Bump the npm_and_yarn group across 4 directories with 18 updates by dependabot[bot] · Pull Request #4838 · udecode/plate

dependabot · 2026-02-19T15:09:48Z

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
lodash	`4.17.21`	`4.17.23`
next	`16.0.10`	`16.1.5`
glob	`11.0.2`	`12.0.0`
validator	`13.15.15`	`13.15.22`
@modelcontextprotocol/sdk	`1.12.1`	`1.27.0`
@trpc/server	`11.7.1`	`11.10.0`
diff	`4.0.2`	`4.0.4`
mdast-util-to-hast	`13.2.0`	`13.2.1`
pbkdf2	`3.1.2`	`3.1.5`
qs	`6.14.0`	`6.15.0`
sha.js	`2.4.11`	`2.4.12`
tar-fs	`3.0.9`	`3.1.1`
tar	`7.4.3`	`7.5.9`
undici	`7.10.0`	`7.22.0`
zx	`7.2.3`	`7.2.4`

Bumps the npm_and_yarn group with 3 updates in the /apps/www directory: lodash, next and glob.
Bumps the npm_and_yarn group with 2 updates in the /templates/plate-playground-template directory: ai and next.
Bumps the npm_and_yarn group with 1 update in the /templates/plate-template directory: next.

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates next from 16.0.10 to 16.1.5

Release notes

Sourced from next's releases.

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Fix linked list bug in LRU deleteFromLru (#88652)

Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @acdlite and @ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Turbopack: Update to swc_core v50.2.3 (#87841) (#88296)

Fixes a crash when processing mdx files with multibyte characters. (#87713)

Turbopack: mimalloc upgrade and enabling it on musl (#88503) (#87815) (#88426)

Fixes a significant performance issue on musl-based Linux distributions (e.g. Alpine in Docker) related to musl's allocator.

Other platforms have always used mimalloc, but we previously did not use mimalloc on musl because of compilation issues that have since been resolved.

Credits

Huge thanks to @mischnic for helping!

v16.1.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

... (truncated)

Commits

acba4a6 v16.1.5
e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
522ed84 Sync DoS mitigations for React Flight
8cad197 [backport][cna] Ensure created app is not considered the workspace root in pn...
2718661 Backport/docs fixes (#89031)
5333625 Backport/docs fixes 16.1.5 (#88916)
60de6c2 v16.1.4
5f75d22 backport: Only filter next config if experimental flag is enabled (#88733) (#...
Additional commits viewable in compare view

Updates glob from 11.0.2 to 12.0.0

Changelog

Sourced from glob's changelog.

changeglob

13

Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)

Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.

Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

Drop support for node before v20

10.4

Add includeChildMatches: false option

Export the Ignore class

10.3

Add --default -p flag to provide a default pattern

exclude symbolic links to directories when follow and nodir are both set

10.2

Add glob cli

10.1

Return '.' instead of the empty string '' when the current working directory is returned as a match.

Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

2b03cca 12.0.0
d56203d prettier config
bb521e5 Remove --shell option where unsafe to use
2551fb5 11.1.0
47473c0 bin: Do not expose filenames to shell expansion
bc33fe1 skip tilde test on systems that lack tilde expansion
59bf9ca fix notes
dde4fa6 docs(README): add #anchor and improve notes
0559b0e docs: add better links to path-scurry docs
c9773c2 fix: correct typos in README.md
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates mermaid from 10.9.3 to 10.9.5

Commits

665b3d0 chore: bump mermaid version to 10.9.5
5b3912f refactor: remove unnecessary Element check
01ff8c5 fix(deps): update dependency dompurify to ^3.2.4
d9618da chore: update dompurify to ^3.2.1
a65bcc5 fix: update dagre-d3-es to version 7.0.13
80dcf2e chore: fixed formatting
cdff69f chore: updated upload artifact version
2ce5801 chore: bump mermaid version to 10.9.4
2efe338 fix: sanitize addHtmlLabel in createLabel
7509b06 fix: Sanitize Katex
See full diff in compare view

Updates validator from 13.15.15 to 13.15.22

Release notes

Sourced from validator's releases.

