Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 25 updates#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-4ea39a191f
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 25 updates#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-4ea39a191f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 28, 2026

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package From To
@strapi/plugin-users-permissions 5.34.0 5.45.0
@strapi/strapi 5.34.0 5.46.1
brace-expansion 1.1.12 1.1.15
minimatch 3.1.2 3.1.5
@protobufjs/utf8 1.1.0 1.1.1
bn.js 4.12.0 4.12.3
path-to-regexp 0.1.12 0.1.13
fast-uri 3.0.3 3.1.2
flatted 3.3.3 3.4.2
picomatch 2.3.1 4.0.4
postcss 8.4.47 8.5.15
rollup 4.30.1 4.60.4
serialize-javascript 6.0.2 removed
webpack 5.94.0 5.107.2
yaml 1.10.2 1.10.3

Updates @strapi/plugin-users-permissions from 5.34.0 to 5.45.0

Release notes

Sourced from @​strapi/plugin-users-permissions's releases.

v5.45.0

5.45.0 (2026-05-06)

🚀 New feature

  • extended ctb api for plugins (ad7cb5d5d7)
  • sort based on publish status (#25689)
  • admin: api token supports admin permissions and admin user ownership (#25657)
  • content-manager: add Zod 4 foundation utilities (#25574)

🔥 Bug fix

  • issue with plugin content type uid (f768670d38)
  • style issues (2f42e5fe44)
  • opt out of the ct backup strategy for plugin content types (5936814932)
  • build errors (520ecfc6d5)
  • enforce minimum length (f2b6c2bcd0)
  • prevent trailing ? in URL when params is empty object (#25724, #25900)
  • dynamically update rate limit prefix key based on route (#24818)
  • admin: clean up lazy component registration warnings (#25015)
  • admin: type addMenuLink with optional Component for menu-only links (#26198)
  • content-manager: prevent crash on detached DZ component (#26148)
  • content-type-builder: preserve plugin CT identity in AI chat transform (0be48848fa)
  • database: run cleanOrderColumns updates sequentially (#26134)
  • database: run cleanOrderColumns updates sequentially (#26134)
  • review-workflows: implement incremental loading in assignee dropdown (#25967)
  • upload: sharp concurrency and cache leads to OOM (#26046)

❤️ Thank You

v5.44.0

5.44.0 (2026-04-29)

🚀 New feature

... (truncated)

Commits

Updates @strapi/strapi from 5.34.0 to 5.46.1

Release notes

Sourced from @​strapi/strapi's releases.

v5.46.1

5.46.1 (2026-05-20)

🔥 Bug fix

  • FK violation publishing self-relation parent & child in one release (#26147)
  • move session-manager jwt check from register to bootstrap (#25412)
  • admin: remove year 2041 limit on date/datetime pickers (#26209)
  • content-manager: fix getMainField context for component list/edit configure views (#25509, #26124)
  • database: respect nested sort in populate for join-table relations (#26361)
  • graphql: inherit publication state for i18n localizations (#22163)
  • migrations: guard inverseJoinColumn access in discard-drafts migration (#26331)
  • review-workflows: add assignee and review stage to list view filters (#26171)
  • review-workflows: message when single stage (#26229)
  • upgrade: use pnpm install when project prefers pnpm (#26246)
  • upgrade: align scoped @​strapi packages in devDependencies (#26248)

⚙️ Chore

  • sonarcloud security review (#25949)
  • deps: bump ip-address from 10.1.0 to 10.2.0 (#26222)
  • deps: bump @​protobufjs/utf8 from 1.1.0 to 1.1.1 (#26311)
  • deps: bump axios from 1.15.1 to 1.15.2 (#26177)
  • deps: bump fast-xml-builder from 1.1.4 to 1.2.0 (#26253)
  • deps: bump fast-uri from 3.0.1 to 3.1.2 (#26254)
  • eslint: migrate .eslintrc + .eslintignore to .eslintrc.cjs (#26216)

🚨 Security

  • deps: upgrade multiple dependencies (#26326)

❤️ Thank You

v5.46.0

5.46.0 (2026-05-13)

🚀 New feature

... (truncated)

Commits
  • 04ac8c3 release: 5.46.1
  • 83fec11 Merge remote-tracking branch 'origin/main' into develop
  • 7f34c4b release: 5.46.0
  • b5452ab chore(eslint): migrate .eslintrc + .eslintignore to .eslintrc.cjs (#26216)
  • a2c5ecb Merge remote-tracking branch 'origin/main' into develop
  • 9300041 release: 5.45.1
  • 216344e Merge branch 'develop' into feature/button-remove-trial-banner
  • 45a8e3b fix(admin): resolve prism is not defined (#25660)
  • 49951e0 Merge branch 'develop' into feature/button-remove-trial-banner
  • c5bc749 release: 5.45.0
  • Additional commits viewable in compare view

Updates @casl/ability from 6.5.0 to 6.7.5

Release notes

Sourced from @​casl/ability's releases.

@​casl/ability: v6.7.5

6.7.5 (2025-12-20)

Bug Fixes

  • ignores potentially insecure fields in rulesToFields (#1093) (39da920)

@​casl/ability@​6.7.3

6.7.3 (2025-01-05)

@​casl/ability@​6.7.2

6.7.2 (2024-10-30)

@​casl/ability@​6.7.1

6.7.1 (2024-03-27)

Bug Fixes

  • fixes path to extra submodule in package.json (#893) (90e1e66)

@​casl/ability@​6.7.0

6.7.0 (2024-02-23)

Features

  • refactors extra subpackage in casl/ability and adds AccessibleFields helper class (#883) (9d2ad70)

@​casl/ability@​6.6.0

6.6.0 (2024-02-23)

Features

  • adds possibility to auto detect subject type based on passed rules (#882) (4737fe2)
  • adds return type to 'rulesToQuery' based on return type from 'convert' param (#876) (379e130)
Changelog

Sourced from @​casl/ability's changelog.

6.7.5 (2025-12-20)

Bug Fixes

  • ignores potentially insecure fields in rulesToFields (#1093) (39da920)

6.7.4 (2025-01-05)

chore

  • deps: update react and removes old react and casl/ability support (major) (#998) (44d3f40)

BREAKING CHANGES

  • deps: now supports react ^17 and casl/ability ^4

6.7.3 (2025-01-05)

6.7.2 (2024-10-30)

6.7.1 (2024-03-27)

Bug Fixes

  • fixes path to extra submodule in package.json (#893) (90e1e66)

6.7.0 (2024-02-23)

Features

  • refactors extra subpackage in casl/ability and adds AccessibleFields helper class (#883) (9d2ad70)

6.6.0 (2024-02-23)

Features

  • adds possibility to auto detect subject type based on passed rules (#882) (4737fe2)
  • adds return type to 'rulesToQuery' based on return type from 'convert' param (#876) (379e130)

6.5.1 (2023-05-05)

Bug Fixes

... (truncated)

Commits
  • f8dfe32 chore: release @​casl/ability (#1105)
  • 7bfd1bc chore(deps): update dependency @​types/node to v24 (#1070)
  • 39da920 fix: ignores potentially insecure fields in rulesToFields (#1093)
  • b8083c7 test: migrates main ability tests to ts (#1092)
  • 8a28555 chore(deps): updates typescript and angular versions
  • de80268 chore: switch support chat to github discussions
  • 701e915 chore: replaces gitter with discord channel
  • da72860 chore(release): @​casl/ability@​6.7.4 [skip ci]
  • 44d3f40 chore(deps): update react and removes old react and casl/ability support (maj...
  • c1e9822 chore: fixes eslint config/code after upgrade
  • Additional commits viewable in compare view

Updates brace-expansion from 1.1.12 to 1.1.15

Release notes

Sourced from brace-expansion's releases.

v1.1.15

  • Backport v5.0.6 change to v1 (#111) 0b09384

juliangruber/brace-expansion@v1.1.14...v1.1.15

Commits

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates @protobufjs/utf8 from 1.1.0 to 1.1.1

Release notes

Sourced from @​protobufjs/utf8's releases.

protobufjs-cli: v1.1.1

1.1.1 (2023-02-02)

Bug Fixes

  • cli: fix relative path to Google pb files (#1859) (e42eea4)
Commits

Updates axios from 1.12.2 to 1.16.0

Release notes

Sourced from axios's releases.

