Bump the npm_and_yarn group across 3 directories with 7 updates by dependabot[bot] · Pull Request #285 · nexoral/AxioDB

dependabot · 2026-03-10T10:59:44Z

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
fastify	`5.4.0`	`5.8.1`
tar	`7.4.3`	`7.5.10`
ajv	`6.12.6`	`6.14.0`
@isaacs/brace-expansion	`5.0.0`	`5.0.1`
minimatch	`3.1.2`	`3.1.5`

Bumps the npm_and_yarn group with 3 updates in the /Document directory: ajv, minimatch and rollup.
Bumps the npm_and_yarn group with 5 updates in the /GUI directory:

Package	From	To
tar	`7.4.3`	`7.5.11`
ajv	`6.12.6`	`6.14.0`
minimatch	`3.1.2`	`3.1.5`
rollup	`4.46.2`	`4.59.0`
rollup	`2.79.2`	`2.80.0`
axios	`1.12.0`	`1.13.5`

Updates fastify from 5.4.0 to 5.8.1

Release notes

Sourced from fastify's releases.

v5.8.1

⚠️ Security Release

Fixes "Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation": GHSA-573f-x89g-hqp9.

CVE-2026-3419

Full Changelog: fastify/fastify@v5.8.0...v5.8.1

v5.8.0

What's Changed

docs(request): add host security warning references by @mcollina in fastify/fastify#6476

docs: fix note style by @Fdawgs in fastify/fastify#6487

chore: rename deploy website ci by @Eomm in fastify/fastify#6492

chore: support pino v9 and v10 by @mcollina in fastify/fastify#6496

chore: update logger types and fix TODO comment by @Tony133 in fastify/fastify#6470

refactor(test-types): migrate dummy-plugin to FastifyPluginAsync by @Tony133 in fastify/fastify#6472

docs: fix markdown typo in README.md by @droppingbeans in fastify/fastify#6491

test: cover non-numeric content-length client error path by @mcollina in fastify/fastify#6500

ci: remove tests-checker workflow by @Tony133 in fastify/fastify#6481

ci: remove stale.yml file by @Tony133 in fastify/fastify#6504

docs(security): remove hackerone references; change note style by @Fdawgs in fastify/fastify#6501

chore: rename @sinclair/typebox to typebox by @Tony133 in fastify/fastify#6494

ci(links-check): add external link checker using linkinator-action by @umxr in fastify/fastify#6386

chore: upgrade borp to v1.0.0 by @Tony133 in fastify/fastify#6510

docs: Add OpenJS CNA reference to SECURITY.md by @mcollina in fastify/fastify#6516

fix: avoid mutating shared routerOptions across instances by @mcollina in fastify/fastify#6515

fix(types): accept async route hooks in shorthand options by @mcollina in fastify/fastify#6514

docs: Improve shutdown lifecycle documentation by @kibertoad in fastify/fastify#6517

chore: remove unused tsconfig.eslint.json by @mrazauskas in fastify/fastify#6524

feat: First-class support for handler-level timeouts by @kibertoad in fastify/fastify#6521

docs(security): clarify insecureHTTPParser threat model scope by @mcollina in fastify/fastify#6533

chore(license): standardise license notice by @Fdawgs in fastify/fastify#6511

docs: clarify anyOf nullable coercion behavior with primitive types by @slegarraga in fastify/fastify#6531

fix: remove format placeholder from FST_ERR_CTP_INVALID_MEDIA_TYPE message by @super-mcgin in fastify/fastify#6528

docs(reference/hooks): fix note style by @Fdawgs in fastify/fastify#6538

chore: Bump lycheeverse/lychee-action from 2.7.0 to 2.8.0 by @dependabot[bot] in fastify/fastify#6539

chore: Bump actions/dependency-review-action from 4.8.2 to 4.8.3 by @dependabot[bot] in fastify/fastify#6540

chore: Bump markdownlint-cli2 from 0.20.0 to 0.21.0 by @dependabot[bot] in fastify/fastify#6542

ci: remove broken links and add ecosystem link validator by @mcollina in fastify/fastify#6421

ci(validate-ecoystem-links): add job level permission by @Fdawgs in fastify/fastify#6545

style: remove trailing whitespace by @Fdawgs in fastify/fastify#6543

New Contributors

@droppingbeans made their first contribution in fastify/fastify#6491

@umxr made their first contribution in fastify/fastify#6386

@slegarraga made their first contribution in fastify/fastify#6531

@super-mcgin made their first contribution in fastify/fastify#6528

Full Changelog: fastify/fastify@v5.7.4...v5.8.0

... (truncated)

Commits

073ff81 Bumped v5.8.1
67f6c9b Merge commit from fork
161578a chore: sync version
9b06a78 Bumped v5.8.0
bbdfe82 style: remove trailing whitespace (#6543)
cd58ed4 ci(validate-ecoystem-links): add job level permission (#6545)
2590592 ci: remove broken links and add ecosystem link validator (#6421)
09b55b6 chore: Bump markdownlint-cli2 from 0.20.0 to 0.21.0 (#6542)
43c4e38 chore: Bump actions/dependency-review-action from 4.8.2 to 4.8.3 (#6540)
3b40573 chore: Bump lycheeverse/lychee-action from 2.7.0 to 2.8.0 (#6539)
Additional commits viewable in compare view

Updates tar from 7.4.3 to 7.5.10

Changelog

Sourced from tar's changelog.

Changelog

7.5

Added zstd compression support.

Consistent TOCTOU behavior in sync t.list

Only read from ustar block if not specified in Pax

Fix sync tar.list when file size reduces while reading

Sanitize absolute linkpaths properly

Prevent writing hardlink entries to the archive ahead of their file target

7.4

Deprecate onentry in favor of onReadEntry for clarity.

7.3

Add onWriteEntry option

7.2

DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

Update minipass to v7.1.0

Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

Drop support for node <18

Rewrite in TypeScript, provide ESM and CommonJS hybrid interface

Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.

Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.

Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

2b72abc 7.5.10
7bc755d parse root off paths before sanitizing .. parts
c8cb846 update deps
1f0c2c9 7.5.9
fbb0851 build minified version as default export
6b8eba0 7.5.8
2cb1120 fix(unpack): improve UnpackSync symlink error "into" path accuracy
d18e4e1 fix: do not write linkpaths through symlinks
4a37eb9 7.5.7
f4a7aa9 fix: properly sanitize hard links containing ..
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates @isaacs/brace-expansion from 5.0.0 to 5.0.1

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates tar from 7.4.3 to 7.5.10

Changelog

Sourced from tar's changelog.

Changelog

7.5

Added zstd compression support.

Consistent TOCTOU behavior in sync t.list

Only read from ustar block if not specified in Pax

Fix sync tar.list when file size reduces while reading

Sanitize absolute linkpaths properly

Prevent writing hardlink entries to the archive ahead of their file target

7.4

Deprecate onentry in favor of onReadEntry for clarity.

7.3

Add onWriteEntry option

7.2

DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

Update minipass to v7.1.0

Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

Drop support for node <18

Rewrite in TypeScript, provide ESM and CommonJS hybrid interface

Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.

Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.

Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

2b72abc 7.5.10
7bc755d parse root off paths before sanitizing .. parts
c8cb846 update deps
1f0c2c9 7.5.9
fbb0851 build minified version as default export
6b8eba0 7.5.8
2cb1120 fix(unpack): improve UnpackSync symlink error "into" path accuracy
d18e4e1 fix: do not write linkpaths through symlinks
4a37eb9 7.5.7
f4a7aa9 fix: properly sanitize hard links containing ..
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates rollup from 4.40.0 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

#6252: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6253: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6254: Fully include dynamic imports in a try-catch (@lukastaegert)

... (truncated)

Commits

ae84695 4.59.0
b39616e Update audit-resolve
c60770d Validate bundle stays within output dir (#6275)
33f39c1 4.58.0
b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
7f00689 Extend agent instructions
e7b2b85 chore(deps): lock file maintenance (#6270)
2aa5da9 fix(deps): update minor/patch updates (#6267)
4319837 chore(deps): update dependency lru-cache to v11 (#6269)
c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates rollup from 4.40.0 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

#6252: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6253: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6254: Fully include dynamic imports in a try-catch (@lukastaegert)

... (truncated)

Commits

ae84695 4.59.0
b39616e Update audit-resolve
c60770d Validate bundle stays within output dir (#6275)
33f39c1 4.58.0
b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
7f00689 Extend agent instructions
e7b2b85 chore(deps): lock file maintenance (#6270)
2aa5da9 fix(deps): update minor/patch updates (#6267)
4319837 chore(deps): update dependency lru-cache to v11 (#6269)
c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Install script changesDescription has been truncated

Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [fastify](https://github.com/fastify/fastify) | `5.4.0` | `5.8.1` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.10` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | @isaacs/brace-expansion | `5.0.0` | `5.0.1` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | Bumps the npm_and_yarn group with 3 updates in the /Document directory: [ajv](https://github.com/ajv-validator/ajv), [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 5 updates in the /GUI directory: | Package | From | To | | --- | --- | --- | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.11` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [rollup](https://github.com/rollup/rollup) | `4.46.2` | `4.59.0` | | [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` | | [axios](https://github.com/axios/axios) | `1.12.0` | `1.13.5` | Updates `fastify` from 5.4.0 to 5.8.1 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.4.0...v5.8.1) Updates `tar` from 7.4.3 to 7.5.10 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.10) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1 Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `tar` from 7.4.3 to 7.5.10 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.10) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `rollup` from 4.40.0 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.40.0...v4.59.0) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `rollup` from 4.40.0 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.40.0...v4.59.0) Updates `tar` from 7.4.3 to 7.5.11 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.10) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `rollup` from 4.46.2 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.40.0...v4.59.0) Updates `rollup` from 2.79.2 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.40.0...v4.59.0) Updates `axios` from 1.12.0 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.12.0...v1.13.5) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `rollup` from 2.79.2 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.40.0...v4.59.0) Updates `tar` from 7.4.3 to 7.5.11 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.10) --- updated-dependencies: - dependency-name: fastify dependency-version: 5.8.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@isaacs/brace-expansion" dependency-version: 5.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.11 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-12T18:05:55Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 10, 2026

dependabot Bot mentioned this pull request Mar 10, 2026

Bump the npm_and_yarn group across 3 directories with 7 updates #283

Closed

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-2f63efdf18 branch from 2b2dccd to 706b638 Compare March 11, 2026 02:34

AnkanSaha closed this Mar 12, 2026

AnkanSaha deleted the dependabot/npm_and_yarn/npm_and_yarn-2f63efdf18 branch March 12, 2026 18:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 3 directories with 7 updates#285

Bump the npm_and_yarn group across 3 directories with 7 updates#285
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-2f63efdf18

dependabot Bot commented on behalf of github Mar 10, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Mar 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Mar 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.8.1

⚠️ Security Release

v5.8.0

What's Changed

New Contributors

Changelog

7.5

7.4

7.3

7.2

7.1

7.0

Changelog

7.5

7.4

7.3

7.2

7.1

7.0

v4.59.0

4.59.0

Features

Pull Requests

v4.58.0

4.58.0

Features

Pull Requests

v4.57.1

4.57.1

Bug Fixes

Pull Requests

4.59.0

Features

Pull Requests

4.58.0

Features

Pull Requests

4.57.1

Bug Fixes

Pull Requests

v4.59.0

4.59.0

Features

Pull Requests

v4.58.0

4.58.0

Features

Pull Requests

v4.57.1

4.57.1

Bug Fixes

Pull Requests

4.59.0

Features

Pull Requests

4.58.0

Features

Pull Requests

4.57.1

Bug Fixes

Pull Requests

Uh oh!

dependabot Bot commented on behalf of github Mar 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Mar 10, 2026 •

edited

Loading