13.15.22

Fixes, New Locales and Enhancements

#2622 isURL: fix regression with hostnames with ports @mbtools

#2616 isLength: improve handling Unicode variation selectors @koral--

Doc fixes and others:

#2621 @mbtools

New Contributors

@mbtools made their first contribution in validatorjs/validator.js#2622

@koral-- made their first contribution in validatorjs/validator.js#2616

Full Changelog: validatorjs/validator.js@13.15.20...13.15.22

13.15.20

Fixes, New Locales and Enhancements

#2556 isMobilePhone: add ar-QA locale @WardKhaddour

#2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @avadootharajesh

#2574 isBase64: improve padding regex @KrayzeeKev

#2584 isVAT: improve FR locale @iamAmer

#2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @theofidry

Doc fixes and others:

#2563 @stoneLeaf

#2581 @camillobruni

New Contributors

@stoneLeaf made their first contribution in validatorjs/validator.js#2563

@WardKhaddour made their first contribution in validatorjs/validator.js#2556

@avadootharajesh made their first contribution in validatorjs/validator.js#2576

@KrayzeeKev made their first contribution in validatorjs/validator.js#2574

@iamAmer made their first contribution in validatorjs/validator.js#2584

@camillobruni made their first contribution in validatorjs/validator.js#2581

@theofidry made their first contribution in validatorjs/validator.js#2608

Full Changelog: validatorjs/validator.js@13.15.15...13.15.20

Changelog

Sourced from validator's changelog.

13.15.22

Fixes, New Locales and Enhancements

#2622 isURL: fix regression with hostnames with ports @mbtools

#2616 isLength: improve handling Unicode variation selectors @koral--

Doc fixes and others:

#2621 @mbtools

13.15.20

Fixes, New Locales and Enhancements

#2556 isMobilePhone: add ar-QA locale @WardKhaddour

#2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @avadootharajesh

#2574 isBase64: improve padding regex @KrayzeeKev

#2584 isVAT: improve FR locale @iamAmer

#2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @theofidry

Doc fixes and others:

#2563 @stoneLeaf

#2581 @camillobruni

Commits

f2b5c17 maintenance: 2511 release (#2627)
d457eca fix(isLength): correctly handle Unicode variation selectors (#2616)
f2e3633 docs: add install instructions to contibution guide (#2621)
cf40145 fix: URL validation for hostnames with ports (no protocol) (#2622)
4af6124 maintenance: 2510 release (#2585)
30d4fe0 13.15.20
cbef508 fix(isURL): improve protocol detection. Resolves CVE-2025-56200 (#2608)
6f436be Fix typo in validators.test.js (#2581)
3c85708 Fix: correct French VAT (FR) validation regex and add tests (#2584)
eee525c #2491 #2573 Simplify isBase64 to prevent stack overflow (#2574)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wikirik, a new releaser for validator since your current version.

Updates @modelcontextprotocol/sdk from 1.12.1 to 1.27.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.27.0

What's Changed

feat: add conformance test infrastructure for v1.x by @felixweinberger in modelcontextprotocol/typescript-sdk#1518

feat: backport discoverOAuthServerInfo() and discovery caching to v1.x by @felixweinberger in modelcontextprotocol/typescript-sdk#1533

feat: add url property to RequestInfo interface by @valentinbeggi in modelcontextprotocol/typescript-sdk#1353

[v1.x] feat(tasks): add streaming methods for elicitation and sampling by @LucaButBoring in modelcontextprotocol/typescript-sdk#1528

chore: bump version for v1.27.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1541

New Contributors

@valentinbeggi made their first contribution in modelcontextprotocol/typescript-sdk#1353

Full Changelog: modelcontextprotocol/typescript-sdk@v1.26.0...v1.27.0

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcarleton in modelcontextprotocol/typescript-sdk#1412

fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @samuv in modelcontextprotocol/typescript-sdk#1382

Fix #1430: Client Credentials providers scopes support (backported) by @NSeydoux in modelcontextprotocol/typescript-sdk#1442

chore: bump version to 1.26.0 by @pcarleton in modelcontextprotocol/typescript-sdk#1479

New Contributors

@samuv made their first contribution in modelcontextprotocol/typescript-sdk#1382

@NSeydoux made their first contribution in modelcontextprotocol/typescript-sdk#1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

ci: trigger workflow on v1.x branch by @felixweinberger in modelcontextprotocol/typescript-sdk#1319

fix: README badges links destinations by @antonpk1 in modelcontextprotocol/typescript-sdk#907

fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

@antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

... (truncated)

Commits

8cbc658 chore: bump version for v1.27.0 (#1541)
5c16ae3 [v1.x] feat(tasks): add streaming methods for elicitation and sampling (#1528)
97ab379 feat: add url property to RequestInfo interface (#1353)
825e9ab feat: backport discoverOAuthServerInfo() and discovery caching to v1.x (#1533)
b0cf837 feat: add conformance test infrastructure for v1.x (#1518)
fe9c07b chore: bump version to 1.26.0 (#1479)
4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
a05be17 Merge commit from fork
50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @modelcontextprotocol/sdk since your current version.

Updates @trpc/server from 11.7.1 to 11.10.0

Release notes

Sourced from @trpc/server's releases.

v11.10.0

What's Changed

fix(tanstack-react-query): mark react-dom as optional peer dependency by @bbinya1224 in trpc/trpc#7108

docs(docs): Add Nx Plugin for AWS to Awesome tRPC Collection by @cogwirrel in trpc/trpc#6965

feat(client): return origin error in cause in localLink by @evolvomind in trpc/trpc#7134

fix(client): client connectionParams should respect specified encoder by @SirajChokshi in trpc/trpc#7132

docs: Add tRPC Docs Generator to extensions list by @liorcodev in trpc/trpc#7122

docs: document Fastify v5+ requirement for tRPC adapter by @tarunsinghofficial in trpc/trpc#7109

chore(docs): improve wording in docs by @sajadtorkamani in trpc/trpc#7133

fix(ci): allow backticks in semantic PR by @KATT in trpc/trpc#7141

feat(server): add batchIndex to procedures and middleware in batched requests by @anatolzak in trpc/trpc#7097

chore(www): update companies using by @KATT in trpc/trpc#7145

Improve layout control in CompaniesUsing component by @clicktodev in trpc/trpc#7148

New Contributors

@bbinya1224 made their first contribution in trpc/trpc#7108

@cogwirrel made their first contribution in trpc/trpc#6965

@evolvomind made their first contribution in trpc/trpc#7134

@liorcodev made their first contribution in trpc/trpc#7122

@tarunsinghofficial made their first contribution in trpc/trpc#7109

@sajadtorkamani made their first contribution in trpc/trpc#7133

Full Changelog: trpc/trpc@v11.9.0...v11.10.0

v11.9.0

What's Changed

feat(client,server): add experimental_encoder option for WebSocket connections by @SirajChokshi in trpc/trpc#7100

New Contributors

@saltyshiomix made their first contribution in trpc/trpc#7115

@SirajChokshi made their first contribution in trpc/trpc#7100

Full Changelog: trpc/trpc@v11.8.1...v11.9.0

v11.8.1

What's Changed

fix(server): pass maxDurationMs timeout signal to subscription handlers by @tt-a1i in trpc/trpc#7037

fix(tanstack-react-query): useSubscription prop tracking by @Julusian in trpc/trpc#7036

fix(server): fastify form-data type by @wszgrcy in trpc/trpc#6974

New Contributors

@bsdahl made their first contribution in trpc/trpc#6995

@tt-a1i made their first contribution in trpc/trpc#7037

@Julusian made their first contribution in trpc/trpc#7036

@wszgrcy made their first contribution in trpc/trpc#6974

Full Changelog: trpc/trpc@v11.8.0...v11.8.1

... (truncated)

