Skip to content

build(deps): bump the npm_and_yarn group across 1 directory with 6 updates#8

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-d9101febb2
Open

build(deps): bump the npm_and_yarn group across 1 directory with 6 updates#8
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-d9101febb2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Mar 27, 2026
edited
Loading

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
yaml 2.8.2 2.8.3
astro 5.17.1 5.18.1
dompurify 3.3.1 3.3.2
markdown-it 13.0.2 14.1.1
storybook 10.2.4 10.2.10

Updates yaml from 2.8.2 to 2.8.3

Release notes

Sourced from yaml's releases.

v2.8.3

  • Add trailingComma ToString option for multiline flow formatting (#670)
  • Catch stack overflow during node composition (1e84ebb)
Commits
  • ce14587 2.8.3
  • 1e84ebb fix: Catch stack overflow during node composition
  • 6b24090 ci: Include Prettier check in lint action
  • 9424dee chore: Refresh lockfile
  • d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
  • 4321509 ci: Drop the branch filter from GitHub PR actions
  • 47207d0 chore: Update docs-slate
  • 5212fae chore: Update docs-slate
  • See full diff in compare view

Updates astro from 5.17.1 to 5.18.1

Release notes

Sourced from astro's releases.

astro@5.18.1

Patch Changes

  • Updated dependencies [c2cd371]:
    • @​astrojs/internal-helpers@​0.7.6
    • @​astrojs/markdown-remark@​6.3.11
Changelog

Sourced from astro's changelog.

5.18.1

Patch Changes

  • Updated dependencies [c2cd371]:
    • @​astrojs/internal-helpers@​0.7.6
    • @​astrojs/markdown-remark@​6.3.11

5.18.0

Minor Changes

  • #15589 b7dd447 Thanks @​qzio! - Adds a new security.actionBodySizeLimit option to configure the maximum size of Astro Actions request bodies.

    This lets you increase the default 1 MB limit when your actions need to accept larger payloads. For example, actions that handle file uploads or large JSON payloads can now opt in to a higher limit.

    If you do not set this option, Astro continues to enforce the 1 MB default to help prevent abuse.

    // astro.config.mjs
export default defineConfig({
  security: {
    actionBodySizeLimit: 10 * 1024 * 1024, // set to 10 MB
  },
});

Patch Changes

  • #15594 efae11c Thanks @​qzio! - Fix X-Forwarded-Proto validation when allowedDomains includes both protocol and hostname fields. The protocol check no longer fails due to hostname mismatch against the hardcoded test URL.

5.17.3

Patch Changes

  • #15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

  • #15569 e01e98b Thanks @​matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

5.17.2

Patch Changes

  • c13b536 Thanks @​matthewp! - Improves Host header handling for SSR deployments behind proxies
Commits

Updates dompurify from 3.3.1 to 3.3.2

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.2

  • Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
  • Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
  • Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
  • Bumped and removed several dependencies, thanks @​Rotzbua
  • Fixed the test suite after bumping dependencies, thanks @​Rotzbua
Commits

Updates markdown-it from 13.0.2 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

  • Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @​ltduc147 for report.

[14.1.0] - 2024-03-19

Changed

  • Updated CM spec compatibility to 0.31.2, #1009.

Fixed

  • Fixed quadratic complexity when parsing references, #996.
  • Fixed quadratic output size with pathological user input in tables, #1000.

[14.0.0] - 2023-12-08

Changed

  • Drop ancient browsers support (use .fromCodePoint and other features).
  • Rewrite to ESM (including all plugins/deps). CJS fallback still available. No signatures changed, except markdown-it-emoji plugin.
  • Dropped dist/ folder from repo, build on package publish.
  • Set punicode.js as external dependency.

Fixed

  • Html tokens inside img alt are now rendered as their original text, #896.
  • Hardbreaks inside img alt are now rendered as newlines.
Commits

Updates storybook from 10.2.4 to 10.2.10

Release notes

Sourced from storybook's releases.

v10.2.10

10.2.10

v10.2.9

10.2.9

v10.2.8

10.2.8

v10.2.7

10.2.7

v10.2.6

10.2.6

v10.2.5

10.2.5

Changelog

Sourced from storybook's changelog.

10.2.10

10.2.9

10.2.8

10.2.7

10.2.6

10.2.5

Commits
  • c812573 Bump version from "10.2.9" to "10.2.10" [skip ci]
  • fd275fb Merge pull request #33820 from storybookjs/harden-websocket-security
  • 4cdde82 Bump version from "10.2.8" to "10.2.9" [skip ci]
  • 719b6ca Bump version from "10.2.7" to "10.2.8" [skip ci]
  • 78f274b Merge pull request #33773 from storybookjs/valentin/add-exit-telemetry
  • 0ca7278 Merge pull request #33766 from storybookjs/norbert/share-channel-events
  • 1c96212 Merge pull request #33783 from storybookjs/copilot/add-expo-telemetry-patch-l...
  • 8d687ec Bump version from "10.2.6" to "10.2.7" [skip ci]
  • 711e245 Merge pull request #33776 from LouisLau-art/fix/loglevel-flag-works
  • 3802165 Merge pull request #33284 from ia319/bug/33281-dynamic-title-select
  • Additional commits viewable in compare view

Updates smol-toml from 1.6.0 to 1.6.1

Release notes

Sourced from smol-toml's releases.

v1.6.1

This release addresses a minor security vulnerability where an attacker-controlled TOML document can exploit an unrestricted recustion and cause a stack overflow error with a document that contains thousands of sucessive commented lines. Security advisory: GHSA-v3rj-xjv7-4jmq

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 27, 2026
@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 6 up…
bf22e62 
…dates

Bumps the npm_and_yarn group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.17.1` | `5.18.1` |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.3.2` |
| [markdown-it](https://github.com/markdown-it/markdown-it) | `13.0.2` | `14.1.1` |
| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `10.2.4` | `10.2.10` |



Updates `yaml` from 2.8.2 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.2...v2.8.3)

Updates `astro` from 5.17.1 to 5.18.1
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/astro@5.18.1/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@5.18.1/packages/astro)

Updates `dompurify` from 3.3.1 to 3.3.2
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.1...3.3.2)

Updates `markdown-it` from 13.0.2 to 14.1.1
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@13.0.2...14.1.1)

Updates `storybook` from 10.2.4 to 10.2.10
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.10/code/core)

Updates `smol-toml` from 1.6.0 to 1.6.1
- [Release notes](https://github.com/squirrelchat/smol-toml/releases)
- [Commits](squirrelchat/smol-toml@v1.6.0...v1.6.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: astro
  dependency-version: 5.18.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.3.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: markdown-it
  dependency-version: 14.1.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: storybook
  dependency-version: 10.2.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: smol-toml
  dependency-version: 1.6.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-d9101febb2 branch from 581bb87 to bf22e62 Compare March 27, 2026 19:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants