Skip to content

build(deps): bump the npm_and_yarn group across 1 directory with 10 updates#278

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/osprey_ui/npm_and_yarn-65e07f6fd8
Closed

build(deps): bump the npm_and_yarn group across 1 directory with 10 updates#278
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/osprey_ui/npm_and_yarn-65e07f6fd8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 21, 2026

Bumps the npm_and_yarn group with 10 updates in the /osprey_ui directory:

Package From To
@sentry/browser 5.12.1 7.119.1
highcharts 8.1.0 12.6.0
brace-expansion 1.1.12 2.1.0
js-yaml 3.14.1 4.1.1
path-to-regexp 0.1.12 1.9.0
fast-uri 3.1.0 3.1.2
flatted 3.3.3 3.4.2
immutable 5.1.3 5.1.5
moment 2.24.0 2.30.1
picomatch 2.3.1 2.3.2

Updates @sentry/browser from 5.12.1 to 7.119.1

Changelog

Sourced from @​sentry/browser's changelog.

7.119.1

  • fix(browser/v7): Ensure wrap() only returns functions (#13838 backport)

Work in this release contributed by @​legobeat. Thank you for your contribution!

7.119.0

  • backport(tracing): Report dropped spans for transactions (#13343)

7.118.0

  • fix(v7/bundle): Ensure CDN bundles do not overwrite window.Sentry (#12579)

7.117.0

  • feat(browser/v7): Publish browserprofling CDN bundle (#12224)
  • fix(v7/publish): Add v7 tag to @sentry/replay (#12304)

7.116.0

  • build(craft): Publish lambda layer under its own name for v7 (#12098) (#12099)

This release publishes a new AWS Lambda layer under the name SentryNodeServerlessSDKv7 that users still running v7 can use instead of pinning themselves to SentryNodeServerlessSDK:235.

7.115.0

  • feat(v7): Add support for global onUnhandled Error/Promise for Bun (#11959)
  • fix(replay/v7): Fix user activity not being updated in start() (#12003)
  • ref(api): Remove lastEventId deprecation warnings (#12042)

7.114.0

Important Changes

  • fix(browser/v7): Continuously record CLS (#11935)

This release fixes a bug that caused the cumulative layout shift (CLS) web vital not to be reported in a majority of the cases where it should have been reported. With this change, the CLS web vital should now always be reported for pageloads with layout shift. If a pageload did not have layout shift, no CLS web vital should be reported.

Please note that upgrading the SDK to this version may cause data in your dashboards to drastically change.

Other Changes

  • build(aws-lambda/v7): Turn off lambda layer publishing (#11875)
  • feat(v7): Add tunnel support to multiplexed transport (#11851)
  • fix(opentelemetry-node): support HTTP_REQUEST_METHOD attribute (#11929)
  • fix(react/v7): Fix react router v4/v5 span names (#11940)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by sentry-bot, a new releaser for @​sentry/browser since your current version.


Updates highcharts from 8.1.0 to 12.6.0

Commits
  • 6abaa7e v12.6.0
  • 3c77d12 Fixed license typo in README.md
  • 17b0fe1 Added missing LICENSE.txt.
  • f1e20dd v12.5.0
  • d98efa4 Merge pull request #27 from hubertkozik/chore/license-info
  • 8692a7b Merge branch 'master' into chore/license-info
  • aa997e2 Added LICENSE.md and updated license info.
  • 6ea62bd Removed bundled 3rd party libs.
  • 9206769 CodeQL
  • b390574 Merge pull request #25 from highcharts/enhancement/readme
  • Additional commits viewable in compare view

Updates brace-expansion from 1.1.12 to 2.1.0

Release notes

Sourced from brace-expansion's releases.

v2.0.2

  • pkg: publish on tag 2.x 14f1d91
  • fmt ed7780a
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

juliangruber/brace-expansion@v2.0.1...v2.0.2

Commits

Updates js-yaml from 3.14.1 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.
  • Added replacer option (similar to option in JSON.stringify), #339.
  • Custom Tag can now handle all tags or multiple tags with the same prefix, #385.

Fixed

... (truncated)

Commits

Updates path-to-regexp from 0.1.12 to 1.9.0

Release notes

Sourced from path-to-regexp's releases.

0.1.13

Important

Full Changelog: pillarjs/path-to-regexp@v0.1.12...v.0.1.13

Changelog

Sourced from path-to-regexp's changelog.

Moved to GitHub Releases

3.0.0 / 2019-01-13

  • Always use prefix character as delimiter token, allowing any character to be a delimiter (e.g. /:att1-:att2-:att3-:att4-:att5)
  • Remove partial support, prefer escaping the prefix delimiter explicitly (e.g. \\/(apple-)?icon-:res(\\d+).png)

2.4.0 / 2018-08-26

  • Support start option to disable anchoring from beginning of the string

2.3.0 / 2018-08-20

  • Use delimiter when processing repeated matching groups (e.g. foo/bar has no prefix, but has a delimiter)

2.2.1 / 2018-04-24

  • Allow empty string with end: false to match both relative and absolute paths

2.2.0 / 2018-03-06

  • Pass token as second argument to encode option (e.g. encode(value, token))

2.1.0 / 2017-10-20

  • Handle non-ending paths where the final character is a delimiter
    • E.g. /foo/ before required either /foo/ or /foo// to match in non-ending mode

2.0.0 / 2017-08-23

  • New option! Ability to set endsWith to match paths like /test?query=string up to the query string
  • New option! Set delimiters for specific characters to be treated as parameter prefixes (e.g. /:test)
  • Remove isarray dependency
  • Explicitly handle trailing delimiters instead of trimming them (e.g. /test/ is now treated as /test/ instead of /test when matching)
  • Remove overloaded keys argument that accepted options
  • Remove keys list attached to the RegExp output
  • Remove asterisk functionality (it's a real pain to properly encode)
  • Change tokensToFunction (e.g. compile) to accept an encode function for pretty encoding (e.g. pass your own implementation)

1.7.0 / 2016-11-08

  • Allow a delimiter option to be passed in with tokensToRegExp which will be used for "non-ending" token match situations

1.6.0 / 2016-10-03

  • Populate RegExp.keys when using the tokensToRegExp method (making it consistent with the main export)
  • Allow a delimiter option to be passed in with parse
  • Updated TypeScript definition with Keys and Options updated

1.5.3 / 2016-06-15

... (truncated)

Commits

Updates fast-uri from 3.1.0 to 3.1.2

Release notes

Sourced from fast-uri's releases.

v3.1.2

⚠️ Security Release

What's Changed

Full Changelog: fastify/fast-uri@v3.1.1...v3.1.2

v3.1.1

⚠️ Security Release

What's Changed

New Contributors

Full Changelog: fastify/fast-uri@v3.1.0...v3.1.1

Commits
  • 919dd8e Bumped v3.1.2
  • c65ba57 fixup: linting
  • 6c86c17 Merge commit from fork
  • a95158a Handle malformed fragment decoding without throwing (#171)
  • cea547c Bumped v3.1.1
  • 876ce79 Merge commit from fork
  • dcdf690 ci: add lock-threads workflow (#169)
  • c860e65 build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)
  • 9b4c6dc build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#166)
  • 85d09a9 build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...
  • Additional commits viewable in compare view

Updates flatted from 3.3.3 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates immutable from 5.1.3 to 5.1.5

Release notes

Sourced from immutable's releases.

v5.1.5

What's Changed

Full Changelog: immutable-js/immutable-js@v5.1.4...v5.1.5

v5.1.4

What's Changed

Documentation

Internal

New Contributors

Full Changelog: immutable-js/immutable-js@v5.1.3...v5.1.4

Changelog

Sourced from immutable's changelog.

5.1.5

  • Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

5.1.4

Documentation

Internal

Commits
  • b37b855 5.1.5
  • 16b3313 Merge commit from fork
  • fd2ef49 fix new proto key injection
  • 6734b7b fix Prototype Pollution in mergeDeep, toJS, etc.
  • 6f772de Merge pull request #2175 from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0
  • 5f3dc61 Bump rollup from 4.34.8 to 4.59.0
  • 049a594 Merge pull request #2173 from immutable-js/dependabot/npm_and_yarn/lodash-4.1...
  • 2481a77 Merge pull request #2172 from mrazauskas/update-tstyche
  • eb04779 Bump lodash from 4.17.21 to 4.17.23
  • b973bf3 format
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for immutable since your current version.


Updates moment from 2.24.0 to 2.30.1

Changelog

Sourced from moment's changelog.

2.30.1

2.30.0 Full changelog

  • Release Dec 26, 2023

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

... (truncated)

Commits

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 10 u…
bfe781d 
…pdates

Bumps the npm_and_yarn group with 10 updates in the /osprey_ui directory:

| Package | From | To |
| --- | --- | --- |
| [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `5.12.1` | `7.119.1` |
| [highcharts](https://github.com/highcharts/highcharts-dist) | `8.1.0` | `12.6.0` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `2.1.0` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `4.1.1` |
| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `1.9.0` |
| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |
| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.3` | `5.1.5` |
| [moment](https://github.com/moment/moment) | `2.24.0` | `2.30.1` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |



Updates `@sentry/browser` from 5.12.1 to 7.119.1
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.119.1/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@5.12.1...7.119.1)

Updates `highcharts` from 8.1.0 to 12.6.0
- [Commits](highcharts/highcharts-dist@v8.1.0...v12.6.0)

Updates `brace-expansion` from 1.1.12 to 2.1.0
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v1.1.12...v2.1.0)

Updates `js-yaml` from 3.14.1 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...4.1.1)

Updates `path-to-regexp` from 0.1.12 to 1.9.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.12...v1.9.0)

Updates `fast-uri` from 3.1.0 to 3.1.2
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.1.0...v3.1.2)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `immutable` from 5.1.3 to 5.1.5
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](immutable-js/immutable-js@v5.1.3...v5.1.5)

Updates `moment` from 2.24.0 to 2.30.1
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.24.0...2.30.1)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 7.119.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: highcharts
  dependency-version: 12.6.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 2.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 1.9.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: immutable
  dependency-version: 5.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: moment
  dependency-version: 2.30.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
@dependabot dependabot Bot requested review from a team, EXBreder, ayubun, haileyok and vinaysrao1 as code owners May 21, 2026 00:24
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 22, 2026

Superseded by #285.

@dependabot dependabot Bot closed this May 22, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/osprey_ui/npm_and_yarn-65e07f6fd8 branch May 22, 2026 05:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ayubun ayubun Awaiting requested review from ayubun ayubun is a code owner

@EXBreder EXBreder Awaiting requested review from EXBreder EXBreder is a code owner

@haileyok haileyok Awaiting requested review from haileyok haileyok is a code owner

@vinaysrao1 vinaysrao1 Awaiting requested review from vinaysrao1 vinaysrao1 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants