Bump the npm_and_yarn group across 3 directories with 18 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
esbuild	0.18.20	0.25.1
storybook	8.4.7	8.6.4
path-to-regexp	6.3.0	8.2.0
express	4.18.2	4.21.2
@appium/base-driver	9.4.0	9.16.2
@octokit/request-error	2.1.0	6.1.7
@actions/github	5.0.0	6.0.0
@octokit/rest	16.26.0	21.1.1
lerna	8.1.9	8.2.1
ip	1.1.9	removed
react-native	0.73.3	0.73.11
nanoid	3.3.8	3.3.9

Bumps the npm_and_yarn group with 1 update in the /packages/project-management-automation directory: @octokit/request-error.
Bumps the npm_and_yarn group with 5 updates in the /platform-docs directory:

Package	From	To
path-to-regexp	0.1.10	1.9.0
serve-handler	6.1.5	6.1.6
express	4.21.0	4.21.2
nanoid	3.3.7	3.3.9
prismjs	1.29.0	1.30.0

Updates esbuild from 0.18.20 to 0.25.1

Release notes

Sourced from esbuild's releases.

v0.25.1

• Fix incorrect paths in inline source maps (#4070, #4075, #4105)

  This fixes a regression from version 0.25.0 where esbuild didn't correctly resolve relative paths contained within source maps in inline sourceMappingURL data URLs. The paths were incorrectly being passed through as-is instead of being resolved relative to the source file containing the sourceMappingURL comment, which was due to the data URL not being a file URL. This regression has been fixed, and this case now has test coverage.

• Fix invalid generated source maps (#4080, #4082, #4104, #4107)

  This release fixes a regression from version 0.24.1 that could cause esbuild to generate invalid source maps. Specifically under certain conditions, esbuild could generate a mapping with an out-of-bounds source index. It was introduced by code that attempted to improve esbuild's handling of "null" entries in source maps (i.e. mappings with a generated position but no original position). This regression has been fixed.

  This fix was contributed by @​jridgewell.

• Fix a regression with non-file source map paths (#4078)

  The format of paths in source maps that aren't in the file namespace was unintentionally changed in version 0.25.0. Path namespaces is an esbuild-specific concept that is optionally available for plugins to use to distinguish paths from file paths and from paths meant for other plugins. Previously the namespace was prepended to the path joined with a : character, but version 0.25.0 unintentionally failed to prepend the namespace. The previous behavior has been restored.

• Fix a crash with switch optimization (#4088)

  The new code in the previous release to optimize dead code in switch statements accidentally introduced a crash in the edge case where one or more switch case values include a function expression. This is because esbuild now visits the case values first to determine whether any cases are dead code, and then visits the case bodies once the dead code status is known. That triggered some internal asserts that guard against traversing the AST in an unexpected order. This crash has been fixed by changing esbuild to expect the new traversal ordering. Here's an example of affected code:

  switch (x) {
    case '':
      return y.map(z => z.value)
    case y.map(z => z.key).join(','):
      return []
  }

• Update Go from 1.23.5 to 1.23.7 (#4076, #4077)

  This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain reports from vulnerability scanners that detect which version of the Go compiler esbuild uses.

  This PR was contributed by @​MikeWillCook.

v0.25.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.

• Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

  This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

  Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

  In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

  Thanks to @​sapphi-red for reporting this issue.

• Delete output files when a build fails in watch mode (#3643)

  It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

• Fix TypeScript-specific class transform edge case (#3559)

  The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

  // Original code
  class Foo extends Bar {
    #private = 1;
    public: any;
    constructor() {
      super();
    }
  }
  // Old output (with esbuild v0.19.9)
  class Foo extends Bar {
  constructor() {
  super();
  this.#private = 1;
  }
  #private;
  }
  // Old output (with esbuild v0.19.10)
  class Foo extends Bar {
  constructor() {
  this.#private = 1;
  super();
  }
  #private;
  }
  // New output
  class Foo extends Bar {
  #private = 1;
  constructor() {
  super();
  }
  }

• Minifier: allow reording a primitive past a side-effect (#3568)

  The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

• 6bfc1c1 publish 0.25.1 to npm
• f9b3952 fix #4078: prepend namespaces to source map paths
• ccf3dd7 add "contributed by" in changelog
• 48cd7a9 Update Go from 1.23.5 to 1.23.7 (#4077)
• 1f04fa4 fix absolute windows paths in source maps
• 9ca03f6 also add test case from #4075
• 2f244c0 add test case from #4104
• 1dde994 fix incorrect test names
• 9f008c5 fix #4070: file namespace for sourceMappingURL
• cbd5eb8 release notes and tests for #4082
• Additional commits viewable in compare view

Updates storybook from 8.4.7 to 8.6.4

Release notes

Sourced from storybook's releases.

v8.6.4

8.6.4

• Manager: Add Content-Type to fix Cloud IDEs - #30606, thanks @​GCHQDeveloper548!
• Vite: Include node_modules in stats file - #30711, thanks @​JReinhold!

v8.6.3

8.6.3

• CSF Factories: Align addon-essentials import with other addons - #30716, thanks @​kasperpeulen!
• Next: Support Next 15.2 - #30702, thanks @​kasperpeulen!

v8.6.2

8.6.2

• Core: Support TS3.8+ again - #30700, thanks @​kasperpeulen!
• Revert "CLI: Don't initially select Documentation and Testing features" - #30694, thanks @​shilman!

v8.6.1

8.6.1

• CSF: Only export definePreview from the framework - #30676, thanks @​kasperpeulen!
• Codemod: Only remove types when they are unused - #30644, thanks @​yannbf!

v8.6.0

8.6.0

The 8.6 release focuses on Storybook Test, which brings realtime component, accessibility, and visual UI tests to your favorite component workshop.

Here’s what’s new:

• 🎁 Storybook Test installer for out-of-the-box tests in new projects
• 🦾 Accessibility “todo” workflow to systematically fix a11y violations
• 🗜️ 80% smaller create-storybook package for much faster installs
• 🧪 Dozens of Test fixes based on user feedback
• 📕 Docs fixes for table of contents, code snippets, and more
• 🚨 Key security fixes for Vite and ESbuild
• 💯 Hundreds more improvements

• Addon A11y: Introduce parameters.a11y.test - #30516, thanks @​valentinpalkovic!
• Addon-A11y: Fix preset loading when loaded via getAbsolutePath - #30563, thanks @​valentinpalkovic!
• Addon-Docs: Change URL hash when TOC item is clicked, and fix TOC loading bugs - #30130, thanks @​Sidnioulz!
• Addon-docs: Consider custom code snippet in story code panel and update styles - #30179, thanks @​larsrickert!
• Addon-Test: Add telemetry data for Focused Tests - #30568, thanks @​JReinhold!
• Addon-Test: Fix config and watch mode inconsistencies - #30491, thanks @​JReinhold!
• Addon-Test: Fix console error in build mode - #30625, thanks @​JReinhold!
• Addon-Test: Make sure that only one global portable story config is ever loaded - #30582, thanks @​kasperpeulen!

... (truncated)

Changelog

Sourced from storybook's changelog.

8.6.4

• Manager: Add Content-Type to fix Cloud IDEs - #30606, thanks @​GCHQDeveloper548!
• Vite: Include node_modules in stats file - #30711, thanks @​JReinhold!

8.6.3

• CSF Factories: Align addon-essentials import with other addons - #30716, thanks @​kasperpeulen!
• Next: Support Next 15.2 - #30702, thanks @​kasperpeulen!

8.6.2

• Core: Support TS3.8+ again - #30700, thanks @​kasperpeulen!
• Revert "CLI: Don't initially select Documentation and Testing features" - #30694, thanks @​shilman!

8.6.1

• CSF: Only export definePreview from the framework - #30676, thanks @​kasperpeulen!
• Codemod: Only remove types when they are unused - #30644, thanks @​yannbf!

8.6.0

The 8.6 release focuses on Storybook Test, which brings realtime component, accessibility, and visual UI tests to your favorite component workshop.

Here’s what’s new:

• 🎁 Storybook Test installer for out-of-the-box tests in new projects
• 🦾 Accessibility “todo” workflow to systematically fix a11y violations
• 🗜️ 80% smaller create-storybook package for much faster installs
• 🧪 Dozens of Test fixes based on user feedback
• 📕 Docs fixes for table of contents, code snippets, and more
• 🚨 Key security fixes for Vite and ESbuild
• 💯 Hundreds more improvements

• Addon A11y: Introduce parameters.a11y.test - #30516, thanks @​valentinpalkovic!
• Addon-A11y: Fix preset loading when loaded via getAbsolutePath - #30563, thanks @​valentinpalkovic!
• Addon-Docs: Change URL hash when TOC item is clicked, and fix TOC loading bugs - #30130, thanks @​Sidnioulz!
• Addon-docs: Consider custom code snippet in story code panel and update styles - #30179, thanks @​larsrickert!
• Addon-Test: Add telemetry data for Focused Tests - #30568, thanks @​JReinhold!
• Addon-Test: Fix config and watch mode inconsistencies - #30491, thanks @​JReinhold!
• Addon-Test: Fix console error in build mode - #30625, thanks @​JReinhold!
• Addon-Test: Make sure that only one global portable story config is ever loaded - #30582, thanks @​kasperpeulen!
• Angular: Fix accent character issue - #30276, thanks @​valentinpalkovic!
• Angular: Support experimental zoneless mode - #28657, thanks @​anedomansky!
• Angular: Support v19.2 when @​angular/animations is not installed - #30611, thanks @​valentinpalkovic!
• Builder-Vite: Fix resolve id warning - #30511, thanks @​valentinpalkovic!
• Builder-Vite: Fix runtime and iframe 404 on first load - #30567, thanks @​valentinpalkovic!

... (truncated)

Commits

• d826042 Bump version from "8.6.3" to "8.6.4" [skip ci]
• d4e73f5 Bump version from "8.6.2" to "8.6.3" [skip ci]
• 054974b Bump version from "8.6.1" to "8.6.2" [skip ci]
• 15ef409 Bump version from "8.6.0" to "8.6.1" [skip ci]
• a13c741 Bump version from "8.6.0-beta.10" to "8.6.0" [skip ci]
• 29db3b4 Bump version from "8.6.0-beta.9" to "8.6.0-beta.10" [skip ci]
• dd5a9fc Bump version from "8.6.0-beta.8" to "8.6.0-beta.9" [skip ci]
• 8c805b1 Bump version from "8.6.0-beta.7" to "8.6.0-beta.8" [skip ci]
• acf4f6b Bump version from "8.6.0-beta.6" to "8.6.0-beta.7" [skip ci]
• 7a0479b Bump version from "8.6.0-beta.5" to "8.6.0-beta.6" [skip ci]
• Additional commits viewable in compare view

Updates path-to-regexp from 6.3.0 to 8.2.0

Release notes

Sourced from path-to-regexp's releases.

8.2.0

Fixed

• Allowing path-to-regexp to run on older browsers by targeting ES2015
  • Target ES2015 5969033
    • Also saved 0.22kb (10%!) by removing the private class field down level
  • Remove s flag from regexp 51dbd45

pillarjs/path-to-regexp@v8.1.0...v8.2.0

v8.1.0

Added

• Adds pathToRegexp method back for generating a regex
• Adds stringify method for converting TokenData into a path string

pillarjs/path-to-regexp@v8.0.0...v8.1.0

Simpler API

Heads up! This is a fairly large change (again) and I need to apologize in advance. If I foresaw what this version would have ended up being I would not have released version 7. A longer blog post and explanation will be incoming this week, but the pivot has been due to work on Express.js v5 and this will the finalized syntax used in Express moving forward.

Edit: The post is out - https://blakeembrey.com/posts/2024-09-web-redos/

Added

• Adds key names to wildcards using *name syntax, aligns with : behavior but using an asterisk instead

Changed

• Removes group suffixes of ?, +, and * - only optional exists moving forward (use wildcards for +, {*foo} for *)
• Parameter names follow JS identifier rules and allow unicode characters

Added

• Parameter names can now be quoted, e.g. :"foo-bar"
• Match accepts an array of values, so the signature is now string | TokenData | Array<string | TokenData>

Removed

• Removes loose mode
• Removes regular expression overrides of parameters

pillarjs/path-to-regexp@v7.1.0...v8.0.0

Support array inputs (again)

Added

• Support array inputs for match and pathToRegexp 3fdd88f

pillarjs/path-to-regexp@v7.1.0...v7.2.0

... (truncated)

Commits

• 776c898 8.2.0
• 678756a Dumb down code for negate
• e85fe27 Upgrade deps
• 5969033 Target ES2015
• 51dbd45 Remove s flag from regexp
• df39d6c Append backtrack, ignore bench in coverage
• d6c3658 Update express 4 compatibility guide
• c302644 8.1.0
• 7b4598c Document stringify method
• d6150f5 Add pathToRegexp method back
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: [email protected] by @​blakeembrey in expressjs/express#5956
• deps: bump [email protected] by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• [email protected] by @​wesleytodd in expressjs/express#5954
• fix(deps): [email protected] by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: [email protected]
  • Fix backtracking protection
• deps: [email protected]
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: [email protected]
  • includes [email protected]
• deps: [email protected]
• deps: [email protected]

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump [email protected] (#6209)
• 59fc270 deps: [email protected] (#5956)
• 51fc39c docs: add funding (#6065)
• 8e229f9 4.21.1
• a024c8a fix(deps): [email protected]
• 7e562c6 4.21.0
• 1bcde96 fix(deps): [email protected] (#5946)
• 7d36477 fix(deps): [email protected] (#5951)
• 40d2d8f fix(deps): [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates @appium/base-driver from 9.4.0 to 9.16.2

Release notes

Sourced from @​appium/base-driver's releases.

@​appium/base-driver@​9.16.2

9.16.2 (2025-02-20)

Bug Fixes

• base-driver: Restore the legacy proxy url behaviour (#21021) (dd64a48)

@​appium/base-driver@​9.16.1

9.16.1 (2025-02-20)

Bug Fixes

• base-driver: Optimize the logic of getUrlForProxy (#21018) (8a664a4)

@​appium/base-driver@​9.16.0

9.16.0 (2025-02-19)

Features

• Add /appium/extensions API to list available extensions (#20931) (a6b6077)
• add /appium/sessions, /session/:sessionId/appium/capabilities and deprecated marks will be removed in the future (#20936) (eeb59ca)
• Add BiDi commands to the listCommands API output (#20925) (2635dcb)
• appium: Add a command line parameter to configure HTTP server request timeout (#21003) (eb1b156)
• base-driver: Add an API to list commands (#20914) (059f1cb)
• base-driver: Print the closest match if the given script did not match (#20956) (f8b5799)

Bug Fixes

• driver-test-support: update definitelytyped (#20942) (f7c63ee)
• types: update dependency type-fest to v4.32.0 (#20900) (fbc8530)
• types: update dependency type-fest to v4.33.0 (#20923) (2409d32)
• types: update dependency type-fest to v4.34.1 (#20971) (0a7490e)
• types: update dependency type-fest to v4.35.0 (#20999) (3dc7336)

@​appium/base-driver@​9.15.0

9.15.0 (2025-01-08)

Features

• appium,base-driver,base-plugin: allow plugins to define custom bidi commands and emit bidi events (#20876) (8df1c21)

@​appium/base-driver@​9.14.1

9.14.1 (2025-01-06)

... (truncated)

Changelog

Sourced from @​appium/base-driver's changelog.

9.16.2 (2025-02-20)

Bug Fixes

• base-driver: Restore the legacy proxy url behaviour (#21021) (dd64a48)

9.16.1 (2025-02-20)

Bug Fixes

• base-driver: Optimize the logic of getUrlForProxy (#21018) (8a664a4)

9.16.0 (2025-02-19)

Features

• Add /appium/extensions API to list available extensions (#20931) (a6b6077)
• add /appium/sessions, /session/:sessionId/appium/capabilities and deprecated marks will be removed in the future (#20936) (eeb59ca)
• Add BiDi commands to the listCommands API output (#20925) (2635dcb)
• appium: Add a command line parameter to configure HTTP server request timeout (#21003) (eb1b156)
• base-driver: Add an API to list commands (#20914) (059f1cb)
• base-driver: Print the closest match if the given script did not match (#20956) (f8b5799)

Bug Fixes

• driver-test-support: update definitelytyped (#20942) (f7c63ee)
• types: update dependency type-fest to v4.32.0 (#20900) (fbc8530)
• types: update dependency type-fest to v4.33.0 (#20923) (2409d32)
• types: update dependency type-fest to v4.34.1 (#20971) (0a7490e)
• types: update dependency type-fest to v4.35.0 (#20999) (3dc7336)

9.15.0 (2025-01-08)

Features

• appium,base-driver,base-plugin: allow plugins to define custom bidi commands and emit bidi events (#20876) (8df1c21)

... (truncated)

Commits

• e473b05 chore: publish
• dd64a48 fix(base-driver): Restore the legacy proxy url behaviour (#21021)
• 715fd03 chore: publish
• 8a664a4 fix(base-driver): Optimize the logic of getUrlForProxy (#21018)
• ea00e3a chore: publish
• eb1b156 feat(appium): Add a command line parameter to configure HTTP server request t...
• 3dc7336 fix(types): update dependency type-fest to v4.35.0 (#20999)
• 4196610 chore(appium): returns this.caps for /session/:sessionId/appium/capabilities ...
• 848f2b2 chore(appium): handle getAppiumSessions as non session id commands (#20981)
• 0a7490e fix(types): update dependency type-fest to v4.34.1 (#20971)
• Additional commits viewable in compare view

Updates @octokit/request-error from 2.1.0 to 6.1.7

Release notes

Sourced from @​octokit/request-error's releases.

v6.1.7

6.1.7 (2025-02-13)

Bug Fixes

• ReDos regex vulnerability, reported by @​DayShift (d558320874a4bc8d356babf1079e6f0056a59b9e)

v6.1.6

6.1.6 (2024-12-29)

Bug Fixes

• deps: bump @octokit/types to fix Deno compat (#483) (e01d470)

v6.1.5

6.1.5 (2024-09-24)

Bug Fixes

• types: add explicit | undefined to optional fields (#462) (43fc3bd)

v6.1.4

6.1.4 (2024-07-11)

Bug Fixes

• improve perf of request error instantiations (#444) (ba04ffa)

v6.1.3

6.1.3 (2024-07-11)

Bug Fixes

• docs: correct title in README (#443) (e24d923)

v6.1.2

6.1.2 (2024-07-10)

Bug Fixes

• ensure statusCode is always an integer (#439) (6eb8634)

v6.1.1

6.1.1 (2024-04-16)

... (truncated)

Commits

• c346f5c fix: linting issues (#494)
• d558320 Merge commit from fork
• 5046116 chore(deps): update dependency esbuild to ^0.25.0 (#491)
• 50513ba build(deps): lock file maintenance (#490)
• bd5e83f build(deps): lock file maintenance (#488)
• d204ea3 build(deps): lock file maintenance (#486)
• ab1585a chore(deps): update vitest monorepo to v3 (major) (#487)
• 03a7e12 build(deps): lock file maintenance (#485)
• cb4feec build(deps): lock file maintenance (#484)
• e01d470 fix(deps): bump @octokit/types to fix Deno compat (#483)
• Additional commits viewable in compare view

Updates @actions/github from 5.0.0 to 6.0.0

Changelog

Sourced from @​actions/github's changelog.

6.0.0

• Support the latest Octokit in @​actions/github #1553
  • Drop support of NodeJS v14, v16

5.1.1

• Export default octokit options #1188

5.1.0

• Add additionalPlugins parameter to getOctokit method #1181
• Dependency updates #1180

5.0.3

• • Update to v2.0.1 of @actions/http-client #1087

5.0.2

• Update to v2.0.0 of @actions/http-client

5.0.1

• Update Octokit Dependencies

Commits

• See full diff in compare view

Updates @octokit/rest from 16.26.0 to 21.1.1

Release notes

Sourced from @​octokit/rest's releases.

v21.1.1

21.1.1 (2025-02-14)

Bug Fixes

• deps: update Octokit dependencies to mitigate ReDos [security] (#484) (ca256c3)

v21.1.0

21.1.0 (2025-01-08)

Features

• new endpoints, bump Octokit deps to fix Deno (#477) (908b1c8)

v21.0.2

21.0.2 (2024-08-16)

Bug Fixes

• docs: update to react 18 and latest gatsby deps (#462) (9a80f06), closes #216 #230 #460

v21.0.1

21.0.1 (2024-07-17)

Bug Fixes

• update deps (#456) (93d5afb)

v21.0.0

21.0.0 (2024-06-20)

Features

• v21 (#413) (12b6c65)

BREAKING CHANGES

• package is now ESM

v21.0.0-beta.4

21.0.0-beta.4 (2024-06-19)

... (truncated)

Commits

• ca256c3 fix(deps): update Octokit dependencies to mitigate ReDos [security] (#484)
• e791111 chore(deps): update dependency esbuild to ^0.25.0 (#483)

[github-actions]

Warning: Type of PR label mismatch

To merge this PR, it requires exactly 1 label indicating the type of PR. Other labels are optional and not being checked here.

• Type-related labels to choose from: [Type] Automated Testing, [Type] Breaking Change, [Type] Bug, [Type] Build Tooling, [Type] Code Quality, [Type] Copy, [Type] Developer Documentation, [Type] Enhancement, [Type] Experimental, [Type] Feature, [Type] New API, [Type] Task, [Type] Technical Prototype, [Type] Performance, [Type] Project Management, [Type] Regression, [Type] Security, [Type] WP Core Ticket, Backport from WordPress Core, Gutenberg Plugin.
• Labels found: dependencies, javascript.

Read more about Type labels in Gutenberg. Don't worry if you don't have the required permissions to add labels; the PR reviewer should be able to help with the task.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.