Skip to content

chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates#519

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-f1bd769628
Closed

chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates#519
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-f1bd769628

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 19, 2026

Bumps the npm_and_yarn group with 4 updates in the / directory: basic-ftp, fast-xml-parser, rollup and undici.
Bumps the npm_and_yarn group with 1 update in the /e2e/fixtures/npm/simple directory: bootstrap.

Updates basic-ftp from 5.1.0 to 5.2.0

Release notes

Sourced from basic-ftp's releases.

5.2.0

  • Changed: Skip files with invalid name in downloadToDir.
Changelog

Sourced from basic-ftp's changelog.

5.2.0

Commits
Maintainer changes

This version was pushed to npm by patrickjuchli, a new releaser for basic-ftp since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates fast-xml-parser from 5.3.6 to 5.5.6

Release notes

Sourced from fast-xml-parser's releases.

fix entity expansion and incorrect replacement and performance

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.5...v5.5.6

support onDangerousProperty

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.3...v5.5.5

update dependecies to fix typings

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.1...v5.5.2

integrate path-expression-matcher

  • support path-expression-matcher
  • fix: stopNode should not be parsed
  • performance improvement for stopNode checking

Separate Builder

XML Builder was the part of fast-xml-parser for years. But considering that any bug in builder may false-alarm the users who are only using parser and vice-versa, we have decided to split it into a separate package.

Migration

To migrate to fast-xml-builder;

From

import { XMLBuilder } from "fast-xml-parser";

To

import  XMLBuilder  from "fast-xml-builder";

XMLBuilder will be removed from current package in any next major version of this library. So better to migrate.

support strictReservedNames

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.9...v5.3.9

handle non-array input for XML builder && support maxNestedTags

CJS typing fix

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.5.7 / 2026-03-19

  • fix: entity expansion limits
  • update strnum package to 2.2.0

5.5.6 / 2026-03-16

  • update builder dependency
  • fix incorrect regex to replace . in entity name
  • fix check for entitiy expansion for lastEntities and html entities too

5.5.5 / 2026-03-13

  • sanitize dangerous tag or attribute name
  • error on critical property name
  • support onDangerousProperty option

5.5.4 / 2026-03-13

  • declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher

5.5.3 / 2026-03-11

  • upgrade builder

5.5.2 / 2026-03-11

  • update dependency to fix typings

5.5.1 / 2026-03-10

  • fix dependency

5.5.0 / 2026-03-10

  • support path-expression-matcher
  • fix: stopNode should not be parsed
  • performance improvement for stopNode checking

5.4.2 / 2026-03-03

  • support maxEntityCount option

5.4.1 / 2026-02-25

  • fix (#785) unpairedTag node should not have tag content

5.4.0 / 2026-02-25

  • migrate to fast-xml-builder

5.3.9 / 2026-02-25

  • support strictReservedNames

5.3.8 / 2026-02-25

  • support maxNestedTags

... (truncated)

Commits
  • 870043e update release info
  • 6df401e update builder dependency
  • bd26122 check for entitiy expansion for lastEntities and html entities too
  • 7e70dd8 fix incorrect regex to replace . in entity name
  • e54155f update package info
  • 3308fd7 handle critical properties
  • 0500f6b refactor
  • ea07bb2 declare Matcher & Expression as unknown
  • 0a4dc92 upgrade builder
  • e0a14f7 update dependency to fix typings
  • Additional commits viewable in compare view

Updates rollup from 4.57.1 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

v4.58.0

4.58.0

2026-02-20

Features

  • Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

4.58.0

2026-02-20

Features

  • Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

Commits

Updates undici from 7.22.0 to 7.24.4

Release notes

Sourced from undici's releases.

v7.24.4

What's Changed

Full Changelog: nodejs/undici@v7.24.3...v7.24.4

v7.24.3

What's Changed

Full Changelog: nodejs/undici@v7.24.2...v7.24.3

v7.24.2

What's Changed

Full Changelog: nodejs/undici@v7.24.1...v7.24.2

v7.24.1

What's Changed

Full Changelog: nodejs/undici@v7.24.0...v7.24.1

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

... (truncated)

Commits

Updates bootstrap from 3.1.1 to 5.0.0

Release notes

Sourced from bootstrap's releases.

v5.0.0

Highlights

#32155: Updated make-col() mixin to generate equal columns when no size is specified #32763: Added new color-scheme() mixin #33389: Dropdown menus now have option become clickable #33453: Added new docs footer #33548: Offcanvas header components are now vertically aligned #33549: Added offcanvas-top modifier #33634: Added support for .dropdown-items wrapped in <li>s #33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

  • #32763: Add color-scheme mixin
  • #33389: Dropdown — Add option to make the dropdown menu clickable
  • #33549: Add offcanvas-top modifier

🎨 CSS

  • #32155: Add equal column mixin
  • #32763: Add color-scheme mixin
  • #33292: Make accordion icon rotation more natural
  • #33411: Fix validation feedback icon in select multiple
  • #33478: Make .nav-link color consistent when using buttons
  • #33482: Dropdown — Apply positioning only when Popper is not used
  • #33548: Vertically align offcanvas header components
  • #33549: Add offcanvas-top modifier
  • #33550: Spinner alignment changes
  • #33598: Hide validation icons from multiple selects
  • #33600: Have $form-check-input-border's default derive from $black
  • #33607: Reduce color-scheme complexity
  • #33642: use :read-only css selector instead [readonly] for consistency
  • #33658: fix: use list-group variable instead of alert
  • #33736: accordion: fix border-top on Firefox

☕️ JavaScript

  • #32439: Decouple BackDrop from modal
  • #33245: Decouple Modal's scrollbar functionality
  • #33249: Simplify Modal Config
  • #33250: Simplify ScrollSpy config
  • #33310: fix: make EventHandler better handle mouseenter/mouseleave events
  • #33389: Dropdown — Add option to make the dropdown menu clickable
  • #33429: Remove element event listeners through base component
  • #33451: Add missing things in hide method of dropdown
  • #33456: Use our isDisabled util on dropdown
  • #33466: Refactor dropdown's hide functionality
  • #33479: Fix dropdown escape propagation
  • #33496: Use cached noop function

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by mdo, a new releaser for bootstrap since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 2 directories with 5 …
af04d8a 
…updates

Bumps the npm_and_yarn group with 4 updates in the / directory: [basic-ftp](https://github.com/patrickjuchli/basic-ftp), [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser), [rollup](https://github.com/rollup/rollup) and [undici](https://github.com/nodejs/undici).
Bumps the npm_and_yarn group with 1 update in the /e2e/fixtures/npm/simple directory: [bootstrap](https://github.com/twbs/bootstrap).


Updates `basic-ftp` from 5.1.0 to 5.2.0
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](patrickjuchli/basic-ftp@v5.1.0...v5.2.0)

Updates `fast-xml-parser` from 5.3.6 to 5.5.6
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.3.6...v5.5.6)

Updates `rollup` from 4.57.1 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.57.1...v4.59.0)

Updates `undici` from 7.22.0 to 7.24.4
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.22.0...v7.24.4)

Updates `bootstrap` from 3.1.1 to 5.0.0
- [Release notes](https://github.com/twbs/bootstrap/releases)
- [Commits](twbs/bootstrap@v3.1.1...v5.0.0)

---
updated-dependencies:
- dependency-name: basic-ftp
  dependency-version: 5.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-version: 5.5.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 7.24.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: bootstrap
  dependency-version: 5.0.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 19, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 19, 2026 18:26
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 19, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 19, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-f1bd769628 branch March 19, 2026 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KLongmuirHD