright browsers path is correctly resolved when running as a frozen executable by setting the `PLAYWRIGHT_BROWSERS_PATH` environment variable.
…ype hints

Updated `min_value` and `max_value` methods to use `float` type hints and explicit casts for consistent numerical operations. Adjusted related usage in `GridPuzzleRegionBorderPlayer` for integer casting.
Added `MitiSolver`, `GridPuzzleMitiPlayer`, and `GridPuzzleMitiGridProvider` with placeholder methods for future implementation. Registered Miti puzzle in `GameRegistry` and `UrlPatternMatcher`.
Added `scrap_grid` method to `GridPuzzleMitiGridProvider` for extracting grid data using Playwright. Implemented logic to parse `gpl.dots` and `Size` for generating puzzle positions and dimensions.
Developed complete solving logic in `MitiSolver` for parsing and solving Miti puzzles. Added constraints for edge cases, bridges, and dot handling. Introduced a suite of unit tests to verify different puzzle scenarios with expected solutions.
… configuration handling, and optimize Playwright logic

- Removed unused `StringGridProvider` module.
- Updated configurations in `ScrapingGridProvider.ini` to improve browser folder structure.
- Added flexible browser type handling in `PlaywrightGridProvider` (`chromium`/`firefox` support).
- Adjusted window dimensions and headless logic for improved adaptability.
Add Kurodoko Solver, Provider, and Player
newtomsoft and others added 21 commits March 30, 2026 12:56
…None` with `GameSolver.no_clue` in clue generation
…updates

Bumps the npm_and_yarn group with 4 updates in the /BrowserExtension directory: [minimatch](https://github.com/isaacs/minimatch), [flatted](https://github.com/WebReflection/flatted), [handlebars](https://github.com/handlebars-lang/handlebars.js) and [picomatch](https://github.com/micromatch/picomatch).
Bumps the npm_and_yarn group with 4 updates in the /ChromeExtension directory: [picomatch](https://github.com/micromatch/picomatch), [webpack](https://github.com/webpack/webpack), [fast-uri](https://github.com/fastify/fast-uri) and [serialize-javascript](https://github.com/yahoo/serialize-javascript).


Updates `minimatch` from 3.1.2 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v9.0.9)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `handlebars` from 4.7.8 to 4.7.9
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.7.8...v4.7.9)

Updates `picomatch` from 2.3.1 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...4.0.4)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...4.0.4)

Updates `webpack` from 5.96.0 to 5.106.2
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.96.0...v5.106.2)

Updates `fast-uri` from 3.0.3 to 3.1.2
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.0.3...v3.1.2)

Updates `serialize-javascript` from 6.0.2 to 7.0.5
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-version: 5.106.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version: 7.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 16, 2026
@github-actions

Copy link
Copy Markdown

Qodana Community for Python

115 new problems were found

Inspection name Severity Problems
Unused imports 🔶 Warning 30
Invalid type hints definitions and usages 🔶 Warning 12
Unbound local variables 🔶 Warning 4
Unused local symbols ◽️ Notice 29
Method is not declared static ◽️ Notice 16
Accessing a protected member of a class or a module ◽️ Notice 6
Shadowing names from outer scopes ◽️ Notice 6
An instance attribute is defined outside init`` ◽️ Notice 4
PEP 8 naming convention violation ◽️ Notice 4
Unclear exception clauses ◽️ Notice 2
Invalid abstract class definition and usages ◽️ Notice 1
Redundant parentheses ◽️ Notice 1
View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/[email protected]
        with:
          upload-result: true
Contact Qodana team

Contact us at [email protected]

@newtomsoft newtomsoft force-pushed the develop branch 3 times, most recently from 6fdbf83 to 41d08bf Compare May 22, 2026 08:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants