[PR #1848] Bump the dev-minor-updates group across 1 directory with 3 updates #1249

New Issue

GiteaMirror · 2025-11-13T12:21:25-06:00

GiteaMirror commented

2025-11-13 12:21:25 -06:00

📋 Pull Request Information

Original PR: https://github.com/fosrl/pangolin/pull/1848
Author: @dependabot[bot]
Created: 11/12/2025
Status: 🔄 Open

Base: main ← Head: dependabot/npm_and_yarn/dev-minor-updates-040abfaff9

📝 Commits (1)

fc22f2f Bump the dev-minor-updates group across 1 directory with 3 updates

📊 Changes

2 files changed (+8764 additions, -7312 deletions)

View changed files

📝 package-lock.json (+8761 -7309)
📝 package.json (+3 -3)

📄 Description

Bumps the dev-minor-updates group with 3 updates in the / directory: @types/node, esbuild and esbuild-node-externals.

Updates @types/node from 24.9.2 to 24.10.1

Commits

See full diff in compare view

Updates esbuild from 0.25.12 to 0.27.0

Release notes

Sourced from esbuild's releases.

v0.27.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

Use Uint8Array.fromBase64 if available (#4286)

With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

Update the Go compiler from v1.23.12 to v1.25.4 (#4208, #4311)

This raises the operating system requirements for running esbuild:

Linux: now requires a kernel version of 3.2 or later

macOS: now requires macOS 12 (Monterey) or later

v0.26.0

Enable trusted publishing (#4281)

GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

Changelog

Sourced from esbuild's changelog.

0.27.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

Use Uint8Array.fromBase64 if available (#4286)

With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

Update the Go compiler from v1.23.12 to v1.25.4 (#4208, #4311)

This raises the operating system requirements for running esbuild:

Linux: now requires a kernel version of 3.2 or later

macOS: now requires macOS 12 (Monterey) or later

0.26.0

Enable trusted publishing (#4281)

GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

Commits

2b91699 publish 0.27.0 to npm
22b425c fix #4286: use Uint8Array.fromBase64 if present (#4295)
6d187ef update go 1.25.3 => 1.25.4
9d0d4e7 update go 1.23.12 => 1.25.3 (#4318)
b6979d8 use a patched go compiler for release builds
893d2b9 delete temporary release.yml workflow
cee3918 add a temporary release.yml workflow
f5bb1d6 fix publish.yml
17ff82b publish 0.26.0 to npm
f87181f enable trusted publishing (#4319)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.

Updates esbuild-node-externals from 1.18.0 to 1.19.1

Release notes

Sourced from esbuild-node-externals's releases.

esbuild-node-externals: v1.19.1

1.19.1 (2025-11-11)

Bug Fixes

fix ci release-please config (#79) (8270e78)

Commits

694d44f chore(main): release esbuild-node-externals 1.19.1 (#80)
ee37a7e ci: add release-please bootstrap-sha
8270e78 fix: fix ci release-please config (#79)
3fd589c chore(main): release 1.19.0 (#78)
2cf8d4e feat: add esbuild 0.26, 0.27 to the allowed range (#77)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/pangolin/pull/1848 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 11/12/2025 **Status:** 🔄 Open **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/dev-minor-updates-040abfaff9` --- ### 📝 Commits (1) - [`fc22f2f`](https://github.com/fosrl/pangolin/commit/fc22f2f3d7f6da547bfca6d01e0dc994de550408) Bump the dev-minor-updates group across 1 directory with 3 updates ### 📊 Changes **2 files changed** (+8764 additions, -7312 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+8761 -7309) 📝 `package.json` (+3 -3) </details> ### 📄 Description Bumps the dev-minor-updates group with 3 updates in the / directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [esbuild](https://github.com/evanw/esbuild) and [esbuild-node-externals](https://github.com/pradel/esbuild-node-externals). Updates `@types/node` from 24.9.2 to 24.10.1 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Updates `esbuild` from 0.25.12 to 0.27.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>.</em></p> <blockquote> <h2>v0.27.0</h2> <p><strong>This release deliberately contains backwards-incompatible changes.</strong> To avoid automatically picking up releases like this, you should either be pinning the exact version of <code>esbuild</code> in your <code>package.json</code> file (recommended) or be using a version range syntax that only accepts patch upgrades such as <code>^0.26.0</code> or <code>~0.26.0</code>. See npm's documentation about <a href="https://docs.npmjs.com/cli/v6/using-npm/semver/">semver</a> for more information.</p> <ul> <li> <p>Use <code>Uint8Array.fromBase64</code> if available (<a href="https://redirect.github.com/evanw/esbuild/issues/4286">#4286</a>)</p> <p>With this release, esbuild's <code>binary</code> loader will now use the new <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/fromBase64"><code>Uint8Array.fromBase64</code></a> function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify <code>target</code> when using this feature with Node (for example <code>--target=node22</code>) unless you're using Node v25+.</p> </li> <li> <p>Update the Go compiler from v1.23.12 to v1.25.4 (<a href="https://redirect.github.com/evanw/esbuild/issues/4208">#4208</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4311">#4311</a>)</p> <p>This raises the operating system requirements for running esbuild:</p> <ul> <li>Linux: now requires a kernel version of 3.2 or later</li> <li>macOS: now requires macOS 12 (Monterey) or later</li> </ul> </li> </ul> <h2>v0.26.0</h2> <ul> <li> <p>Enable trusted publishing (<a href="https://redirect.github.com/evanw/esbuild/issues/4281">#4281</a>)</p> <p>GitHub and npm are recommending that maintainers for packages such as esbuild switch to <a href="https://docs.npmjs.com/trusted-publishers">trusted publishing</a>. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.</p> <p>Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md">esbuild's changelog</a>.</em></p> <blockquote> <h2>0.27.0</h2> <p><strong>This release deliberately contains backwards-incompatible changes.</strong> To avoid automatically picking up releases like this, you should either be pinning the exact version of <code>esbuild</code> in your <code>package.json</code> file (recommended) or be using a version range syntax that only accepts patch upgrades such as <code>^0.26.0</code> or <code>~0.26.0</code>. See npm's documentation about <a href="https://docs.npmjs.com/cli/v6/using-npm/semver/">semver</a> for more information.</p> <ul> <li> <p>Use <code>Uint8Array.fromBase64</code> if available (<a href="https://redirect.github.com/evanw/esbuild/issues/4286">#4286</a>)</p> <p>With this release, esbuild's <code>binary</code> loader will now use the new <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/fromBase64"><code>Uint8Array.fromBase64</code></a> function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify <code>target</code> when using this feature with Node (for example <code>--target=node22</code>) unless you're using Node v25+.</p> </li> <li> <p>Update the Go compiler from v1.23.12 to v1.25.4 (<a href="https://redirect.github.com/evanw/esbuild/issues/4208">#4208</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4311">#4311</a>)</p> <p>This raises the operating system requirements for running esbuild:</p> <ul> <li>Linux: now requires a kernel version of 3.2 or later</li> <li>macOS: now requires macOS 12 (Monterey) or later</li> </ul> </li> </ul> <h2>0.26.0</h2> <ul> <li> <p>Enable trusted publishing (<a href="https://redirect.github.com/evanw/esbuild/issues/4281">#4281</a>)</p> <p>GitHub and npm are recommending that maintainers for packages such as esbuild switch to <a href="https://docs.npmjs.com/trusted-publishers">trusted publishing</a>. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.</p> <p>Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/2b91699b74da07c2cd2361a5e63c1882575e3bf0"><code>2b91699</code></a> publish 0.27.0 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/22b425c12f59964383df27362294b5f8c034bab3"><code>22b425c</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4286">#4286</a>: use <code>Uint8Array.fromBase64</code> if present (<a href="https://redirect.github.com/evanw/esbuild/issues/4295">#4295</a>)</li> <li><a href="https://github.com/evanw/esbuild/commit/6d187ef4c9277939c1639ef8c036c07ff62dd33f"><code>6d187ef</code></a> update go 1.25.3 => 1.25.4</li> <li><a href="https://github.com/evanw/esbuild/commit/9d0d4e71a23dce02d18cf91552304333c1b44cd9"><code>9d0d4e7</code></a> update go 1.23.12 => 1.25.3 (<a href="https://redirect.github.com/evanw/esbuild/issues/4318">#4318</a>)</li> <li><a href="https://github.com/evanw/esbuild/commit/b6979d89ed4b2aed1ab58d206e65c8bd92ac7c60"><code>b6979d8</code></a> use a patched go compiler for release builds</li> <li><a href="https://github.com/evanw/esbuild/commit/893d2b9661a62575041fa371351c422f887cc43d"><code>893d2b9</code></a> delete temporary <code>release.yml</code> workflow</li> <li><a href="https://github.com/evanw/esbuild/commit/cee391852c39146334894795e658e7a9c7bc4cd8"><code>cee3918</code></a> add a temporary <code>release.yml</code> workflow</li> <li><a href="https://github.com/evanw/esbuild/commit/f5bb1d6ed8c86eea24cda1664ab8812d823daeca"><code>f5bb1d6</code></a> fix <code>publish.yml</code></li> <li><a href="https://github.com/evanw/esbuild/commit/17ff82bebfaf78e97457cb504525584e603bf9f4"><code>17ff82b</code></a> publish 0.26.0 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/f87181fbf3eb78b6b00cf7b3529d0f6f20cd763c"><code>f87181f</code></a> enable trusted publishing (<a href="https://redirect.github.com/evanw/esbuild/issues/4319">#4319</a>)</li> <li>Additional commits viewable in <a href="https://github.com/evanw/esbuild/compare/v0.25.12...v0.27.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for esbuild since your current version.</p> </details> <br /> Updates `esbuild-node-externals` from 1.18.0 to 1.19.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pradel/esbuild-node-externals/releases">esbuild-node-externals's releases</a>.</em></p> <blockquote> <h2>esbuild-node-externals: v1.19.1</h2> <h2><a href="https://github.com/pradel/esbuild-node-externals/compare/esbuild-node-externals-v1.19.0...esbuild-node-externals-v1.19.1">1.19.1</a> (2025-11-11)</h2> <h3>Bug Fixes</h3> <ul> <li>fix ci release-please config (<a href="https://redirect.github.com/pradel/esbuild-node-externals/issues/79">#79</a>) (<a href="https://github.com/pradel/esbuild-node-externals/commit/8270e781b967c2a937087b4b37fd137f96000ab5">8270e78</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pradel/esbuild-node-externals/commit/694d44f43b5584b73f1c950ff5fd99a5c89c37f1"><code>694d44f</code></a> chore(main): release esbuild-node-externals 1.19.1 (<a href="https://redirect.github.com/pradel/esbuild-node-externals/issues/80">#80</a>)</li> <li><a href="https://github.com/pradel/esbuild-node-externals/commit/ee37a7ef07c40eacb06c4648e4a633548f028a1d"><code>ee37a7e</code></a> ci: add release-please bootstrap-sha</li> <li><a href="https://github.com/pradel/esbuild-node-externals/commit/8270e781b967c2a937087b4b37fd137f96000ab5"><code>8270e78</code></a> fix: fix ci release-please config (<a href="https://redirect.github.com/pradel/esbuild-node-externals/issues/79">#79</a>)</li> <li><a href="https://github.com/pradel/esbuild-node-externals/commit/3fd589c1c1b0410ff5739b93ab8ebcdd3259717a"><code>3fd589c</code></a> chore(main): release 1.19.0 (<a href="https://redirect.github.com/pradel/esbuild-node-externals/issues/78">#78</a>)</li> <li><a href="https://github.com/pradel/esbuild-node-externals/commit/2cf8d4ea7c3343f33e0601f96aaa39e49c1b743a"><code>2cf8d4e</code></a> feat: add esbuild 0.26, 0.27 to the allowed range (<a href="https://redirect.github.com/pradel/esbuild-node-externals/issues/77">#77</a>)</li> <li>See full diff in <a href="https://github.com/pradel/esbuild-node-externals/compare/v1.18.0...esbuild-node-externals-v1.19.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the

pull-request

label 2025-11-13 12:21:25 -06:00

Sign in to join this conversation.

Branches Tags

main

crowdin_dev

dev

clients-user

client-user

dependabot/npm_and_yarn/prod-minor-updates-35f2f5c31e

dependabot/npm_and_yarn/prod-patch-updates-c7bc470e93

dependabot/npm_and_yarn/dev-patch-updates-42f78d98b0

dependabot/npm_and_yarn/dev-minor-updates-42b6b37ac0

dependabot/npm_and_yarn/next-16.0.7

1.12.3

dependabot/npm_and_yarn/nodemailer-7.0.11

dependabot/npm_and_yarn/express-5.2.1

dependabot/github_actions/actions/checkout-6.0.0

dependabot/github_actions/actions/setup-go-6.1.0

copilot/fix-hc-health-status-unknown

copilot/configure-auto-login-idp-blueprints

dependabot/npm_and_yarn/react-email/tailwind-2.0.1

dev-ms

copilot/fix-duplicate-docker-labels

copilot/fix-supporter-key-redeem

policies

revert-1588-patch-1

patch

site-targets-auto-login

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#1249