Skip to content

Bump the patch-releases group across 2 directories with 5 updates#616

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/patch-releases-cd2a4e4549
Closed

Bump the patch-releases group across 2 directories with 5 updates#616
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/patch-releases-cd2a4e4549

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 6, 2026
edited
Loading

Bumps the patch-releases group with 2 updates in the / directory: autoprefixer and postcss.
Bumps the patch-releases group with 3 updates in the /dumper-companion directory: @zip.js/zip.js, preact and webpack.

Updates autoprefixer from 10.4.24 to 10.4.27

Release notes

Sourced from autoprefixer's releases.

10.4.27

  • Removed development key from package.json.

10.4.26

  • Reduced package size.

10.4.25

  • Fixed broken gradients on CSS Custom Properties (by @​serger777).
Changelog

Sourced from autoprefixer's changelog.

10.4.27

  • Removed development key from package.json.

10.4.26

  • Reduced package size.

10.4.25

  • Fixed broken gradients on CSS Custom Properties (by @​serger777).
Commits

Updates postcss from 8.5.6 to 8.5.8

Release notes

Sourced from postcss's releases.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Changelog

Sourced from postcss's changelog.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Commits

Updates @zip.js/zip.js from 2.8.17 to 2.8.23

Release notes

Sourced from @​zip.js/zip.js's releases.

v2.8.23

  • Fixed zip64 auto-detection with keepOrder set to false in ZipWriter

Zip files containing entries larger than 4 GB or larger than 4 GB are now handled correctly when entries are written in parallel with keepOrder set to false. The zip64 extra field in the central directory is now built from actual offset and disk number values at close time, rather than being predicted at entry creation time.

  • Updated dev dependencies

v2.8.22

Fixed support of option keepOrder when set to false in ZipWriter (the option is set to true by default)

v2.8.21

Implemented workaround (feature test) for DOMException serialization bug in Deno version 2.6.x (fix gildas-lormeau/zip.js#636)

v2.8.20

v2.8.19

Removed unwanted web-worker dependency inadvertently added in the package.json file of version 2.8.17

v2.8.18

  • Added createTempStream option to ZipWriter, used when adding entries in parallel, for custom temporary buffered write storage (e.g. filesystem, OPFS, network) instead of the default in-memory TransformStream (see this test for a usage example)
  • Improved buffering implementation in ZipWriter by removing the Blob/Response usage
  • Fixed minor regression introduced in version 2.8.16 when the web worker URI is not a data or blob URI (workers were not working with code using ES6 import) (see related test)
Commits

Updates preact from 10.28.3 to 10.28.4

Release notes

Sourced from preact's releases.

10.28.4

Fixes

Performance

Commits

Updates webpack from 5.105.0 to 5.105.4

Release notes

Sourced from webpack's releases.

v5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

v5.105.3

Patch Changes

  • Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

  • Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

  • Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

  • Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

  • Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

  • Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

  • Fix some types. (by @​alexander-akait in #20412)

  • Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

  • Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

  • Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

  • Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

  • Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

v5.105.2

Patch Changes

v5.105.1

Patch Changes

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.4

Patch Changes

  • Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

  • Handle createRequire in expressions. (by @​alexander-akait in #20549)

  • Fixed types for multi stats. (by @​alexander-akait in #20556)

  • Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

  • Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

  • Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

5.105.3

Patch Changes

  • Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

  • Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

  • Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

  • Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

  • Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

  • Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

  • Fix some types. (by @​alexander-akait in #20412)

  • Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

  • Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

  • Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

  • Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

  • Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

5.105.2

Patch Changes

... (truncated)

Commits
  • 27c13b4 chore(release): new release (#20550)
  • 9b2f41e chore: bump terser plugin (#20569)
  • eafe060 fix: narrow the export presence guard detection (#20561)
  • 75d605c refactor: add AppendOnlyStackedSet iteration support and tests (#20560)
  • afa607d refactor: remove unused code (#20562)
  • 4098902 test: add source files for web-webworker and web-webworker-auto-public-path (...
  • f97be67 refactor: fix duplicated word in Compilation JSDoc (#20547)
  • 9d76fff refactor: add Module.getSourceBasicTypes for basic JS type detection (#20546)
  • a3d7839 fix: types for multi stats (#20556)
  • b8e9b05 fix: update enhanced-resolve to support new features for tsconfig.json (#...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the patch-releases group across 2 directories with 5 updates
ac00d21 
Bumps the patch-releases group with 2 updates in the / directory: [autoprefixer](https://github.com/postcss/autoprefixer) and [postcss](https://github.com/postcss/postcss).
Bumps the patch-releases group with 3 updates in the /dumper-companion directory: [@zip.js/zip.js](https://github.com/gildas-lormeau/zip.js), [preact](https://github.com/preactjs/preact) and [webpack](https://github.com/webpack/webpack).


Updates `autoprefixer` from 10.4.24 to 10.4.27
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md)
- [Commits](postcss/autoprefixer@10.4.24...10.4.27)

Updates `postcss` from 8.5.6 to 8.5.8
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.6...8.5.8)

Updates `@zip.js/zip.js` from 2.8.17 to 2.8.23
- [Release notes](https://github.com/gildas-lormeau/zip.js/releases)
- [Commits](gildas-lormeau/zip.js@v2.8.17...v2.8.23)

Updates `preact` from 10.28.3 to 10.28.4
- [Release notes](https://github.com/preactjs/preact/releases)
- [Commits](preactjs/preact@10.28.3...10.28.4)

Updates `webpack` from 5.105.0 to 5.105.4
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.105.0...v5.105.4)

---
updated-dependencies:
- dependency-name: autoprefixer
  dependency-version: 10.4.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-releases
- dependency-name: postcss
  dependency-version: 8.5.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-releases
- dependency-name: "@zip.js/zip.js"
  dependency-version: 2.8.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-releases
- dependency-name: preact
  dependency-version: 10.28.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-releases
- dependency-name: webpack
  dependency-version: 5.105.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-releases
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 6, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 13, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 13, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/patch-releases-cd2a4e4549 branch March 13, 2026 10:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants