chore(deps): bump the major-updates group across 1 directory with 10 updates by dependabot[bot] · Pull Request #45 · forbiddenlink/skill-mapper

dependabot · 2026-06-09T17:47:43Z

Bumps the major-updates group with 10 updates in the / directory:

Package	From	To
@vercel/analytics	`1.6.1`	`2.0.1`
@vercel/speed-insights	`1.3.1`	`2.0.0`
lucide-react	`0.562.0`	`1.14.0`
@vitejs/plugin-react	`4.7.0`	`6.0.1`
@vitest/browser	`1.6.1`	`4.1.5`
@vitest/coverage-v8	`1.6.1`	`4.1.5`
@vitest/ui	`1.6.1`	`4.1.5`
eslint	`9.39.4`	`10.3.0`
jsdom	`24.1.3`	`29.1.1`
vitest	`1.6.1`	`4.1.5`

Updates @vercel/analytics from 1.6.1 to 2.0.1

Release notes

Sourced from @vercel/analytics's releases.

v2.0.1

What's Changed

fix(nuxt): set nuxt as optional dependency by @CHC383 in vercel/analytics#193

New Contributors

@CHC383 made their first contribution in vercel/analytics#193

Full Changelog: vercel/analytics@v2.0.0...v2.0.1

v2.0.0

What's Changed

Breaking Changes

License changed from MPL-2.0 to MIT (#170)

Nuxt: introduce module support. If you need to configure it, load injectAnalytics() from @vercel/analytics/nuxt/runtime (#183)

Features

feat: load dynamic configuration (#184) — analytics config can now be loaded dynamically

Bug Fixes

fix: src and endpoint paths do not work when relative (#186)

Full Changelog: vercel/speed-insights@1.6.1...2.0.0

v2.0.0-canary.1

Canary release for testing 2.0.0 changes

Commits

0d69416 chore: bump version to v2.0.1 (#195)
c7f3c37 fix(nuxt): set nuxt as optional dependency (#193)
c3e3805 chore: bump version to v2.0.0
425a797 chore: bump version to v2.0.0-canary.1
22888e3 fix: src and endpoint paths do not work when relative (#186)
3879f57 feat: load dynamic configuration (#184)
95f8914 feat(nuxt)!: Add support for injectAnalytics() and Nuxt module (#183)
e407489 feat!: change license to MIT (#170)
See full diff in compare view

Updates @vercel/speed-insights from 1.3.1 to 2.0.0

Release notes

Sourced from @vercel/speed-insights's releases.

v2.0.0

What's Changed

Breaking Changes

License changed from Apache-2.0 to MIT (#111)

Nuxt: introduce module support (#110). In case you need to configure it, load injectSpeedInsights() from @vercel/speed-insights/nuxt/runtime

Features

feat: load dynamic configuration (#112) — speed insights config can now be loaded dynamically

Full Changelog: vercel/speed-insights@1.3.1...2.0.0

v2.0.0-canary.1

Canary release for testing 2.0.0 changes

1.5.0-canary.4

What's Changed

fix: next/jest does not support import.meta by @feugy in vercel/speed-insights#91

Full Changelog: vercel/speed-insights@1.2.0-canary.3...1.5.0-canary.4

Commits

828d10c chore: bump version to v2.0.0
15cb241 chore: bump version to v2.0.0-canary.1
b10a09c feat: load dynamic configuration (#112)
c6f4e37 feat(nuxt)!: Add support for injectSpeedInsights() and Nuxt module (#110)
See full diff in compare view

Updates lucide-react from 0.562.0 to 1.14.0

Release notes

Sourced from lucide-react's releases.

Version 1.14.0

What's Changed

feat(icons): added repeat-off icon by @jguddas in lucide-icons/lucide#3102

Full Changelog: lucide-icons/lucide@1.13.0...1.14.0

Version 1.13.0

What's Changed

fix(docs): sync URL params with UI state on categories page by @taimar in lucide-icons/lucide#4111

feat(icons): add waves-vertical icon by @jamiemlaw in lucide-icons/lucide#3867

Full Changelog: lucide-icons/lucide@1.12.0...1.13.0

Version 1.12.0

What's Changed

feat(icon): add folder-bookmark icon by @swastik7805 in lucide-icons/lucide#4262

docs(readme): Update readme files by @ericfennis in lucide-icons/lucide#4320

feat(icons): added astroid icon by @whoisBugsbunny in lucide-icons/lucide#4217

Full Changelog: lucide-icons/lucide@1.10.0...1.12.0

Version 1.11.0

What's Changed

docs: add missing period to TypeScript Support description by @jglu in lucide-icons/lucide#4309

fix(@lucide/svelte): proper doc comments for svelte components by @blt-r in lucide-icons/lucide#4267

chore(deps): bump svgo from 3.3.2 to 3.3.3 by @dependabot[bot] in lucide-icons/lucide#4119

chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @dependabot[bot] in lucide-icons/lucide#4310

feat(icons): add power and quick tags to zap and zap-off by @swastik7805 in lucide-icons/lucide#4268

test(build-font): added comprehensive unit tests on build-font tool by @karsa-mistmere in lucide-icons/lucide#4315

feat(docs): blur background of framework-select by @Spleefies in lucide-icons/lucide#4238

feat(icon): add heart-x icon by @swastik7805 in lucide-icons/lucide#4264

fix(icons): optimised rotate-3d icon by @jamiemlaw in lucide-icons/lucide#4299

feat(icons): added layers-minus icon by @Spleefies in lucide-icons/lucide#4005

feat(icons): added bell-check icon by @pettelau in lucide-icons/lucide#4152

New Contributors

@jglu made their first contribution in lucide-icons/lucide#4309

@pettelau made their first contribution in lucide-icons/lucide#4152

Full Changelog: lucide-icons/lucide@1.9.0...1.11.0

Version 1.10.0

What's Changed

docs: add missing period to TypeScript Support description by @jglu in lucide-icons/lucide#4309

fix(@lucide/svelte): proper doc comments for svelte components by @blt-r in lucide-icons/lucide#4267

chore(deps): bump svgo from 3.3.2 to 3.3.3 by @dependabot[bot] in lucide-icons/lucide#4119

chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @dependabot[bot] in lucide-icons/lucide#4310

... (truncated)

Commits

50d8af5 docs(readme): Update readme files (#4320)
653e44b feat(packages): use .mjs for ESM bundles (#4285)
7623e23 feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...
dada0a8 fix(lucide-react): Fix dynamic imports (#4210)
a6e648a fix(lucide-react): correct client directives in RSC files (#4189)
1f010a3 fix(lucide-react): Fixes provider export and RSC render issues (#4175)
484f2c9 docs(version-1): Version 1 website (#4142)
a0e202d feat(packages/angular): add new @lucide/angular package (#3897)
c5b155e Merge branch 'main' of https://github.com/lucide-icons/lucide into next
f6c0d06 chore(deps): bump rollup from 4.53.3 to 4.59.0 (#4106)
Additional commits viewable in compare view

Updates @vitejs/plugin-react from 4.7.0 to 6.0.1

Release notes

Sourced from @vitejs/plugin-react's releases.

plugin-react@6.0.1

Expand @rolldown/plugin-babel peer dep range (#1146)

Expanded @rolldown/plugin-babel peer dep range to include ^0.2.0.

plugin-react@6.0.0

Remove Babel Related Features (#1123)

Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.

If you are using Babel, you can use @rolldown/plugin-babel together with this plugin:
 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [


react({



  babel: {



    plugins: ['@babel/plugin-proposal-throw-expressions'],



  },



}),





react(),



babel({



  plugins: ['@babel/plugin-proposal-throw-expressions'],



}),

]
})
For React compiler users, you can use reactCompilerPreset for easier setup with preconfigured filter to improve build performance:
 import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [

react({

 babel: {



   plugins: ['babel-plugin-react-compiler'],



 },


}),


react(),
babel({

 presets: [reactCompilerPreset()]



</tr></table>

... (truncated)

Changelog

Sourced from @vitejs/plugin-react's changelog.

6.0.1 (2026-03-13)

Expand @rolldown/plugin-babel peer dep range (#1146)

Expanded @rolldown/plugin-babel peer dep range to include ^0.2.0.

6.0.0 (2026-03-12)

6.0.0-beta.0 (2026-03-03)

Remove Babel Related Features (#1123)

Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.

If you are using Babel, you can use @rolldown/plugin-babel together with this plugin:
 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [


react({



  babel: {



    plugins: ['@babel/plugin-proposal-throw-expressions'],



  },



}),





react(),



babel({



  plugins: ['@babel/plugin-proposal-throw-expressions'],



}),

]
})
For React compiler users, you can use reactCompilerPreset for easier setup with preconfigured filter to improve build performance:
 import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [

react({

 babel: {



   plugins: ['babel-plugin-react-compiler'],



 },



</tr></table>

... (truncated)

Commits

1e94c06 release: plugin-react@6.0.1
77c00c0 feat(plugin-react): expand @rolldown/plugin-babel peer dep range (#1146)
dcc9012 release: plugin-react@6.0.0
3a17886 docs: add a link to the Oxlint rule for component exports alongside the ESLin...
f812135 fix(deps): update all non-major dependencies (#1140)
a0329a0 docs(react): clarify react compiler preset filter (#1137)
704e0d3 release: plugin-react@6.0.0-beta.0
ac16acc feat(react)!: remove babel (#1123)
f01b30c fix(deps): update all non-major dependencies (#1127)
b1014bd chore(react): add changelog for #1124
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @vitejs/plugin-react since your current version.

Updates @vitest/browser from 1.6.1 to 4.1.5

Release notes

Sourced from @vitest/browser's releases.

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

coverage:

Default to text reporter skipFull if agent detected - by @hi-ogawa in vitest-dev/vitest#10018 (53757)

experimental:

Expose assertion as a public field - by @sheremet-va in vitest-dev/vitest#10095 (a120e)

Support aria snapshot - by @hi-ogawa, Claude Opus 4.6 (1M context), @AriPerkkio, Codex and @sheremet-va in vitest-dev/vitest#9668 (d4fbb)

reporter:

Add filterMeta option to json reporter - by @nami8824 and @sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

Use "black" foreground for labeled terminal message to ensure contrast - by @hi-ogawa in vitest-dev/vitest#10076 (203f0)

Make expect(..., message) consistent as error message prefix - by @hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)

Do not hoist imports whose names match class properties . - by @SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)

browser: Spread user server options into browser Vite server in project - by @GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

Add experimental.preParse flag - by @sheremet-va in vitest-dev/vitest#10070 (78273)

Support browser.locators.exact option - by @sheremet-va in vitest-dev/vitest#10013 (48799)

Add TestAttachment.bodyEncoding - by @hi-ogawa in vitest-dev/vitest#9969 (89ca0)

Support custom snapshot matcher - by @hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

... (truncated)

Commits

e399846 chore: release v4.1.5
ac04bac chore: release v4.1.4
d4fbb5c feat(experimental): support aria snapshot (#9668)
65c9d55 fix(browser): spread user server options into browser Vite server in project ...
2dc0d62 chore: release v4.1.3
487990a feat(experimental): support browser.locators.exact option (#10013)
66751c9 fix(expect): remove JestExtendError.context from verbose error reporting (#...
fc6f482 chore: release v4.1.2
faace1f fix(browser): take failure screenshot if toMatchScreenshot can't capture a ...
f54abad chore: add typo-checker skill and fix typos (#9963)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @vitest/browser since your current version.

Updates @vitest/coverage-v8 from 1.6.1 to 4.1.5

Release notes

Sourced from @vitest/coverage-v8's releases.

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

coverage:

Default to text reporter skipFull if agent detected - by @hi-ogawa in vitest-dev/vitest#10018 (53757)

experimental:

Expose assertion as a public field - by @sheremet-va in vitest-dev/vitest#10095 (a120e)

Support aria snapshot - by @hi-ogawa, Claude Opus 4.6 (1M context), @AriPerkkio, Codex and @sheremet-va in vitest-dev/vitest#9668 (d4fbb)

reporter:

Add filterMeta option to json reporter - by @nami8824 and @sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

Use "black" foreground for labeled terminal message to ensure contrast - by @hi-ogawa in vitest-dev/vitest#10076 (203f0)

Make expect(..., message) consistent as error message prefix - by @hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)

Do not hoist imports whose names match class properties . - by @SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)

browser: Spread user server options into browser Vite server in project - by @GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

Add experimental.preParse flag - by @sheremet-va in vitest-dev/vitest#10070 (78273)

Support browser.locators.exact option - by @sheremet-va in vitest-dev/vitest#10013 (48799)

Add TestAttachment.bodyEncoding - by @hi-ogawa in vitest-dev/vitest#9969 (89ca0)

Support custom snapshot matcher - by @hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

... (truncated)

Commits

e399846 chore: release v4.1.5
ac04bac chore: release v4.1.4
2dc0d62 chore: release v4.1.3
fc6f482 chore: release v4.1.2
1f2d318 chore: release v4.1.1
aaf9f18 fix(coverage): simplify provider types (#9931)
4150b91 chore: release v4.1.0
0c2c013 chore: release v4.1.0-beta.6
689a22a fix(browser): types of getCDPSession and cdp() (#9716)
94eb73b chore(deps): update eslint packages (#9615)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @vitest/coverage-v8 since your current version.

Updates @vitest/ui from 1.6.1 to 4.1.5

Release notes

Sourced from @vitest/ui's releases.

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

coverage:

Default to text reporter skipFull if agent detected - by @hi-ogawa in vitest-dev/vitest#10018 (53757)

experimental:

Expose assertion as a public field - by @sheremet-va in vitest-dev/vitest#10095 (a120e)

Support aria snapshot - by @hi-ogawa, Claude Opus 4.6 (1M context), @AriPerkkio, Codex and @sheremet-va in vitest-dev/vitest#9668 (d4fbb)

reporter:

Add filterMeta option to json reporter - by @nami8824 and @sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

Use "black" foreground for labeled terminal message to ensure contrast - by @hi-ogawa in vitest-dev/vitest#10076 (203f0)

Make expect(..., message) consistent as error message prefix - by @hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)

Do not hoist imports whose names match class properties . - by @SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)

browser: Spread user server options into browser Vite server in project - by @GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

Add experimental.preParse flag - by @sheremet-va in vitest-dev/vitest#10070 (78273)

Support browser.locators.exact option - by @sheremet-va in vitest-dev/vitest#10013 (48799)

Add TestAttachment.bodyEncoding - by @hi-ogawa in vitest-dev/vitest#9969 (89ca0)

Support custom snapshot matcher - by @hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

... (truncated)

Commits

e399846 chore: release v4.1.5
596f739 fix: project color label on html reporter (#10142)
f1b1f6c fix(ui): fix jsx/tsx syntax highlight (#10152)
ac04bac chore: release v4.1.4
d4fbb5c feat(experimental): support aria snapshot (#9668)
2dc0d62 chore: release v4.1.3
89ca0e2 feat(experimental): add TestAttachment.bodyEncoding (

…updates Bumps the major-updates group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@vercel/analytics](https://github.com/vercel/analytics/tree/HEAD/packages/web) | `1.6.1` | `2.0.1` | | [@vercel/speed-insights](https://github.com/vercel/speed-insights/tree/HEAD/packages/web) | `1.3.1` | `2.0.0` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.562.0` | `1.14.0` | | [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `4.7.0` | `6.0.1` | | [@vitest/browser](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser) | `1.6.1` | `4.1.5` | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `1.6.1` | `4.1.5` | | [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui) | `1.6.1` | `4.1.5` | | [eslint](https://github.com/eslint/eslint) | `9.39.4` | `10.3.0` | | [jsdom](https://github.com/jsdom/jsdom) | `24.1.3` | `29.1.1` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `1.6.1` | `4.1.5` | Updates `@vercel/analytics` from 1.6.1 to 2.0.1 - [Release notes](https://github.com/vercel/analytics/releases) - [Commits](https://github.com/vercel/analytics/commits/v2.0.1/packages/web) Updates `@vercel/speed-insights` from 1.3.1 to 2.0.0 - [Release notes](https://github.com/vercel/speed-insights/releases) - [Commits](https://github.com/vercel/speed-insights/commits/v2.0.0/packages/web) Updates `lucide-react` from 0.562.0 to 1.14.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/1.14.0/packages/lucide-react) Updates `@vitejs/plugin-react` from 4.7.0 to 6.0.1 - [Release notes](https://github.com/vitejs/vite-plugin-react/releases) - [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.1/packages/plugin-react) Updates `@vitest/browser` from 1.6.1 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/browser) Updates `@vitest/coverage-v8` from 1.6.1 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/coverage-v8) Updates `@vitest/ui` from 1.6.1 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/ui) Updates `eslint` from 9.39.4 to 10.3.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v9.39.4...v10.3.0) Updates `jsdom` from 24.1.3 to 29.1.1 - [Release notes](https://github.com/jsdom/jsdom/releases) - [Commits](jsdom/jsdom@v24.1.3...v29.1.1) Updates `vitest` from 1.6.1 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest) --- updated-dependencies: - dependency-name: "@vercel/analytics" dependency-version: 2.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major-updates - dependency-name: "@vercel/speed-insights" dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major-updates - dependency-name: lucide-react dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major-updates - dependency-name: "@vitejs/plugin-react" dependency-version: 6.0.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: "@vitest/browser" dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: "@vitest/ui" dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: eslint dependency-version: 10.3.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: jsdom dependency-version: 29.1.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates - dependency-name: vitest dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-major dependency-group: major-updates ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-06-09T17:47:47Z

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
skill-mapper	Ignored	Preview	Jun 9, 2026 5:47pm

socket-security · 2026-06-09T17:48:49Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@vitest/browser@4.1.5
	@vitest/ui@4.1.5
	@vitest/coverage-v8@4.1.5
	jsdom@29.1.1
	@vercel/analytics@2.0.1
	@vercel/speed-insights@2.0.0
	@vitejs/plugin-react@6.0.1
	eslint@9.39.4 ⏵ 10.3.0	⁺¹

View full report

socket-security · 2026-06-09T17:48:51Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Critical CVE: Vitest browser mode serves unsanitized otelCarrier query parameter as inline script in npm `@vitest/browser` CVE: GHSA-2h32-95rg-cppp Vitest browser mode serves unsanitized otelCarrier query parameter as inline script (CRITICAL) Affected versions: >= 4.0.17 < 4.1.6; >= 5.0.0-beta.0 < 5.0.0-beta.3 Patched version: 4.1.6 From: package.json → `npm/@vitest/browser@4.1.5` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@vitest/browser@4.1.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `css-tree` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/jsdom@29.1.1` → `npm/css-tree@3.2.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/css-tree@3.2.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `data-urls` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/jsdom@29.1.1` → `npm/data-urls@7.0.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/data-urls@7.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `jsdom` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → `npm/jsdom@29.1.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/jsdom@29.1.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `jsdom` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → `npm/jsdom@29.1.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/jsdom@29.1.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 9, 2026

dependabot Bot mentioned this pull request Jun 9, 2026

chore(deps-dev): bump jsdom from 24.1.3 to 29.1.1 #35

Closed

forbiddenlink merged commit 52986ee into main Jun 9, 2026
4 of 7 checks passed

forbiddenlink deleted the dependabot/npm_and_yarn/major-updates-5f5acb35be branch June 9, 2026 18:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the major-updates group across 1 directory with 10 updates#45

chore(deps): bump the major-updates group across 1 directory with 10 updates#45
forbiddenlink merged 1 commit into
mainfrom
dependabot/npm_and_yarn/major-updates-5f5acb35be

dependabot Bot commented on behalf of github Jun 9, 2026

Uh oh!

vercel Bot commented Jun 9, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jun 9, 2026

v2.0.1

What's Changed

New Contributors

v2.0.0

What's Changed

Breaking Changes

Features

Bug Fixes

v2.0.0-canary.1

v2.0.0

What's Changed

Breaking Changes

Features

v2.0.0-canary.1

1.5.0-canary.4

What's Changed

Version 1.14.0

What's Changed

Version 1.13.0

What's Changed

Version 1.12.0

What's Changed

Version 1.11.0

What's Changed

New Contributors

Version 1.10.0

What's Changed

plugin-react@6.0.1

Expand @rolldown/plugin-babel peer dep range (#1146)

plugin-react@6.0.0

Remove Babel Related Features (#1123)

6.0.1 (2026-03-13)

Expand @rolldown/plugin-babel peer dep range (#1146)

6.0.0 (2026-03-12)

6.0.0-beta.0 (2026-03-03)

Remove Babel Related Features (#1123)

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.4

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.3

🚀 Experimental Features

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.4

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.3

🚀 Experimental Features

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.4

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.3

🚀 Experimental Features

Uh oh!

vercel Bot commented Jun 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Expand `@rolldown/plugin-babel` peer dep range (#1146)

Expand `@rolldown/plugin-babel` peer dep range (#1146)

vercel Bot commented Jun 9, 2026 •

edited

Loading