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

  • Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (#10795)
  • Proxy requests now preserve user-supplied Host headers. Previously, the proxy path could overwrite a custom Host. Virtual-host-style routing through a proxy will now behave correctly. (#10822)
  • Basic auth credentials embedded in URLs are now URL-decoded. If you have percent-encoded credentials in a URL (e.g. https://user:p%40ss@host), the decoded value is what now goes on the wire. (#10825)
  • parseProtocol now strictly requires a colon in the protocol separator. Strings that loosely parsed as protocols before may no longer match. (#10729)
  • Deprecated unescape() replaced with modern UTF-8 encoding. Non-ASCII URL handling is now spec-correct; consumers depending on legacy unescape() quirks may see different output bytes. (#7378)
  • transformRequest input typing change was reverted. The typing change introduced in #10745 was reverted in #10810 after follow-up review — net behavior is unchanged from 1.15.2. (#10745, #10810)

🚀 New Features

  • QUERY HTTP Method: Added support for the QUERY HTTP method across adapters and type definitions. (#10802)
  • ECONNREFUSED Error Constant: Exposed ECONNREFUSED as a constant on AxiosError so callers can match connection-refused failures without comparing string literals (closes #6485). (#10680)
  • Encode Helper Export: Exported the internal encode helper from buildURL so userland param serializers can reuse the same encoding logic that axios uses internally. (#6897)

🐛 Bug Fixes

  • HTTP Adapter — Redirects & Headers: Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing requestDetails argument on beforeRedirect, preserved user-supplied Host headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (#10794, #10800, #6241, #10822, #10825)
  • HTTP Adapter — Streams & Timeouts: Preserved the partial response object on AxiosError when a stream is aborted after headers arrive, honoured the timeout option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and maxRedirects: 0. (#10708, #10819, #7149)
  • Fetch Adapter: Enforced maxBodyLength / maxContentLength in the fetch adapter, set the User-Agent header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a TypeError in restricted environments. (#10795, #10772, #10806, #7260)
  • XHR Adapter: Unsubscribed the cancelToken and AbortSignal listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (#10787)
  • Error Handling: Attached the parsed response to AxiosError when JSON.parse fails inside dispatchRequest, prevented settle from emitting undefined error codes, and tightened the parseProtocol regex to require a colon in the protocol separator. (#10724, #7276, #10729)
  • Types & Exports: Aligned the CommonJS CancelToken typings with the ESM build, fixed a compiler error caused by RawAxiosHeaders, and re-exported create from the package index. (#7414, #6389, #6460)
  • UTF-8 Encoding: Replaced the deprecated unescape() call with a modern UTF-8 encoding implementation. (#7378)
  • Misc Cleanup: Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (#10833)

🔧 Maintenance & Chores

  • Refactor — ES6 Modernisation: Modernised the utils module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (#10588, #7419)
  • Tests: Hardened the HTTP test server lifecycle to fix flaky FormData EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (#10820, #10791, #10796)
  • Docs: Documented paramsSerializer.encode for strict RFC 3986 query encoding, updated the parseReviver TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (#10821, #10782, #10759, #10804)
  • Reverted: Reverted the transformRequest input typing change from #10745 after follow-up review. (#10745, #10810)
  • Dependencies: Bumped actions/setup-node, the github-actions group, and postcss (in /docs) to their latest versions. (#10785, #10813, #10814)
  • Release: Updated changelog and packages, and prepared the 1.16.0 release. (#10790, #10834)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

... (truncated)

Changelog

Sourced from axios's changelog.

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

  • Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (#10795)
  • Proxy requests now preserve user-supplied Host headers. Previously, the proxy path could overwrite a custom Host. Virtual-host-style routing through a proxy will now behave correctly. (#10822)
  • Basic auth credentials embedded in URLs are now URL-decoded. If you have percent-encoded credentials in a URL (e.g. https://user:p%40ss@host), the decoded value is what now goes on the wire. (#10825)
  • parseProtocol now strictly requires a colon in the protocol separator. Strings that loosely parsed as protocols before may no longer match. (#10729)
  • Deprecated unescape() replaced with modern UTF-8 encoding. Non-ASCII URL handling is now spec-correct; consumers depending on legacy unescape() quirks may see different output bytes. (#7378)
  • transformRequest input typing change was reverted. The typing change introduced in #10745 was reverted in #10810 after follow-up review — net behavior is unchanged from 1.15.2. (#10745, #10810)

🚀 New Features

  • QUERY HTTP Method: Added support for the QUERY HTTP method across adapters and type definitions. (#10802)
  • ECONNREFUSED Error Constant: Exposed ECONNREFUSED as a constant on AxiosError so callers can match connection-refused failures without comparing string literals (closes #6485). (#10680)
  • Encode Helper Export: Exported the internal encode helper from buildURL so userland param serializers can reuse the same encoding logic that axios uses internally. (#6897)

🐛 Bug Fixes

  • HTTP Adapter — Redirects & Headers: Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing requestDetails argument on beforeRedirect, preserved user-supplied Host headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (#10794, #10800, #6241, #10822, #10825)
  • HTTP Adapter — Streams & Timeouts: Preserved the partial response object on AxiosError when a stream is aborted after headers arrive, honoured the timeout option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and maxRedirects: 0. (#10708, #10819, #7149)
  • Fetch Adapter: Enforced maxBodyLength / maxContentLength in the fetch adapter, set the User-Agent header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a TypeError in restricted environments. (#10795, #10772, #10806, #7260)
  • XHR Adapter: Unsubscribed the cancelToken and AbortSignal listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (#10787)
  • Error Handling: Attached the parsed response to AxiosError when JSON.parse fails inside dispatchRequest, prevented settle from emitting undefined error codes, and tightened the parseProtocol regex to require a colon in the protocol separator. (#10724, #7276, #10729)
  • Types & Exports: Aligned the CommonJS CancelToken typings with the ESM build, fixed a compiler error caused by RawAxiosHeaders, and re-exported create from the package index. (#7414, #6389, #6460)
  • UTF-8 Encoding: Replaced the deprecated unescape() call with a modern UTF-8 encoding implementation. (#7378)
  • Misc Cleanup: Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (#10833)

🔧 Maintenance & Chores

  • Refactor — ES6 Modernisation: Modernised the utils module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (#10588, #7419)
  • Tests: Hardened the HTTP test server lifecycle to fix flaky FormData EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (#10820, #10791, #10796)
  • Docs: Documented paramsSerializer.encode for strict RFC 3986 query encoding, updated the parseReviver TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (#10821, #10782, #10759, #10804)
  • Reverted: Reverted the transformRequest input typing change from #10745 after follow-up review. (#10745, #10810)
  • Dependencies: Bumped actions/setup-node, the github-actions group, and postcss (in /docs) to their latest versions. (#10785, #10813, #10814)
  • Release: Updated changelog and packages, and prepared the 1.16.0 release. (#10790, #10834)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

... (truncated)

Commits
  • df53d7d chore(release): prepare release 1.16.0 (#10834)
  • 9d92bcd fix: gadgets and smaller issues (#10833)
  • 5107ee6 fix: prevent undefined error codes in settle (#7276)
  • e573499 fix(fetch): defer global access in fetch adapter (#7260)
  • ad68e1a fix(http): honor timeout during connect without redirects (#10819)
  • 2a51828 fix(http): decode URL basic auth credentials (#10825)
  • 0e8b6bb fix(http): preserve user-supplied Host header when forwarding through a proxy...
  • 79f39e1 docs: document paramsSerializer.encode for strict RFC 3986 query encoding (#1...
  • 0fe3a5f [Docs/Types] Update parseReviver TypeScript definitions for ES2023 and add ...
  • cd6737f chore: matches the sibling responseStream.on(aborted) handler and added tests...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates bn.js from 4.12.0 to 4.12.3

Commits

Updates path-to-regexp from 0.1.12 to 0.1.13

Release notes

Sourced from path-to-regexp's releases.

0.1.13

Important

Full Changelog: pillarjs/path-to-regexp@v0.1.12...v.0.1.13

Changelog

Sourced from path-to-regexp's changelog.

0.1.13 / 2026-03-26

0.1.7 / 2015-07-28

  • Fixed regression with escaped round brackets and matching groups.

0.1.6 / 2015-06-19

  • Replace index feature by outputting all parameters, unnamed and named.

0.1.5 / 2015-05-08

  • Add an index property for position in match result.

0.1.4 / 2015-03-05

  • Add license information

0.1.3 / 2014-07-06

  • Better array support
  • Improved support for trailing slash in non-ending mode

0.1.0 / 2014-03-06

  • add options.end

0.0.2 / 2013-02-10

  • Update to match current express
  • add .license property to component.json
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for path-to-regexp since your current version.


Updates fast-uri from 3.0.3 to 3.1.2

Release notes

Sourced from fast-uri's releases.

v3.1.2

⚠️ Security Release

What's Changed

Full Changelog: fastify/fast-uri@v3.1.1...v3.1.2

v3.1.1

⚠️ Security Release

What's Changed

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 25 u…
1746887 
…pdates

Bumps the npm_and_yarn group with 15 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@strapi/plugin-users-permissions](https://github.com/strapi/strapi/tree/HEAD/packages/plugins/users-permissions) | `5.34.0` | `5.45.0` |
| [@strapi/strapi](https://github.com/strapi/strapi/tree/HEAD/packages/core/strapi) | `5.34.0` | `5.46.1` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |
| [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |
| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` |
| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |
| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.3` | `3.1.2` |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `4.0.4` |
| [postcss](https://github.com/postcss/postcss) | `8.4.47` | `8.5.15` |
| [rollup](https://github.com/rollup/rollup) | `4.30.1` | `4.60.4` |
| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |
| [webpack](https://github.com/webpack/webpack) | `5.94.0` | `5.107.2` |
| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |



Updates `@strapi/plugin-users-permissions` from 5.34.0 to 5.45.0
- [Release notes](https://github.com/strapi/strapi/releases)
- [Commits](https://github.com/strapi/strapi/commits/v5.45.0/packages/plugins/users-permissions)

Updates `@strapi/strapi` from 5.34.0 to 5.46.1
- [Release notes](https://github.com/strapi/strapi/releases)
- [Commits](https://github.com/strapi/strapi/commits/v5.46.1/packages/core/strapi)

Updates `@casl/ability` from 6.5.0 to 6.7.5
- [Release notes](https://github.com/stalniy/casl/releases)
- [Changelog](https://github.com/stalniy/casl/blob/master/packages/casl-ability/CHANGELOG.md)
- [Commits](https://github.com/stalniy/casl/commits/@casl/ability@6.7.5/packages/casl-ability)

Updates `brace-expansion` from 1.1.12 to 1.1.15
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.15)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `@protobufjs/utf8` from 1.1.0 to 1.1.1
- [Release notes](https://github.com/dcodeIO/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-cli-v1.1.0...fetch-v1.1.1)

Updates `axios` from 1.12.2 to 1.16.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.12.2...v1.16.0)

Updates `bn.js` from 4.12.0 to 4.12.3
- [Release notes](https://github.com/indutny/bn.js/releases)
- [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md)
- [Commits](indutny/bn.js@v4.12.0...v4.12.3)

Updates `path-to-regexp` from 0.1.12 to 0.1.13
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.12...v.0.1.13)

Updates `fast-uri` from 3.0.3 to 3.1.2
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.0.3...v3.1.2)

Updates `file-type` from 21.0.0 to 21.3.4
- [Release notes](https://github.com/sindresorhus/file-type/releases)
- [Commits](sindresorhus/file-type@v21.0.0...v21.3.4)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `follow-redirects` from 1.15.9 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.9...v1.16.0)

Updates `handlebars` from 4.7.7 to 4.7.9
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.7.7...v4.7.9)

Updates `tmp` from 0.0.33 to 0.2.7
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.0.33...v0.2.7)

Updates `koa` from 2.16.3 to 2.16.4
- [Release notes](https://github.com/koajs/koa/releases)
- [Changelog](https://github.com/koajs/koa/blob/master/History.md)
- [Commits](koajs/koa@v2.16.3...v2.16.4)

Updates `markdown-it` from 13.0.2 to 14.1.1
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@13.0.2...14.1.1)

Updates `picomatch` from 2.3.1 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...4.0.4)

Updates `postcss` from 8.4.47 to 8.5.15
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.47...8.5.15)

Updates `rollup` from 4.30.1 to 4.60.4
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.30.1...v4.60.4)

Removes `serialize-javascript`

Updates `tar` from 6.2.1 to 7.5.11
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.1...v7.5.11)

Updates `undici` from 6.23.0 to 6.25.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.23.0...v6.25.0)

Updates `webpack` from 5.94.0 to 5.107.2
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.94.0...v5.107.2)

Updates `yaml` from 1.10.2 to 1.10.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v1.10.2...v1.10.3)

---
updated-dependencies:
- dependency-name: "@strapi/plugin-users-permissions"
  dependency-version: 5.45.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@strapi/strapi"
  dependency-version: 5.46.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@casl/ability"
  dependency-version: 6.7.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.15
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@protobufjs/utf8"
  dependency-version: 1.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: bn.js
  dependency-version: 4.12.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 0.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: file-type
  dependency-version: 21.3.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 0.2.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: koa
  dependency-version: 2.16.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: markdown-it
  dependency-version: 14.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.15
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.60.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version:
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.25.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-version: 5.107.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 1.10.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants