chore(deps-dev): bump the development-dependencies group with 4 updates by dependabot[bot] · Pull Request #753 · NodeSecure/cli

dependabot · 2026-04-20T06:03:10Z

Bumps the development-dependencies group with 4 updates: @types/node, stylelint, undici and vite.

Updates @types/node from 25.5.2 to 25.6.0

Commits

See full diff in compare view

Updates stylelint from 17.6.0 to 17.7.0

Release notes

17.7.0

It fixes 4 bugs, including clearer problem messages by removing filler words and leading with the problem. We've also released 1.0.0 of create-stylelint to help with first-time Stylelint setup.

Fixed: clarity of problem messages (#9199) (@jeddy3).

Fixed: --print-config CLI flag to hide internal properties (#9194) (@ybiquitous).

Fixed: function-url-quotes false positives when URLs have modifiers (#8702) (@immitsu).

Fixed: selector-no-qualifying-type false positives for :has() (#9182) (@romainmenke).

Changelog

Sourced from stylelint's changelog.

17.7.0 - 2026-04-12

It fixes 4 bugs, including clearer problem messages by removing filler words and leading with the problem. We've also released 1.0.0 of create-stylelint to help with first-time Stylelint setup.

Fixed: clarity of problem messages (#9199) (@jeddy3).

Fixed: --print-config CLI flag to hide internal properties (#9194) (@ybiquitous).

Fixed: function-url-quotes false positives when URLs have modifiers (#8702) (@immitsu).

Fixed: selector-no-qualifying-type false positives for :has() (#9182) (@romainmenke).

Commits

0b9b48b Release 17.7.0 (#9210)
d0c992e Fix function-url-quotes false positives when URLs have modifiers (#8702)
64d07a8 Fix clarity of problem messages (#9199)
38b2df2 Bump lodash from 4.17.23 to 4.18.1 (#9208)
2d9a53d Bump globby from 16.1.1 to 16.2.0 (#9207)
37b1766 Bump @csstools/css-syntax-patches-for-csstree from 1.1.1 to 1.1.2 in the csst...
db04992 Bump codecov/codecov-action from 5.5.2 to 6.0.0 (#9205)
5dd17db Fix --print-config CLI flag to hide internal properties (#9194)
f5010d4 Refactor to document properties in Config type (#9195)
73f4834 Refactor to remove unused Config.ignorePatterns property type (#9193)
Additional commits viewable in compare view

Updates undici from 8.0.2 to 8.1.0

Release notes

Sourced from undici's releases.

v8.1.0

What's Changed

feat: add configurable maxPayloadSize for WebSocket by @mcollina in nodejs/undici#4955

Full Changelog: nodejs/undici@v8.0.3...v8.1.0

v8.0.3

What's Changed

docs: add an Undici 7 to 8 migration guide by @mcollina in nodejs/undici#4963

chore: switch deferred promise with Promise.withResolvers() by @trivikr in nodejs/undici#4972

chore: remove zstd and markAsUncloneable feature probes by @trivikr in nodejs/undici#4968

test: remove obsolete nodeMajor/nodeMinor util exports by @trivikr in nodejs/undici#4976

chore: use Promise.withResolvers in SOCKS5 proxy agent by @trivikr in nodejs/undici#4978

build(deps-dev): bump esbuild from 0.27.7 to 0.28.0 by @dependabot[bot] in nodejs/undici#4985

build(deps-dev): bump proxy from 2.2.0 to 4.0.0 by @dependabot[bot] in nodejs/undici#4987

build(deps): bump got from 14.6.6 to 15.0.0 in /benchmarks by @dependabot[bot] in nodejs/undici#4988

chore: use Object.hasOwn for iterator checks by @trivikr in nodejs/undici#4979

doc: Update dump({ limit: Integer }) default value by @samuel871211 in nodejs/undici#4981

fix: avoid 401 failures for stream-backed request bodies by @mcollina in nodejs/undici#4941

test: remove unsupported Node version checks from fetch tests by @trivikr in nodejs/undici#4977

types: remove legacy AbortSignal alias now provided by @types/node by @trivikr in nodejs/undici#4995

fix: remove stale constructor interceptors from types and pool options by @trivikr in nodejs/undici#4994

doc: update incorrect description of dump.maxSize by @samuel871211 in nodejs/undici#4982

ci: enable coverage for node.js 25 by @shivarm in nodejs/undici#4980

refactor: reuse wrapRequestBody in RedirectHandler by @trivikr in nodejs/undici#4992

fix: preserve connect option in H2CClient by @trivikr in nodejs/undici#5000

types: document Client and H2CClient option declarations by @trivikr in nodejs/undici#4998

fix: native WebSocket over H2 server after undici import by @mcollina in nodejs/undici#4990

chore(test): issue 3969 by @rozzilla in nodejs/undici#5005

fix(1270): throw descriptive error when opts.dispatcher–passed instance methods by @rozzilla in nodejs/undici#5007

docs: Change the default value of allowH2 in JSDoc by @7hokerz in nodejs/undici#5009

chore(test): cover issue 5014 by @rozzilla in nodejs/undici#5015

fix: prevent cache dedup key collision via unescaped delimiters by @eddieran in nodejs/undici#5013

fix(proxy agent): respect connectTimeout by @rozzilla in nodejs/undici#5011

New Contributors

@7hokerz made their first contribution in nodejs/undici#5009

@eddieran made their first contribution in nodejs/undici#5013

Full Changelog: nodejs/undici@v8.0.2...v8.0.3

Commits

d64e7bb Bumped v8.1.0 (#5023)
bd91f86 feat: add configurable maxPayloadSize for WebSocket (#4955)
8cfb762 Bumped v8.0.3 (#5019)
7ca6bb3 fix(proxy agent): respect connectTimeout (#5011)
30e9f98 fix: prevent cache dedup key collision via unescaped delimiters (#5012) (#5013)
85d8368 chore(test): cover issue 5014 (#5015)
4e4c2a3 docs: Change the default value of allowH2 in JSDoc (#5009)
0143e1b fix(1270): throw descriptive error when opts dispatcher passed instance metho...
51a27b7 chore(test): issue 3969 (#5005)
a434502 fix: native WebSocket over H2 server after undici import (#4990)
Additional commits viewable in compare view

Updates vite from 8.0.7 to 8.0.8

Release notes

Sourced from vite's releases.

v8.0.8

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.8 (2026-04-09)

Features

update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

Bug Fixes

avoid dns.getDefaultResultOrder temporary (#22202) (15f1c15)

ssr: class property keys hoisting matching imports (#22199) (e137601)

Commits

6e585dc release: v8.0.8
e137601 fix(ssr): class property keys hoisting matching imports (#22199)
15f1c15 fix: avoid dns.getDefaultResultOrder temporary (#22202)
6baf587 feat: update rolldown to 1.0.0-rc.15 (#22201)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the development-dependencies group with 4 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [stylelint](https://github.com/stylelint/stylelint), [undici](https://github.com/nodejs/undici) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `@types/node` from 25.5.2 to 25.6.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `stylelint` from 17.6.0 to 17.7.0 - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md) - [Commits](stylelint/stylelint@17.6.0...17.7.0) Updates `undici` from 8.0.2 to 8.1.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v8.0.2...v8.1.0) Updates `vite` from 8.0.7 to 8.0.8 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.8/packages/vite) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: stylelint dependency-version: 17.7.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: undici dependency-version: 8.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: vite dependency-version: 8.0.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

changeset-bot · 2026-04-20T06:03:18Z

⚠️ No Changeset found

Latest commit: b3e2f00

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

socket-security · 2026-04-20T06:03:55Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Maintenance
undici@8.0.2 ⏵ 8.1.0
vite@8.0.7 ⏵ 8.0.8
stylelint@17.6.0 ⏵ 17.7.0	⁺¹	⁺²

View full report

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 20, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps-dev): bump the development-dependencies group with 4 updates#753

chore(deps-dev): bump the development-dependencies group with 4 updates#753
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/development-dependencies-92274eff33

dependabot bot commented on behalf of github Apr 20, 2026

Uh oh!

changeset-bot bot commented Apr 20, 2026

Uh oh!

socket-security bot commented Apr 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 20, 2026

17.7.0

17.7.0 - 2026-04-12

v8.1.0

What's Changed

v8.0.3

What's Changed

New Contributors

v8.0.8

8.0.8 (2026-04-09)

Features

Bug Fixes

Uh oh!

changeset-bot bot commented Apr 20, 2026

⚠️ No Changeset found

Uh oh!

socket-security bot commented Apr 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants