chore(deps): bump the npm_and_yarn group across 2 directories with 8 updates by dependabot[bot] · Pull Request #1060 · seanmorley15/AdventureLog

dependabot · 2026-03-16T15:01:17Z

Bumps the npm_and_yarn group with 3 updates in the /documentation directory: mdast-util-to-hast, rollup and vite.
Bumps the npm_and_yarn group with 4 updates in the /frontend directory: dompurify, @sveltejs/adapter-vercel, svelte and devalue.

Updates mdast-util-to-hast from 13.2.0 to 13.2.1

Release notes

Sourced from mdast-util-to-hast's releases.

13.2.1

Fix

ab3a795 Fix support for spaces in class names

Types

efb5312 Refactor to use @imports

a5bc210 Add declaration maps

Full Changelog: syntax-tree/mdast-util-to-hast@13.2.0...13.2.1

Commits

174795b 13.2.1
3d05b3a Update Node in Actions
ab3a795 Fix support for spaces in class names
efb5312 Refactor to use @imports
a5bc210 Add declaration maps
b54955d Add .tsbuildinfo to .gitignore
See full diff in compare view

Updates rollup from 4.27.4 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in W indows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

#6252: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6253: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6254: Fully include dynamic imports in a try-catch (@lukastaegert)

... (truncated)

Commits

ae84695 4.59.0
b39616e Update audit-resolve
c60770d Validate bundle stays within output dir (#6275)
33f39c1 4.58.0
b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
7f00689 Extend agent instructions
e7b2b85 chore(deps): lock file maintenance (#6270)
2aa5da9 fix(deps): update minor/patch updates (#6267)
4319837 chore(deps): update dependency lru-cache to v11 (#6269)
c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates vite from 5.4.19 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970) (cad1d31), closes #20968 #20970

chore: update CHANGELOG (ca88ed7)

5.4.20 (2025-09-08)

fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736

fix: port sirv@3.0.2 changes to sirv@2.0.4 (#20737) (4f1c35b), closes #20737

Commits

adce3c2 release: v5.4.21
cad1d31 fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970)
ca88ed7 chore: update CHANGELOG
997700f release: v5.4.20
482000f fix: apply fs.strict check to HTML files (#20736)
See full diff in compare view

Updates dompurify from 3.3.1 to 3.3.2

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.2

Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters

Fixed a prototype pollution issue when working with custom elements, thanks @christos-eth

Fixed a lenient config parsing in _isValidAttribute, thanks @christos-eth

Bumped and removed several dependencies, thanks @Rotzbua

Fixed the test suite after bumping dependencies, thanks @Rotzbua

Commits

5e56114 Getting 3.x branch ready for 3.3.2 release (#1208)
e8c95f4 fix: Fixed the broken package-lock.json
9636037 Update package-lock.json
5cad4ce Getting 3.x branch ready for 3.3.2 releas (#1205)
See full diff in compare view

Updates @sveltejs/adapter-vercel from 5.10.3 to 6.3.2

Release notes

Sourced from @sveltejs/adapter-vercel's releases.

@sveltejs/adapter-vercel@6.3.2

Patch Changes

fix: 404 for immutable assets that don't match static files (c67da8a)

Updated dependencies [3e607b3, 62991c8, f47c01b]:

@sveltejs/kit@2.52.2

@sveltejs/adapter-vercel@6.3.1

Patch Changes

feat: show remote function calls under the /_app/remote route in observability (#15098)

fix: prevent isr routes from handling remote function calls (#15098)

Updated dependencies [46c1ebd, 2dd74c8, 8871b54]:

@sveltejs/kit@2.50.1

@sveltejs/adapter-vercel@6.3.0

Minor Changes

chore: mark RequestContext as deprecated and refer to @vercel/functions (#14725)

Patch Changes

Updated dependencies [e67613c, a5c313e, 06de550]:

@sveltejs/kit@2.49.3

@sveltejs/adapter-vercel@6.2.0

Minor Changes

feat: Node 24 support (#14982)

@sveltejs/adapter-vercel@6.1.2

Patch Changes

chore(deps): upgrade to @vercel/nft version 1.0.0 to reduce dependencies (#14950)

Updated dependencies [0889a2a, 2ff3951, 5b30755]:

@sveltejs/kit@2.48.7

@sveltejs/adapter-vercel@6.1.1

Patch Changes

chore: improve runtime config parsing (#14838)

Updated dependencies [cd72d94, 53b1b73, 2ccc638]:

@sveltejs/kit@2.48.3

... (truncated)

Changelog

Sourced from @sveltejs/adapter-vercel's changelog.

6.3.2

Patch Changes

fix: 404 for immutable assets that don't match static files (c67da8a)

Updated dependencies [3e607b3, 62991c8, f47c01b]:

@sveltejs/kit@2.52.2

6.3.1

Patch Changes

feat: show remote function calls under the /_app/remote route in observability (#15098)

fix: prevent isr routes from handling remote function calls (#15098)

Updated dependencies [46c1ebd, 2dd74c8, 8871b54]:

@sveltejs/kit@2.50.1

6.3.0

Minor Changes

chore: mark RequestContext as deprecated and refer to @vercel/functions (#14725)

Patch Changes

Updated dependencies [e67613c, a5c313e, 06de550]:

@sveltejs/kit@2.49.3

6.2.0

Minor Changes

feat: Node 24 support (#14982)

6.1.2

Patch Changes

chore(deps): upgrade to @vercel/nft version 1.0.0 to reduce dependencies (#14950)

Updated dependencies [0889a2a, 2ff3951, 5b30755]:

@sveltejs/kit@2.48.7

6.1.1

Patch Changes

... (truncated)

Commits

9c4a737 Version Packages (#15338)
c67da8a Merge commit from fork
3b2ea1b Version Packages (#15186)
3fdb3ad fix: prevent isr routes from handling remote function calls (#15085) (#15098)
1399bd5 Version Packages (#15091)
0da365a chore(deps): update vitest monorepo to v4 (major) (#14789)
0280f4b feat: expose waitUntil also for serverless runtime & add docs (#14725)
79bb212 chore: Use formatter for robustness (#15006)
9fda2fc Version Packages (#14985)
e295db5 feat: Add Node 24 support to Vercel adapter (#14982)
Additional commits viewable in compare view

Updates svelte from 4.2.20 to 5.53.5

Release notes

Sourced from svelte's releases.

svelte@5.53.5

Patch Changes

fix: escape innerText and textContent bindings of contenteditable (0df5abcae223058ceb95491470372065fb87951d)

fix: sanitize transformError values prior to embedding in HTML comments (0298e979371bb583855c9810db79a70a551d22b9)

svelte@5.53.4

Patch Changes

fix: set server context after async transformError (#17799)

fix: hydrate if blocks correctly (#17784)

fix: handle default parameters scope leaks (#17788)

fix: prevent flushed effects from running again (#17787)

svelte@5.53.3

Patch Changes

fix: render :catch of #await block with correct key (#17769)

chore: pin aria-query@5.3.1 (#17772)

fix: make string coercion consistent to toString (#17774)

svelte@5.53.2

Patch Changes

fix: update expressions on server deriveds (#17767)

fix: further obfuscate node:crypto import from overzealous static analysis (#17763)

svelte@5.53.1

Patch Changes

fix: handle shadowed function names correctly (#17753)

svelte@5.53.0

Minor Changes

feat: allow comments in tags (#17671)

feat: allow error boundaries to work on the server (#17672)

Patch Changes

fix: use TrustedHTML to test for customizable support, where necessary (#17743)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.53.5

Patch Changes

fix: escape innerText and textContent bindings of contenteditable (0df5abcae223058ceb95491470372065fb87951d)

fix: sanitize transformError values prior to embedding in HTML comments (0298e979371bb583855c9810db79a70a551d22b9)

5.53.4

Patch Changes

fix: set server context after async transformError (#17799)

fix: hydrate if blocks correctly (#17784)

fix: handle default parameters scope leaks (#17788)

fix: prevent flushed effects from running again (#17787)

5.53.3

Patch Changes

fix: render :catch of #await block with correct key (#17769)

chore: pin aria-query@5.3.1 (#17772)

fix: make string coercion consistent to toString (#17774)

5.53.2

Patch Changes

fix: update expressions on server deriveds (#17767)

fix: further obfuscate node:crypto import from overzealous static analysis (#17763)

5.53.1

Patch Changes

fix: handle shadowed function names correctly (#17753)

5.53.0

Minor Changes

feat: allow comments in tags (#17671)

... (truncated)

Commits

ed14b49 Version Packages (#17802)
0df5abc Merge commit from fork
0298e97 Merge commit from fork
96fd3ce Version Packages (#17786)
1b3e660 fix: prevent flushed effects from running again (#17787)
673a1ab fix: set server context after async transformError (#17799)
3a28979 fix: handle default parameters scope leaks (#17788)
fcdc028 fix: hydrate if blocks correctly (#17784)
97f3ac5 Version Packages (#17775)
7deedc5 fix: render :catch of #await block with correct key (#17769)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for svelte since your current version.

Updates devalue from 5.6.3 to 5.6.4

Release notes

Sourced from devalue's releases.

v5.6.4

Patch Changes

87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

40f1db1: fix: ensure sparse array indices are integers

87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

Changelog

Sourced from devalue's changelog.

5.6.4

Patch Changes

87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

40f1db1: fix: ensure sparse array indices are integers

87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

Commits

6cbb3f5 Version Packages (#133)
40f1db1 Merge commit from fork
87c1f3c Merge commit from fork
See full diff in compare view

Updates tar from 7.5.9 to 7.5.11

Commits

bf776f6 7.5.11
f48b5fa prevent escaping symlinks with drive-relative paths
97cff15 docs: more security info
2b72abc 7.5.10
7bc755d parse root off paths before sanitizing .. parts
c8cb846 update deps
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…updates Bumps the npm_and_yarn group with 3 updates in the /documentation directory: [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast), [rollup](https://github.com/rollup/rollup) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 4 updates in the /frontend directory: [dompurify](https://github.com/cure53/DOMPurify), [@sveltejs/adapter-vercel](https://github.com/sveltejs/kit/tree/HEAD/packages/adapter-vercel), [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [devalue](https://github.com/sveltejs/devalue). Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) Updates `rollup` from 4.27.4 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.27.4...v4.59.0) Updates `vite` from 5.4.19 to 5.4.21 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) Updates `dompurify` from 3.3.1 to 3.3.2 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.3.1...3.3.2) Updates `@sveltejs/adapter-vercel` from 5.10.3 to 6.3.2 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/main/packages/adapter-vercel/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/adapter-vercel@6.3.2/packages/adapter-vercel) Updates `svelte` from 4.2.20 to 5.53.5 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.53.5/packages/svelte) Updates `devalue` from 5.6.3 to 5.6.4 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.6.3...v5.6.4) Updates `tar` from 7.5.9 to 7.5.11 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.9...v7.5.11) --- updated-dependencies: - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 5.4.21 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dompurify dependency-version: 3.3.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@sveltejs/adapter-vercel" dependency-version: 6.3.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.53.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: devalue dependency-version: 5.6.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.11 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-03-16T15:01:24Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
adventurelog	Ready	Preview, Comment	Mar 16, 2026 3:02pm

dependabot bot requested a review from seanmorley15 as a code owner March 16, 2026 15:01

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 16, 2026

vercel bot deployed to Preview March 16, 2026 15:02 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 2 directories with 8 updates#1060

chore(deps): bump the npm_and_yarn group across 2 directories with 8 updates#1060
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/documentation/npm_and_yarn-458aa52f39

dependabot bot commented on behalf of github Mar 16, 2026 •

edited by seanmorley15

Loading

Uh oh!

vercel bot commented Mar 16, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 16, 2026 • edited by seanmorley15 Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

13.2.1

Fix

Types

v4.59.0

4.59.0

Features

Pull Requests

v4.58.0

4.58.0

Features

Pull Requests

v4.57.1

4.57.1

Bug Fixes

Pull Requests

4.59.0

Features

Pull Requests

4.58.0

Features

Pull Requests

4.57.1

Bug Fixes

Pull Requests

v5.4.21

v5.4.20

5.4.21 (2025-10-20)

5.4.20 (2025-09-08)

DOMPurify 3.3.2

@​sveltejs/adapter-vercel@​6.3.2

Patch Changes

@​sveltejs/adapter-vercel@​6.3.1

Patch Changes

@​sveltejs/adapter-vercel@​6.3.0

Minor Changes

Patch Changes

@​sveltejs/adapter-vercel@​6.2.0

Minor Changes

@​sveltejs/adapter-vercel@​6.1.2

Patch Changes

@​sveltejs/adapter-vercel@​6.1.1

Patch Changes

6.3.2

Patch Changes

6.3.1

Patch Changes

6.3.0

Minor Changes

Patch Changes

6.2.0

Minor Changes

6.1.2

Patch Changes

6.1.1

Patch Changes

svelte@5.53.5

Patch Changes

svelte@5.53.4

Patch Changes

svelte@5.53.3

Patch Changes

svelte@5.53.2

Patch Changes

svelte@5.53.1

Patch Changes

svelte@5.53.0

Minor Changes

Patch Changes

5.53.5

Patch Changes

5.53.4

Patch Changes

5.53.3

Patch Changes

5.53.2

Patch Changes

dependabot bot commented on behalf of github Mar 16, 2026 •

edited by seanmorley15

Loading

`@sveltejs/adapter-vercel@6`.3.2

`@sveltejs/adapter-vercel@6`.3.1

`@sveltejs/adapter-vercel@6`.3.0

`@sveltejs/adapter-vercel@6`.2.0

`@sveltejs/adapter-vercel@6`.1.2

`@sveltejs/adapter-vercel@6`.1.1

vercel bot commented Mar 16, 2026 •

edited

Loading