chore(deps): bump the npm_and_yarn group across 7 directories with 2 updates#211

Open

dependabot[bot] wants to merge 1 commit intodevelopmentfrom

dependabot/npm_and_yarn/frontend/npm_and_yarn-2cb10c759e

Contributor

dependabot bot commented on behalf of github Mar 28, 2026

Bumps the npm_and_yarn group with 1 update in the /frontend directory: yaml.
Bumps the npm_and_yarn group with 1 update in the /lib/endpoints directory: path-to-regexp.
Bumps the npm_and_yarn group with 1 update in the /ranges/merge directory: path-to-regexp.
Bumps the npm_and_yarn group with 1 update in the /screens/evaluations directory: path-to-regexp.
Bumps the npm_and_yarn group with 1 update in the /screens/images directory: path-to-regexp.
Bumps the npm_and_yarn group with 1 update in the /screens/screenManager directory: path-to-regexp.
Bumps the npm_and_yarn group with 1 update in the /serverState directory: path-to-regexp.

Updates yaml from 1.10.2 to 1.10.3

Commits

cfe8f04 1.10.3
7abcf45 fix: Catch stack overflow during CST composition
a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
a5e83b0 style: Apply updates Prettier rules
b8ddca0 chore: Refresh lockfile
395f892 ci: Use a different (working) submodule checkout
6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
See full diff in compare view

Updates path-to-regexp from 8.3.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fix CVE-2026-4926 (GHSA-j3q9-mxjg-w52f)

Fix CVE-2026-4923 (GHSA-27v5-c462-wpq7)

Fixed

Restricts wildcard backtracking when using more than 1 in a path (pillarjs/path-to-regexp#421)

Changed

Dedupes regex prefixes (pillarjs/path-to-regexp#422)

This will result in shorter regular expressions for some cases using optional groups

Rejects large optional route combinations (pillarjs/path-to-regexp#424)

When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

Commits

34cb451 8.4.0
22a9679 Reject large optional route combinations (#424)
8881a88 Byte optimization (#423)
43669ac Dedupe regex prefixes (#422)
4864654 Restrict repeated wildcard backtracking (#421)
05a5a97 Remove dependabot config (#404)
5b635cd Remove package-lock.json (#407)
See full diff in compare view

Updates path-to-regexp from 8.2.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fix CVE-2026-4926 (GHSA-j3q9-mxjg-w52f)

Fix CVE-2026-4923 (GHSA-27v5-c462-wpq7)

Fixed

Restricts wildcard backtracking when using more than 1 in a path (pillarjs/path-to-regexp#421)

Changed

Dedupes regex prefixes (pillarjs/path-to-regexp#422)

This will result in shorter regular expressions for some cases using optional groups

Rejects large optional route combinations (pillarjs/path-to-regexp#424)

When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

Commits

34cb451 8.4.0
22a9679 Reject large optional route combinations (#424)
8881a88 Byte optimization (#423)
43669ac Dedupe regex prefixes (#422)
4864654 Restrict repeated wildcard backtracking (#421)
05a5a97 Remove dependabot config (#404)
5b635cd Remove package-lock.json (#407)
See full diff in compare view

Updates path-to-regexp from 8.2.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fix CVE-2026-4926 (GHSA-j3q9-mxjg-w52f)

Fix CVE-2026-4923 (GHSA-27v5-c462-wpq7)

Fixed

Restricts wildcard backtracking when using more than 1 in a path (pillarjs/path-to-regexp#421)

Changed

Dedupes regex prefixes (pillarjs/path-to-regexp#422)

This will result in shorter regular expressions for some cases using optional groups

Rejects large optional route combinations (pillarjs/path-to-regexp#424)

When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

Commits

34cb451 8.4.0
22a9679 Reject large optional route combinations (#424)
8881a88 Byte optimization (#423)
43669ac Dedupe regex prefixes (#422)
4864654 Restrict repeated wildcard backtracking (#421)
05a5a97 Remove dependabot config (#404)
5b635cd Remove package-lock.json (#407)
See full diff in compare view

Updates path-to-regexp from 8.2.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fix CVE-2026-4926 (GHSA-j3q9-mxjg-w52f)

Fix CVE-2026-4923 (GHSA-27v5-c462-wpq7)

Fixed

Restricts wildcard backtracking when using more than 1 in a path (pillarjs/path-to-regexp#421)

Changed

Dedupes regex prefixes (pillarjs/path-to-regexp#422)

This will result in shorter regular expressions for some cases using optional groups

Rejects large optional route combinations (pillarjs/path-to-regexp#424)

When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

Commits

34cb451 8.4.0
22a9679 Reject large optional route combinations (#424)
8881a88 Byte optimization (#423)
43669ac Dedupe regex prefixes (#422)
4864654 Restrict repeated wildcard backtracking (#421)
05a5a97 Remove dependabot config (#404)
5b635cd Remove package-lock.json (#407)
See full diff in compare view

Updates path-to-regexp from 8.2.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fix CVE-2026-4926 (GHSA-j3q9-mxjg-w52f)

Fix CVE-2026-4923 (GHSA-27v5-c462-wpq7)

Fixed

Restricts wildcard backtracking when using more than 1 in a path (pillarjs/path-to-regexp#421)

Changed

Dedupes regex prefixes (pillarjs/path-to-regexp#422)

This will result in shorter regular expressions for some cases using optional groups

Rejects large optional route combinations (pillarjs/path-to-regexp#424)

When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

Commits

34cb451 8.4.0
22a9679 Reject large optional route combinations (#424)
8881a88 Byte optimization (#423)
43669ac Dedupe regex prefixes (#422)
4864654 Restrict repeated wildcard backtracking (#421)
05a5a97 Remove dependabot config (#404)
5b635cd Remove package-lock.json (#407)
See full diff in compare view

Updates path-to-regexp from 8.2.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fix CVE-2026-4926 (GHSA-j3q9-mxjg-w52f)

Fix CVE-2026-4923 (GHSA-27v5-c462-wpq7)

Fixed

Restricts wildcard backtracking when using more than 1 in a path (pillarjs/path-to-regexp#421)

Changed

Dedupes regex prefixes (pillarjs/path-to-regexp#422)

This will result in shorter regular expressions for some cases using optional groups

Rejects large optional route combinations (pillarjs/path-to-regexp#424)

When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

Commits

34cb451 8.4.0
22a9679 Reject large optional route combinations (#424)
8881a88 Byte optimization (#423)
43669ac Dedupe regex prefixes (#422)
4864654 Restrict repeated wildcard backtracking (#421)
05a5a97 Remove dependabot config (#404)
5b635cd Remove package-lock.json (#407)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.


          chore(deps): bump the npm_and_yarn group across 7 directories with 2 …

c2634af

…updates

Bumps the npm_and_yarn group with 1 update in the /frontend directory: [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 1 update in the /lib/endpoints directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp).
Bumps the npm_and_yarn group with 1 update in the /ranges/merge directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp).
Bumps the npm_and_yarn group with 1 update in the /screens/evaluations directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp).
Bumps the npm_and_yarn group with 1 update in the /screens/images directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp).
Bumps the npm_and_yarn group with 1 update in the /screens/screenManager directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp).
Bumps the npm_and_yarn group with 1 update in the /serverState directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp).


Updates `yaml` from 1.10.2 to 1.10.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v1.10.2...v1.10.3)

Updates `path-to-regexp` from 8.3.0 to 8.4.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.0)

Updates `path-to-regexp` from 8.2.0 to 8.4.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.0)

Updates `path-to-regexp` from 8.2.0 to 8.4.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.0)

Updates `path-to-regexp` from 8.2.0 to 8.4.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.0)

Updates `path-to-regexp` from 8.2.0 to 8.4.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.0)

Updates `path-to-regexp` from 8.2.0 to 8.4.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.0)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 1.10.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 8.4.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 8.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 8.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 8.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 8.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 8.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies javascript labels

dependabot bot mentioned this pull request

chore(deps): bump the npm_and_yarn group across 6 directories with 2 updates #210

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies javascript