Skip to content

Bump the minor-version-updates group across 1 directory with 4 updates#211

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/main/minor-version-updates-4aa83f9751
Open

Bump the minor-version-updates group across 1 directory with 4 updates#211
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/main/minor-version-updates-4aa83f9751

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2026

Bumps the minor-version-updates group with 4 updates in the / directory: core-js, @vitest/coverage-c8, sass and vitest.

Updates core-js from 3.48.0 to 3.49.0

Changelog

Sourced from core-js's changelog.

3.49.0 - 2026.03.16

  • Changes v3.48.0...v3.49.0 (373 commits)
  • Iterator.range updated following the actual spec version
    • Throw a RangeError on NaN start / end / step
    • Allow null as optionOrStep
  • Improved accuracy of Math.{ asinh, atanh } polyfills with big and small values
  • Improved accuracy of Number.prototype.toExponential polyfills with big and small values
  • Improved performance of atob, btoa, Uint8Array.fromHex, Uint8Array.prototype.setFromHex, and Uint8Array.prototype.toHex, #1503, #1464, #1510, thanks @​johnzhou721
  • Minor performance optimization polyfills of methods from Map upsert proposal
  • Polyfills of methods from Map upsert proposal from the pure version made generic to make it work with polyfilled and native collections
  • Wrap Symbol.for in Symbol.prototype.description polyfill for correct handling of empty string descriptions
  • Fixed a modern Safari bug in Array.prototype.includes with sparse arrays and fromIndex
  • Fixed one more case (Iterator.prototype.take) of a V8 ~ Chromium < 126 bug
  • Forced replacement of Iterator.{ concat, zip, zipKeyed } in the pure version for ensuring proper wrapped Iterator instances as the result
  • Fixed proxying .return() on exhausted iterator from some methods of iterator helpers polyfill to the underlying iterator
  • Fixed double .return() calling in case of throwing error in this method in the internal iterate helper that affected some polyfills
  • Fixed closing iterator on IteratorValue errors in the internal iterate helper that affected some polyfills
  • Fixed iterator closing in Array.from polyfill on failure to create array property
  • Fixed order of arguments validation in Array.fromAsync polyfill
  • Fixed a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync polyfill
  • Fixed order of arguments validation in Array.prototype.flat polyfill
  • Fixed handling strings as iterables in Iterator.{ zip, zipKeyed } polyfills
  • Fixed some cases of iterators closing in Iterator.{ zip, zipKeyed } polyfills
  • Fixed validation of iterators .next() results an objects in Iterator.{ zip, zipKeyed } polyfills
  • Fixed a lack of early error in Iterator.concat polyfill on primitive as an iterator
  • Fixed buffer mutation exposure in Iterator.prototype.windows polyfill
  • Fixed iterator closing in Set.prototype.{ isDisjointFrom, isSupersetOf } polyfill
  • Fixed (updated following the final spec) one more case Set.prototype.difference polyfill with updating this
  • Fixed DataView.prototype.setFloat16 polyfill in (0, 1) range
  • Fixed order of arguments validation in String.prototype.{ padStart, padEnd } polyfills
  • Fixed order of arguments validation in String.prototype.{ startsWith, endsWith } polyfills
  • Fixed some cases of Infinity handling in String.prototype.substr polyfill
  • Fixed String.prototype.repeat polyfill with a counter exceeding 2 ** 32
  • Fixed some cases of chars case in escape polyfill
  • Fixed named backreferences in RegExp NCG polyfill
  • Fixed some cases of RegExp NCG polyfill in combination with other types of groups
  • Fixed some cases of RegExp NCG polyfill in combination with dotAll
  • Fixed String.prototype.replace with sticky polyfill, #810, #1514
  • Fixed RegExp sticky polyfill with alternation
  • Fixed handling of some line terminators in case of multiline + sticky mode in RegExp polyfill
  • Fixed .input slicing on result object with RegExp sticky mode polyfill
  • Fixed handling of empty groups with global and unicode modes in polyfills
  • Fixed URLSearchParam.prototype.delete polyfill with duplicate key-value pairs
  • Fixed possible removal of unnecessary entries in URLSearchParam.prototype.delete polyfill with second argument
  • Fixed an error in some cases of non-special URLs without a path in the URL polyfill
  • Fixed some percent encode cases / character sets in the URL polyfill
  • Fixed parsing of non-IPv4 hosts ends in a number in the URL polyfill
  • Fixed some cases of '' and null host handling in the URL polyfill
  • Fixed host parsing with hostname = host:port in the URL polyfill
  • Fixed host inheritance in some cases of file scheme in the URL polyfill

... (truncated)

Commits
  • 80adfc4 v3.49.0
  • 0ad3e00 fix a modern Safari bug in Array.prototype.includes with sparse arrays and ...
  • 853bfa4 update some links
  • b4d723f fix a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync p...
  • e276676 fix parsing of non-IPv4 hosts ends in a number in the URL polyfill
  • dd1cfba fix order of arguments validation in String.prototype.{ padStart, padEnd } ...
  • b952c5f add an extra protection to configurator
  • e490caf Fix for #810 (#1514)
  • 10b4e86 drop an unneeded comment
  • 28cf2e9 feat: Improve performance of Uint8Array Hex functions (#1510)
  • Additional commits viewable in compare view

Updates @vitest/coverage-c8 from 0.25.8 to 0.33.0

Commits

Updates sass from 1.97.3 to 1.98.0

Release notes

Sourced from sass's releases.

Dart Sass 1.98.0

To install Sass 1.98.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Command-Line Interface

  • Gracefully handle dependency loops in --watch mode.

Dart API

  • Add a const Logger.defaultLogger field. This provides a logger that emits to standard error or the browser console, but automatically chooses whether to use terminal colors.

JavaScript API

  • Fix a crash when manually constructing a SassCalculation for 'calc' with an argument that can't be simplified.

  • Properly emit deprecation warnings as text rather than StringBuffer objects when running in a browser.

  • Emit colored warnings and other messages on the console when running in a browser.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.98.0

Command-Line Interface

  • Gracefully handle dependency loops in --watch mode.

Dart API

  • Add a const Logger.defaultLogger field. This provides a logger that emits to standard error or the browser console, but automatically chooses whether to use terminal colors.

JavaScript API

  • Fix a crash when manually constructing a SassCalculation for 'calc' with an argument that can't be simplified.

  • Properly emit deprecation warnings as text rather than StringBuffer objects when running in a browser.

  • Emit colored warnings and other messages on the console when running in a browser.

Commits
  • 5a81ae3 Bump version to 1.98.0 (#2754)
  • e25e71d Update immutable to v5.1.5 (#2753)
  • 43fac1a Bump actions/upload-artifact from 6 to 7 (#2747)
  • 8b85c9a Bump actions/download-artifact from 7 to 8 (#2749)
  • 00f83f0 Bump postcss from 8.5.6 to 8.5.8 in /pkg/sass-parser (#2752)
  • 0a325a4 Bump actions/attest-build-provenance from 3 to 4 (#2748)
  • 7fb3c0f Gracefully handle dependency loops in watch mode (#2746)
  • e86d044 Bump eslint from 9.39.3 to 10.0.1 in /pkg/sass-parser (#2743)
  • 4bcd256 Add Logger.defaultLogger to automatically choose whether to use colors (#2742)
  • c3f8ff0 Always convert printed objects to strings in JS (#2741)
  • Additional commits viewable in compare view

Updates vitest from 4.0.18 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

... (truncated)

Commits
  • 4150b91 chore: release v4.1.0
  • 1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
  • c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
  • eab68ba chore(deps): update all non-major dependencies (#9824)
  • 031f02a fix: allow catch/finally for async assertion (#9827)
  • 3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
  • 0c2c013 chore: release v4.1.0-beta.6
  • 8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
  • a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
  • 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the minor-version-updates group across 1 directory with 4 updates
74c8623 
Bumps the minor-version-updates group with 4 updates in the / directory: [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js), [@vitest/coverage-c8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-c8), [sass](https://github.com/sass/dart-sass) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `core-js` from 3.48.0 to 3.49.0
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/commits/v3.49.0/packages/core-js)

Updates `@vitest/coverage-c8` from 0.25.8 to 0.33.0
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v0.33.0/packages/coverage-c8)

Updates `sass` from 1.97.3 to 1.98.0
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.97.3...1.98.0)

Updates `vitest` from 4.0.18 to 4.1.0
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest)

---
updated-dependencies:
- dependency-name: core-js
  dependency-version: 3.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-version-updates
- dependency-name: "@vitest/coverage-c8"
  dependency-version: 0.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-version-updates
- dependency-name: sass
  dependency-version: 1.98.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-version-updates
- dependency-name: vitest
  dependency-version: 4.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-version-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 18, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 18, 2026 09:59
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants