chore(deps): bump the patch-updates group across 1 directory with 5 updates by dependabot[bot] · Pull Request #28 · STARTcloud/web-terminal

dependabot · 2026-02-09T10:02:49Z

Bumps the patch-updates group with 4 updates in the / directory: cors, openid-client, @vitest/ui and eslint-plugin-prettier.

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

Build: Node.js@12.16 and Node.js.13.12 by @smondal in expressjs/cors#189

Update README.md for origin function callback parameters by @dstudzinski in expressjs/cors#180

Suggest passing false for disallowed domains, not erroring by @shackpank in expressjs/cors#175

Changed the term whitelist to allowlist in Documentation by @jkasun in expressjs/cors#200

Fix typo in README by @alex-grover in expressjs/cors#207

Added new link & website in the README by @manjunath00 in expressjs/cors#269

Fix functions call with extra parameter by @LuisEGR in expressjs/cors#245

🐛 Fix readme status badge by @homersimpsons in expressjs/cors#306

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cors#321

ci: fix errors in ci github action for node 8 by @inigomarquinez in expressjs/cors#322

test: improved test robustness by @Alex-GF in expressjs/cors#320

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/cors#341

ci: add CodeQL (SAST) by @bjohansebas in expressjs/cors#340

docs: remove broken link to demo site by @dpopp07 in expressjs/cors#344

OSSF Scorecard recommendations by @UlisesGascon in expressjs/cors#350

build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @dependabot[bot] in expressjs/cors#351

build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/cors#353

build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @dependabot[bot] in expressjs/cors#354

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @dependabot[bot] in expressjs/cors#355

build(deps-dev): bump express from 4.17.1 to 4.21.2 by @dependabot[bot] in expressjs/cors#356

build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in expressjs/cors#352

build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @dependabot[bot] in expressjs/cors#358

update the docs for per request config by @jonchurch in expressjs/cors#338

(fix): readme updated for #271 origin option for * by @dhananjaysa92 in expressjs/cors#289

ci: upgrade Node versions by @UlisesGascon in expressjs/cors#359

chore: add funding to package.json by @bjohansebas in expressjs/cors#363

build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @dependabot[bot] in expressjs/cors#371

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/cors#370

docs: Cleanup README by @efekrskl in expressjs/cors#374

chore: add node v25 by @imangas in expressjs/cors#375

Extend CI test matrix by @imangas in expressjs/cors#376

docs: simplify code examples with header comments by @jonchurch in expressjs/cors#386

docs: tweak intro, add note w/ browser enforcement, FAQ by @jonchurch in expressjs/cors#385

chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @Phillip9587 in expressjs/cors#388

Release: 2.8.6 by @UlisesGascon in expressjs/cors#390

New Contributors

@smondal made their first contribution in expressjs/cors#189

@dstudzinski made their first contribution in expressjs/cors#180

@shackpank made their first contribution in expressjs/cors#175

@jkasun made their first contribution in expressjs/cors#200

@alex-grover made their first contribution in expressjs/cors#207

@manjunath00 made their first contribution in expressjs/cors#269

@LuisEGR made their first contribution in expressjs/cors#245

@homersimpsons made their first contribution in expressjs/cors#306

@inigomarquinez made their first contribution in expressjs/cors#321

@Alex-GF made their first contribution in expressjs/cors#320

@carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

Improve documentation (API, context, examples...)

Remove additional markdown files from tarball

Commits

f00a8c1 2.8.6 (#390)
848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
bbf62a5 docs: simplify code examples with header comments (#386)
f442e77 Extend CI test matrix (#376)
d5cf6cd ci: add support for node@25 (#375)
7e6f7ee docs: revamp content (#374)
b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
9a9a760 chore: add funding to package.json (#363)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates openid-client from 6.8.1 to 6.8.2

Release notes

Sourced from openid-client's releases.

v6.8.2

Fixes

use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Changelog

Sourced from openid-client's changelog.

6.8.2 (2026-02-07)

Fixes

use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Commits

b14e51c chore(release): 6.8.2
f6f84e2 fix: use duplex: half for fetchProtectedResource with ReadableStream body input
f879890 chore: bump packages
b506e1a build(deps): bump the actions group with 4 updates (#853)
0baa958 chore: bump packages
c5d4931 chore: bump packages
7cf3c12 test: revert undici for the time being
8b2e360 chore: bump packages
79386b7 build(deps): bump lodash from 4.17.21 to 4.17.23 (#849)
950e199 build(deps-dev): bump tar from 7.5.3 to 7.5.6 (#848)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openid-client since your current version.

Updates @vitest/ui from 4.0.15 to 4.0.18

Release notes

Sourced from @vitest/ui's releases.

v4.0.18

   🚀 Experimental Features

experimental: Add onModuleRunner hook to worker.init - by @sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

Use meta.url in createRequire - by @sheremet-va in vitest-dev/vitest#9441 (e0572)

browser: Hide injected data-testid attributes - by @sheremet-va in vitest-dev/vitest#9503 (f8989)

ui: Process artifact attachments when generating HTML reporter - by @macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

v4.0.17

   🚀 Experimental Features

Support openTelemetry for browser mode - by @hi-ogawa in vitest-dev/vitest#9180 (1ec3a)

Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation - by @Copilot, hi-ogawa and @hi-ogawa in vitest-dev/vitest#9295 (876cb)

   🐞 Bug Fixes

Improve asymmetric matcher diff readability by unwrapping container matchers - by @Copilot, sheremet-va, hi-ogawa and @hi-ogawa in vitest-dev/vitest#9330 (b2ec7)

Improve runner error when importing outside of test context - by @sheremet-va in vitest-dev/vitest#9335 (2dd3d)

Replace crypto.randomUUID to allow insecure environments (fix #9… - by @plusgut in vitest-dev/vitest#9339 and vitest-dev/vitest#9 (e6a3f)

Handle null options in addEventHandler #9371 - by @ThibautMarechal in vitest-dev/vitest#9372 and vitest-dev/vitest#9371 (40841)

Typo in browser.provider error - by @deammer in vitest-dev/vitest#9394 (4b67f)

browser:

Fix process.env and import.meta.env defines in inline project - by @hi-ogawa in vitest-dev/vitest#9239 (b70c9)

Fix upload File instance - by @hi-ogawa in vitest-dev/vitest#9294 (b6778)

Fix invalid project token for artifacts assets - by @hi-ogawa in vitest-dev/vitest#9321 (caa7d)

Log ErrorEvent.message when unhandled ErrorEvent.error is null - by @hi-ogawa in vitest-dev/vitest#9322 (5d84e)

Support fileParallelism on an instance - by @sheremet-va in vitest-dev/vitest#9328 (15006)

coverage:

Remove unnecessary istanbul-lib-source-maps usage - by @AriPerkkio in vitest-dev/vitest#9344 (b0940)

Apply patch from istanbuljs/istanbuljs#837 - by @AriPerkkio and sapphi-red in vitest-dev/vitest#9413 and vitest-dev/vitest#837 (e05ce)

fsModuleCache:

Don't store importers in cache - by @sheremet-va in vitest-dev/vitest#9422 (75136)

Add importers alongside importedModules - by @sheremet-va in vitest-dev/vitest#9423 (59f92)

mocker:

Fix mock transform with class - by @hi-ogawa in vitest-dev/vitest#9421 (d390e)

pool:

Validate environment options when reusing the worker - by @sheremet-va in vitest-dev/vitest#9349 (a8a88)

Handle worker start failures gracefully - by @AriPerkkio in vitest-dev/vitest#9337 (200da)

reporter:

Report test module if it failed to run - by @sheremet-va in vitest-dev/vitest#9272 (c7888)

runner:

Respect nested test.only within describe.only - by @Ujjwaljain16 in vitest-dev/vitest#9021 and vitest-dev/vitest#9213 (55d5d)

typecheck:

Improve error message when tsc outputs help text - by @Ujjwaljain16 in vitest-dev/vitest#9214 (7b10a)

ui:

... (truncated)

Commits

4d3e3c6 chore: release v4.0.18
2254356 fix(ui): process artifact attachments when generating HTML reporter (#9472)
dd54e94 chore: release v4.0.17
a36c3be refactor(browser): restructure screenshot matcher and add documentation (#9243)
dd03316 fix(ui): detect gzip by magic numbers instead of Content-Type header in html ...
b46d744 chore: release v4.0.16
60642b3 fix: fix module graph UI on html reporter with headless browser mode (#9219)
See full diff in compare view

Updates eslint-plugin-prettier from 5.5.4 to 5.5.5

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.5.5

Patch Changes

#772 7264ed0 Thanks @BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

#776 77651a3 Thanks @aswils! - fix: bump synckit for yarn PnP ESM issue

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.5.5

Patch Changes

#772 7264ed0 Thanks @BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

#776 77651a3 Thanks @aswils! - fix: bump synckit for yarn PnP ESM issue

Commits

e2c154a chore: release eslint-plugin-prettier (#773)
6795c1a build(deps): Bump the actions group across 1 directory with 2 updates (#774)
77651a3 fix: bump synckit for yarn PnP ESM issue (#776)
7264ed0 chore: bump prettier-linter-helpers to v1.0.1 (#772)
e11a5b7 build(deps): Bump the actions group across 1 directory with 3 updates (#769)
befda88 ci: enable trusted publishing (#757)
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-prettier since your current version.

Updates vitest from 4.0.15 to 4.0.18

Release notes

Sourced from vitest's releases.

v4.0.18

   🚀 Experimental Features

experimental: Add onModuleRunner hook to worker.init - by @sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

Use meta.url in createRequire - by @sheremet-va in vitest-dev/vitest#9441 (e0572)

browser: Hide injected data-testid attributes - by @sheremet-va in vitest-dev/vitest#9503 (f8989)

ui: Process artifact attachments when generating HTML reporter - by @macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

v4.0.17

   🚀 Experimental Features

Support openTelemetry for browser mode - by @hi-ogawa in vitest-dev/vitest#9180 (1ec3a)

Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation - by @Copilot, hi-ogawa and @hi-ogawa in vitest-dev/vitest#9295 (876cb)

   🐞 Bug Fixes

Improve asymmetric matcher diff readability by unwrapping container matchers - by @Copilot, sheremet-va, hi-ogawa and @hi-ogawa in vitest-dev/vitest#9330 (b2ec7)

Improve runner error when importing outside of test context - by @sheremet-va in vitest-dev/vitest#9335 (2dd3d)

Replace crypto.randomUUID to allow insecure environments (fix #9… - by @plusgut in vitest-dev/vitest#9339 and vitest-dev/vitest#9 (e6a3f)

Handle null options in addEventHandler #9371 - by @ThibautMarechal in vitest-dev/vitest#9372 and vitest-dev/vitest#9371 (40841)

Typo in browser.provider error - by @deammer in vitest-dev/vitest#9394 (4b67f)

browser:

Fix process.env and import.meta.env defines in inline project - by @hi-ogawa in vitest-dev/vitest#9239 (b70c9)

Fix upload File instance - by @hi-ogawa in vitest-dev/vitest#9294 (b6778)

Fix invalid project token for artifacts assets - by @hi-ogawa in vitest-dev/vitest#9321 (caa7d)

Log ErrorEvent.message when unhandled ErrorEvent.error is null - by @hi-ogawa in vitest-dev/vitest#9322 (5d84e)

Support fileParallelism on an instance - by @sheremet-va in vitest-dev/vitest#9328 (15006)

coverage:

Remove unnecessary istanbul-lib-source-maps usage - by @AriPerkkio in vitest-dev/vitest#9344 (b0940)

Apply patch from istanbuljs/istanbuljs#837 - by @AriPerkkio and sapphi-red in vitest-dev/vitest#9413 and vitest-dev/vitest#837 (e05ce)

fsModuleCache:

Don't store importers in cache - by @sheremet-va in vitest-dev/vitest#9422 (75136)

Add importers alongside importedModules - by @sheremet-va in vitest-dev/vitest#9423 (59f92)

mocker:

Fix mock transform with class - by @hi-ogawa in vitest-dev/vitest#9421 (d390e)

pool:

Validate environment options when reusing the worker - by @sheremet-va in vitest-dev/vitest#9349 (a8a88)

Handle worker start failures gracefully - by @AriPerkkio in vitest-dev/vitest#9337 (200da)

reporter:

Report test module if it failed to run - by @sheremet-va in vitest-dev/vitest#9272 (c7888)

runner:

Respect nested test.only within describe.only - by @Ujjwaljain16 in vitest-dev/vitest#9021 and vitest-dev/vitest#9213 (55d5d)

typecheck:

Improve error message when tsc outputs help text - by @Ujjwaljain16 in vitest-dev/vitest#9214 (7b10a)

ui:

... (truncated)

Commits

4d3e3c6 chore: release v4.0.18
ea837de feat(experimental): add onModuleRunner hook to worker.init (#9286)
e057281 fix: use meta.url in createRequire (#9441)
dd54e94 chore: release v4.0.17
59f92d4 fix(fsModuleCache): add importers alongside importedModules (#9423)
751364e fix(fsModuleCache): don't store importers in cache (#9422)
4b67fc2 fix: typo in browser.provider error (#9394)
40841ff fix: handle null options in addEventHandler #9371 (#9372)
200dadb fix(pool): handle worker start failures gracefully (#9337)
1500654 fix(browser): support fileParallelism on an instance (#9328)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…pdates Bumps the patch-updates group with 4 updates in the / directory: [cors](https://github.com/expressjs/cors), [openid-client](https://github.com/panva/openid-client), [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui) and [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier). Updates `cors` from 2.8.5 to 2.8.6 - [Release notes](https://github.com/expressjs/cors/releases) - [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md) - [Commits](expressjs/cors@v2.8.5...v2.8.6) Updates `openid-client` from 6.8.1 to 6.8.2 - [Release notes](https://github.com/panva/openid-client/releases) - [Changelog](https://github.com/panva/openid-client/blob/main/CHANGELOG.md) - [Commits](panva/openid-client@v6.8.1...v6.8.2) Updates `@vitest/ui` from 4.0.15 to 4.0.18 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.18/packages/ui) Updates `eslint-plugin-prettier` from 5.5.4 to 5.5.5 - [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases) - [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md) - [Commits](prettier/eslint-plugin-prettier@v5.5.4...v5.5.5) Updates `vitest` from 4.0.15 to 4.0.18 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.18/packages/vitest) --- updated-dependencies: - dependency-name: cors dependency-version: 2.8.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: openid-client dependency-version: 6.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@vitest/ui" dependency-version: 4.0.18 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: eslint-plugin-prettier dependency-version: 5.5.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: vitest dependency-version: 4.0.18 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-02-09T10:02:51Z

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 9, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

chore(deps): bump the patch-updates group across 1 directory with 5 updates#28

chore(deps): bump the patch-updates group across 1 directory with 5 updates#28
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/patch-updates-431326b1d2

dependabot bot commented on behalf of github Feb 9, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Feb 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Feb 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.8.6

What's Changed

New Contributors

2.8.6 / 2026-01-22

v6.8.2

Fixes

6.8.2 (2026-02-07)

Fixes

v4.0.18

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.0.17

🚀 Experimental Features

🐞 Bug Fixes

v5.5.5

Patch Changes

5.5.5

Patch Changes

v4.0.18

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.0.17

🚀 Experimental Features

🐞 Bug Fixes

Uh oh!

dependabot bot commented on behalf of github Feb 9, 2026

Labels

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Feb 9, 2026 •

edited

Loading