Commits

54ee800 v11.10.0
328cb0a Revert "v11.10.0"
de58ad3 v11.10.0
bc215fe feat(server): add batchIndex to procedures and middleware in batched reques...
185b223 chore(deps): update dependency @oxc-project/runtime to v0.112.0 (#7142)
bb9a907 chore(deps): update dependency @oxc-project/runtime to v0.111.0 (#7125)
3beb506 v11.9.0
7b6e624 feat(client,server): add experimental_encoder option for WebSocket connection...
31d1219 chore(deps): update dependency @oxc-project/runtime to v0.110.0 (#7107)
9673f32 chore(deps): update dependency @oxc-project/runtime to v0.109.0 (#7105)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @trpc/server since your current version.

Updates body-parser from 2.2.0 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

docs: update README links by @efekrskl in expressjs/body-parser#673

docs: release notes for the v1.20.4 release by @Phillip9587 in expressjs/body-parser#674

docs: update URL-encoded parser description to include ISO-8859-1 encoding support by @Phillip9587 in expressjs/body-parser#679

docs: use standard jsdoc tags everywhere by @Phillip9587 in expressjs/body-parser#677

deps: qs@^6.14.1 by @UlisesGascon in expressjs/body-parser#689

refactor(json): simplify strict mode error string construction by @jonchurch in expressjs/body-parser#693

Release: 2.2.2 by @UlisesGascon in expressjs/body-parser#691

New Contributors

@efekrskl made their first contribution in expressjs/body-parser#673

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

ci: add dependabot by @Phillip9587 in expressjs/body-parser#593

ci: use full SHAs for github action versions by @Phillip9587 in expressjs/body-parser#594

deps: type-is@^2.0.1 by @Phillip9587 in expressjs/body-parser#599

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/body-parser#609

build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in expressjs/body-parser#610

build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in expressjs/body-parser#611

build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in expressjs/body-parser#613

build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in expressjs/body-parser#612

ci: add codeql github workflows scanning by @Phillip9587 in expressjs/body-parser#614

ci: update CodeQL config to ignore the test directory by @Phillip9587 in expressjs/body-parser#615

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/body-parser#620

build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in expressjs/body-parser#619

chore(deps): unpin devDependencies by @Phillip9587 in expressjs/body-parser#616

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/body-parser#621

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/body-parser#623

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/body-parser#624

chore: add funding to package.json by @Phillip9587 in expressjs/body-parser#617

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/body-parser#625

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/body-parser#630

refactor: move common request validation to read function by @Phillip9587 in expressjs/body-parser#600

deps: bump iconv-lite by @bjohansebas in expressjs/body-parser#631

doc: pull beta changelog forward into 2.0.0 by @jonchurch in expressjs/body-parser#629

refactor: optimize raw and text parsers with shared passthrough function by @Phillip9587 in expressjs/body-parser#634

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#640

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in expressjs/body-parser#639

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#636

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#637

build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in expressjs/body-parser#638

deps: raw-body@^3.0.1 by @Phillip9587 in expressjs/body-parser#641

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.2 / 2026-01-07

deps: qs@^6.14.1

refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

Security fix for GHSA-wqch-xfxh-vrr4

deps:

type-is@^2.0.1

iconv-lite@^0.7.0

Handle split surrogate pairs when encoding UTF-8

Avoid false positives in encodingExists by using prototype-less objects

raw-body@^3.0.1

debug@^4.4.3

Commits

3d24866 2.2.2 (#691)
8474a98 refactor(json): simplify strict mode error string construction (#693)
03f17c2 deps: qs@^6.14.1 (#689)
ea1f25e docs: use standard jsdoc tags everywhere (#677)
d7deef8 docs: update URL-encoded parser description to include ISO-8859-1 encoding su...
b6f52aa docs: release notes for the v1.20.4 release (#674)
2965ca4 docs: update links (#673)
d96b63d 2.2.1 (#659)
b204886 sec: security patch for CVE-2025-13466
e20e351 feat: remove history.md from being packaged on publish (#660)
Additional commits viewable in compare view

Updates diff from 4.0.2 to 4.0.4

Changelog

Sourced from diff's changelog.

v4.0.4 - January 2026

Only change from 4.0.2 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v4.0.3 (deprecated)

Accidental release - do not use.

Commits

f06f3e4 v4.0.4
0179a48 v4.0.3
4568cae Backport kpdecker/jsdiff#649
4de0ffa Backport kpdecker/jsdiff#647
See full diff in compare view

Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

Updates mdast-util-to-hast from 13.2.0 to 13.2.1

Release notes

Sourced from mdast-util-to-hast's releases.

13.2.1

Fix

ab3a795 Fix support for spaces in class names

Types

efb5312 Refactor to use @imports

a5bc210 Add declaration maps

Full Changelog: syntax-tree/mdast-util-to-hast@13.2.0...13.2.1

Commits

174795b 13.2.1
3d05b3a Update Node in Actions
ab3a795 Fix support for spaces in class names
efb5312 Refactor to use @imports
a5bc210 Add declaration maps
b54955d Add .tsbuildinfo to .gitignore
See full diff in compare view

Updates pbkdf2 from 3.1.2 to 3.1.5

Changelog

Sourced from pbkdf2's changelog.

v3.1.5 - 2025-09-23

Commits

[Fix] only allow finite iterations 67bd94d

[Fix] restore node 0.10 support 8f59d96

[Fix] check parameters before the "no Promise" bailout d2dc5f0

v3.1.4 - 2025-09-22

Commits

[Deps] update create-hash, ripemd160, sha.js, to-buffer 8dbf49b

[meta] update repo URLs d15bc35

[Dev Deps] update @ljharb/eslint-config aaf870b

v3.1.3 - 2025-06-20

Commits

Only apps should have lockfiles 8b06730

[lint] fix whitespace 9a76e2f

[lint] fix parens/curlies/semis/etc 6fd84bf

[meta] add auto-changelog 796c38d

[Tests] fix tests in node 17 3661fb0

Revert "[Tests] fix tests in node < 3"

Bumps the npm_and_yarn group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [next](https://github.com/vercel/next.js) | `16.0.10` | `16.1.5` | | [glob](https://github.com/isaacs/node-glob) | `11.0.2` | `12.0.0` | | [validator](https://github.com/validatorjs/validator.js) | `13.15.15` | `13.15.22` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.12.1` | `1.27.0` | | [@trpc/server](https://github.com/trpc/trpc/tree/HEAD/packages/server) | `11.7.1` | `11.10.0` | | [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` | | [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.5` | | [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.0` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `3.0.9` | `3.1.1` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.9` | | [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.22.0` | | [zx](https://github.com/google/zx) | `7.2.3` | `7.2.4` | Bumps the npm_and_yarn group with 3 updates in the /apps/www directory: [lodash](https://github.com/lodash/lodash), [next](https://github.com/vercel/next.js) and [glob](https://github.com/isaacs/node-glob). Bumps the npm_and_yarn group with 2 updates in the /templates/plate-playground-template directory: [ai](https://github.com/vercel/ai) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /templates/plate-template directory: [next](https://github.com/vercel/next.js). Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `next` from 16.0.10 to 16.1.5 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.10...v16.1.5) Updates `glob` from 11.0.2 to 12.0.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v11.0.2...v12.0.0) Updates `mermaid` from 10.9.3 to 10.9.5 - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Commits](mermaid-js/mermaid@v10.9.3...v10.9.5) Updates `validator` from 13.15.15 to 13.15.22 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@13.15.15...13.15.22) Updates `@modelcontextprotocol/sdk` from 1.12.1 to 1.27.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.12.1...v1.27.0) Updates `@trpc/server` from 11.7.1 to 11.10.0 - [Release notes](https://github.com/trpc/trpc/releases) - [Commits](https://github.com/trpc/trpc/commits/v11.10.0/packages/server) Updates `body-parser` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.2) Updates `diff` from 4.0.2 to 4.0.4 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4) Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) Updates `pbkdf2` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.2...v3.1.5) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `tar-fs` from 3.0.9 to 3.1.1 - [Commits](mafintosh/tar-fs@v3.0.9...v3.1.1) Updates `tar` from 7.4.3 to 7.5.9 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.9) Updates `undici` from 7.10.0 to 7.22.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.10.0...v7.22.0) Updates `zx` from 7.2.3 to 7.2.4 - [Release notes](https://github.com/google/zx/releases) - [Commits](google/zx@7.2.3...7.2.4) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `next` from 16.0.10 to 16.1.5 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.10...v16.1.5) Updates `glob` from 11.0.2 to 12.0.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v11.0.2...v12.0.0) Updates `ai` from 5.0.28 to 5.0.52 - [Release notes](https://github.com/vercel/ai/releases) - [Changelog](https://github.com/vercel/ai/blob/main/CHANGELOG.md) - [Commits](https://github.com/vercel/ai/compare/ai@5.0.28...ai@5.0.52) Updates `next` from 16.0.3 to 16.1.5 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.10...v16.1.5) Updates `next` from 16.0.3 to 16.1.5 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.10...v16.1.5) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 12.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: mermaid dependency-version: 10.9.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: validator dependency-version: 13.15.22 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.27.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@trpc/server" dependency-version: 11.10.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 3.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.22.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: zx dependency-version: 7.2.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 12.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ai dependency-version: 5.0.52 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.5 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

codesandbox · 2026-02-19T15:09:53Z

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

changeset-bot · 2026-02-19T15:09:56Z

⚠️ No Changeset found

Latest commit: b673128

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

vercel · 2026-02-19T15:09:56Z

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
plate	Ignored		Feb 19, 2026 3:09pm

dependabot bot requested a review from a team February 19, 2026 15:09

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 19, 2026

dependabot bot mentioned this pull request Feb 19, 2026

Bump pbkdf2 from 3.1.2 to 3.1.3 in the npm_and_yarn group across 1 directory #4400

Closed

dosubot bot added the size:M This PR changes 30-99 lines, ignoring generated files. label Feb 19, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

Bump the npm_and_yarn group across 4 directories with 18 updates#4838

Bump the npm_and_yarn group across 4 directories with 18 updates#4838
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-5386190294

dependabot bot commented on behalf of github Feb 19, 2026

Uh oh!

codesandbox bot commented Feb 19, 2026

Uh oh!

changeset-bot bot commented Feb 19, 2026

Uh oh!

vercel bot commented Feb 19, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Feb 19, 2026

v16.1.5

v16.1.4

Core Changes

Credits

v16.1.3

Core Changes

Credits

v16.1.2

Core Changes

Credits

v16.1.1

changeglob

13

12

11.1

11.0

10.4

10.3

10.2

10.1

13.15.22

Fixes, New Locales and Enhancements

New Contributors

13.15.20

Fixes, New Locales and Enhancements

New Contributors

13.15.22

Fixes, New Locales and Enhancements

13.15.20

Fixes, New Locales and Enhancements

v1.27.0

What's Changed

New Contributors

v1.26.0

What's Changed

New Contributors

v1.25.3

What's Changed

v1.25.2

What's Changed

New Contributors

1.25.1

What's Changed

v11.10.0

What's Changed

New Contributors

v11.9.0

What's Changed

New Contributors

v11.8.1

What's Changed

New Contributors

v2.2.2

What's Changed

New Contributors

v2.2.1

Important: Security

What's Changed

2.2.2 / 2026-01-07

2.2.1 / 2025-11-24

v4.0.4 - January 2026

v4.0.3 (deprecated)

13.2.1

Fix

Types

v3.1.5 - 2025-09-23

Commits

v3.1.4 - 2025-09-22

Commits

v3.1.3 - 2025-06-20

Commits

Uh oh!

codesandbox bot commented Feb 19, 2026

Review or Edit in CodeSandbox

Uh oh!

changeset-bot bot commented Feb 19, 2026

⚠️ No Changeset found

vercel bot commented Feb 19, 2026 •

edited

Loading