Skip to content

chore(deps): Bump the npm-minor-and-patch group with 7 updates#22

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-minor-and-patch-995940d1d8
Jun 18, 2026
Merged

chore(deps): Bump the npm-minor-and-patch group with 7 updates#22
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-minor-and-patch-995940d1d8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-minor-and-patch group with 7 updates:

Package From To
@tightknitai/block-kitchen 0.8.5 0.8.6
@tightknitai/slack-block-kit-validator 0.1.7 0.1.8
hono 4.12.25 4.12.26
slack-web-api-client 1.1.12 1.1.13
@cloudflare/vite-plugin 1.40.2 1.42.0
@cloudflare/workers-types 4.20260611.1 4.20260617.1
wrangler 4.100.0 4.102.0

Updates @tightknitai/block-kitchen from 0.8.5 to 0.8.6

Release notes

Sourced from @​tightknitai/block-kitchen's releases.

block-kitchen: v0.8.6

0.8.6 (2026-06-12)

Features

  • host-controllable preview theme, configurable Send label, Slack JSON import, clearer error indicator (1737fe1)
  • host-controllable preview theme, configurable Send label, Slack JSON import, clearer error indicator (00c41f2)
Changelog

Sourced from @​tightknitai/block-kitchen's changelog.

0.8.6 (2026-06-12)

Features

  • host-controllable preview theme, configurable Send label, Slack JSON import, clearer error indicator (1737fe1)
  • host-controllable preview theme, configurable Send label, Slack JSON import, clearer error indicator (00c41f2)
Commits
  • 34b294f Merge pull request #105 from TightknitAI/release-please--branches--main--comp...
  • 5f1c00e chore(main): release block-kitchen 0.8.6
  • b866fe6 Merge pull request #106 from TightknitAI/fix/esbuild-audit-override
  • bed00f6 chore(deps): pin esbuild >=0.28.1 to clear GHSA-gv7w-rqvm-qjhr
  • f26f06b Merge pull request #100 from TightknitAI/dependabot/npm_and_yarn/production-d...
  • 9c1a833 Merge pull request #101 from TightknitAI/dependabot/github_actions/codecov/co...
  • 1737fe1 Merge pull request #104 from TightknitAI/claude/unruffled-villani-83b968
  • 00c41f2 feat: host-controllable preview theme, configurable Send label, Slack JSON im...
  • a79b0cd chore(deps): Bump the production-dependencies group across 1 directory with 4...
  • 040b82a chore(deps-dev): Bump the dev-dependencies group with 12 updates (#103)
  • Additional commits viewable in compare view

Updates @tightknitai/slack-block-kit-validator from 0.1.7 to 0.1.8

Release notes

Sourced from @​tightknitai/slack-block-kit-validator's releases.

0.1.8

Features

  • support the new data_visualization block (#48)
Changelog

Sourced from @​tightknitai/slack-block-kit-validator's changelog.

0.1.8 (2026-06-16)

Features

  • support the new data_visualization block (#48) (88f4d7a)

Bug Fixes

  • ci: only run publish step on actual release (#43) (91db29f)

0.1.7-alpha.1 (2026-05-20)

Bug Fixes

  • ci: configure npm registry-url so publish can authenticate (#32) (58087de)

0.1.6-alpha.1 (2026-05-20)

Bug Fixes

  • readme: point Try-it-live links at the working demo URL (#29) (22ed35b)

0.1.5-alpha.1 (2026-05-20)

Bug Fixes

  • ci: inline publish into release-please workflow (#27) (321ed63)

0.1.4-alpha.1 (2026-05-19)

Features

  • add Cloudflare Worker hosting validator as public API + MCP server (#24) (8cdad20)

0.1.3-alpha.1 (2026-05-19)

Features

  • demo: surface tabs, richer examples, light/dark mode (#21) (7f721e7)

Bug Fixes

... (truncated)

Commits
  • 4649092 chore(main): release slack-block-kit-validator 0.1.8 (#44)
  • 88f4d7a feat: support the new data_visualization block (#48)
  • f16e153 chore(deps-dev): Bump esbuild from 0.28.0 to 0.28.1 (#47)
  • 791862a chore(deps-dev): Bump the dev-dependencies group with 7 updates (#45)
  • 91db29f fix(ci): only run publish step on actual release (#43)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by stephentangcook, a new releaser for @​tightknitai/slack-block-kit-validator since your current version.

Attestation changes

This version has no provenance attestation, while the previous version (0.1.7) was attested. Review the package versions before updating.


Updates hono from 4.12.25 to 4.12.26

Release notes

Sourced from hono's releases.

v4.12.26

What's Changed

Full Changelog: honojs/hono@v4.12.25...v4.12.26

Commits
  • 27b7992 4.12.26
  • d29982c chore: replace arg and glob with Bun native APIs in build script
  • 16215d5 chore: remove unused devcontainer and gitpod configs (#5029)
  • c574cf1 ci: publish to npm from CI with OIDC trusted publishing (#5028)
  • e50df01 fix(lambda-edge): satisfy Deno lib types for Content-Length body encoding (#5...
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for hono since your current version.


Updates slack-web-api-client from 1.1.12 to 1.1.13

Release notes

Sourced from slack-web-api-client's releases.

v1.1.13

  • Add support for the new data_visualization Block Kit block (line, bar, area, and pie charts) for the Messages surface (#57)
Commits

Updates @cloudflare/vite-plugin from 1.40.2 to 1.42.0

Release notes

Sourced from @​cloudflare/vite-plugin's releases.

@​cloudflare/vite-plugin@​1.42.0

Minor Changes

  • #14339 aa49856 Thanks @​jamesopstad! - Add a build command to the experimental, internal cf-vite delegate binary

    cf-vite build runs Vite's full multi-environment app build (via the Builder API) and enables the experimental Build Output API by default, emitting a self-contained .cloudflare/output/v0/ directory. It forces experimental.newConfig and experimental.newConfig.cfBuildOutput on, so a cloudflare.config.ts is required at the project root.

Patch Changes

  • #14346 e930bd4 Thanks @​haidargit! - Bump ws from 8.20.1 to 8.21.0 to address GHSA-96hv-2xvq-fx4p

    GHSA-96hv-2xvq-fx4p / CVE-2026-48779 (high severity) reports a remote memory-exhaustion DoS in ws@<8.21.0: a peer sending a high volume of tiny fragments and data chunks over modest network traffic can crash a ws server or client via OOM. The fix shipped in ws@8.21.0 (commit 2b2abd45, released 2026-05-22), which also introduces the maxBufferedChunks and maxFragments options. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

  • #14351 6c7df19 Thanks @​jamesopstad! - Force the experimental new config on by default in the cf-vite dev delegate

  • #14218 4eed569 Thanks @​matingathani! - Allow resolve.external containing only Node.js built-ins in Worker environments

    Vitest 4 automatically sets resolve.external to the full list of Node.js built-in modules for non-standard Vite environments via its internal runnerTransform plugin. Previously, the Cloudflare Vite plugin rejected any non-empty resolve.external array, throwing an incompatibility error on startup when used alongside Vitest 4.

    The validation check now allows resolve.external arrays that contain only Node.js built-in module names (both bare fs and node:fs forms). The error is only thrown when resolve.external is true or contains non-built-in package names that would prevent user code from being bundled into the Worker.

  • Updated dependencies [673b09e, e930bd4, f6e49dd, 5c3bb11, 296ad65, 594544d, a79b899, 5dfb788, ca61558, 36777db]:

    • miniflare@4.20260617.0
    • wrangler@4.102.0

@​cloudflare/vite-plugin@​1.41.0

Minor Changes

  • #14279 e6e4b07 Thanks @​jamesopstad! - Add experimental.newConfig.cfBuildOutput option to support future deployments via the cf CLI

    // vite.config.ts
    import { defineConfig } from "vite";
    import { cloudflare } from "@cloudflare/vite-plugin";
    export default defineConfig({
    plugins: [
    cloudflare({
    experimental: {
    newConfig: {
    cfBuildOutput: true,
    },
    },
    }),
    ],
    });

Patch Changes

... (truncated)

Changelog

Sourced from @​cloudflare/vite-plugin's changelog.

1.42.0

Minor Changes

  • #14339 aa49856 Thanks @​jamesopstad! - Add a build command to the experimental, internal cf-vite delegate binary

    cf-vite build runs Vite's full multi-environment app build (via the Builder API) and enables the experimental Build Output API by default, emitting a self-contained .cloudflare/output/v0/ directory. It forces experimental.newConfig and experimental.newConfig.cfBuildOutput on, so a cloudflare.config.ts is required at the project root.

Patch Changes

  • #14346 e930bd4 Thanks @​haidargit! - Bump ws from 8.20.1 to 8.21.0 to address GHSA-96hv-2xvq-fx4p

    GHSA-96hv-2xvq-fx4p / CVE-2026-48779 (high severity) reports a remote memory-exhaustion DoS in ws@<8.21.0: a peer sending a high volume of tiny fragments and data chunks over modest network traffic can crash a ws server or client via OOM. The fix shipped in ws@8.21.0 (commit 2b2abd45, released 2026-05-22), which also introduces the maxBufferedChunks and maxFragments options. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

  • #14351 6c7df19 Thanks @​jamesopstad! - Force the experimental new config on by default in the cf-vite dev delegate

  • #14218 4eed569 Thanks @​matingathani! - Allow resolve.external containing only Node.js built-ins in Worker environments

    Vitest 4 automatically sets resolve.external to the full list of Node.js built-in modules for non-standard Vite environments via its internal runnerTransform plugin. Previously, the Cloudflare Vite plugin rejected any non-empty resolve.external array, throwing an incompatibility error on startup when used alongside Vitest 4.

    The validation check now allows resolve.external arrays that contain only Node.js built-in module names (both bare fs and node:fs forms). The error is only thrown when resolve.external is true or contains non-built-in package names that would prevent user code from being bundled into the Worker.

  • Updated dependencies [673b09e, e930bd4, f6e49dd, 5c3bb11, 296ad65, 594544d, a79b899, 5dfb788, ca61558, 36777db]:

    • miniflare@4.20260617.0
    • wrangler@4.102.0

1.41.0

Minor Changes

  • #14279 e6e4b07 Thanks @​jamesopstad! - Add experimental.newConfig.cfBuildOutput option to support future deployments via the cf CLI

    // vite.config.ts
    import { defineConfig } from "vite";
    import { cloudflare } from "@cloudflare/vite-plugin";
    export default defineConfig({
    plugins: [
    cloudflare({
    experimental: {
    newConfig: {
    cfBuildOutput: true,
    },
    },
    }),
    ],
    });

... (truncated)

Commits
  • dd7e101 Version Packages (#14327)
  • 6c7df19 Force the experimental new config on by default in the cf-vite dev delegate (...
  • aa49856 Add build command to cf-vite (#14339)
  • 4eed569 [vite-plugin] fix: allow Node.js built-ins in resolve.external for Worker env...
  • 36777db Wrangler support for experimental Build Output API (#14324)
  • 89a753e Version Packages (#14274)
  • e6e4b07 Vite plugin support for experimental Build Output API (#14279)
  • adfde74 remove deprecated toThrowError assertions (#14302)
  • See full diff in compare view

Updates @cloudflare/workers-types from 4.20260611.1 to 4.20260617.1

Commits

Updates wrangler from 4.100.0 to 4.102.0

Release notes

Sourced from wrangler's releases.

wrangler@4.102.0

Minor Changes

  • #14340 f6e49dd Thanks @​emily-shen! - Add cf-wrangler build delegate support

    The experimental cf-wrangler delegate binary now accepts build and emits the Build Output API directory through Wrangler's new-config build path. This lets parent tools invoke Wrangler's build-output implementation with cf-wrangler build instead of shelling out through the public Wrangler CLI.

  • #14324 36777db Thanks @​jamesopstad! - Add experimental --experimental-cf-build-output flag to wrangler build

    When used alongside --experimental-new-config, wrangler build now emits a self-contained Build Output API directory under .cloudflare/output/v0/ instead of delegating to wrangler deploy --dry-run.

Patch Changes

  • #14347 673b09e Thanks @​jamesopstad! - Update undici from 7.24.8 to 7.28.0

  • #14346 e930bd4 Thanks @​haidargit! - Bump ws from 8.20.1 to 8.21.0 to address GHSA-96hv-2xvq-fx4p

    GHSA-96hv-2xvq-fx4p / CVE-2026-48779 (high severity) reports a remote memory-exhaustion DoS in ws@<8.21.0: a peer sending a high volume of tiny fragments and data chunks over modest network traffic can crash a ws server or client via OOM. The fix shipped in ws@8.21.0 (commit 2b2abd45, released 2026-05-22), which also introduces the maxBufferedChunks and maxFragments options. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

  • #14314 5c3bb11 Thanks @​harryzcy! - Bump esbuild to 0.28.1

    This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

  • #14331 296ad65 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260616.1 1.20260617.1
  • #14275 594544d Thanks @​alsuren! - Resolve auto-provisioned D1 bindings via the API in remote subcommands

    Remote D1 subcommands (d1 execute --remote, d1 export --remote, d1 info, d1 insights, d1 delete, d1 migrations apply --remote, d1 migrations list --remote, d1 time-travel) previously failed with:

    Found a database with name or binding DB but it is missing a database_id, which is needed for operations on remote resources.

    when the [[d1_databases]] config entry only had binding and database_name (the shape wrangler deploy writes for automatically-provisioned bindings). They now resolve the real database UUID via GET /accounts/:accountId/d1/database/:name?fields=uuid and proceed as if database_id had been set in config.

    If the config entry only has a binding (no database_name, no database_id), the lookup uses the same name wrangler deploy would create via auto provisioning (<worker name>-<binding-lowercased-with-dashes>).

    Non-404 API failures (auth, rate-limit, server errors) now propagate verbatim instead of being masked as "database not found".

  • #14315 a79b899 Thanks @​matingathani! - Respect find_additional_modules = false when no_bundle is set

    When using no_bundle = true, wrangler was always scanning for and attaching additional modules even if find_additional_modules was explicitly set to false in the config. Additional modules are now only collected when find_additional_modules is not false, consistent with the bundled code path.

  • #14269 5dfb788 Thanks @​mattjohnsonpint! - Support dev.plugin on typed services bindings

    Wrangler only honored dev.plugin on unsafe.bindings entries, so users authoring a service binding via services[] could not wire it to a local Miniflare plugin during wrangler dev — they had to fall back to unsafe.bindings and accept a "directly supported by wrangler" warning. Typed services bindings now accept the same dev: { plugin, options? } shape, route the binding through Miniflare's external-plugin pathway in wrangler dev, and strip the field at deploy time. Validation rejects malformed dev shapes.

... (truncated)

Commits
  • dd7e101 Version Packages (#14327)
  • 5dfb788 Support dev.plugin on typed services bindings (#14269)
  • 296ad65 Bump the workerd-and-workers-types group across 1 directory with 2 updates (#...
  • f6e49dd add build command to cf-wrangler (#14340)
  • 36777db Wrangler support for experimental Build Output API (#14324)
  • a79b899 [wrangler] fix: respect find_additional_modules when no_bundle is set (#14315)
  • 5c3bb11 Bump esbuild to 0.28.1 (#14314)
  • ca61558 [wrangler] Mention temporary preview accounts in whoami when unauthenticated ...
  • 594544d D1 subcommands resolve auto-provisioned bindings via API (#14275)
  • 89a753e Version Packages (#14274)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm-minor-and-patch group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@tightknitai/block-kitchen](https://github.com/TightknitAI/block-kitchen) | `0.8.5` | `0.8.6` |
| [@tightknitai/slack-block-kit-validator](https://github.com/TightknitAI/slack-block-kit-validator) | `0.1.7` | `0.1.8` |
| [hono](https://github.com/honojs/hono) | `4.12.25` | `4.12.26` |
| [slack-web-api-client](https://github.com/slack-edge/slack-web-api-client) | `1.1.12` | `1.1.13` |
| [@cloudflare/vite-plugin](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/vite-plugin-cloudflare) | `1.40.2` | `1.42.0` |
| [@cloudflare/workers-types](https://github.com/cloudflare/workerd) | `4.20260611.1` | `4.20260617.1` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.100.0` | `4.102.0` |


Updates `@tightknitai/block-kitchen` from 0.8.5 to 0.8.6
- [Release notes](https://github.com/TightknitAI/block-kitchen/releases)
- [Changelog](https://github.com/TightknitAI/block-kitchen/blob/main/CHANGELOG.md)
- [Commits](TightknitAI/block-kitchen@block-kitchen-v0.8.5...block-kitchen-v0.8.6)

Updates `@tightknitai/slack-block-kit-validator` from 0.1.7 to 0.1.8
- [Release notes](https://github.com/TightknitAI/slack-block-kit-validator/releases)
- [Changelog](https://github.com/TightknitAI/slack-block-kit-validator/blob/main/CHANGELOG.md)
- [Commits](TightknitAI/slack-block-kit-validator@slack-block-kit-validator-v0.1.7...slack-block-kit-validator-v0.1.8)

Updates `hono` from 4.12.25 to 4.12.26
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.25...v4.12.26)

Updates `slack-web-api-client` from 1.1.12 to 1.1.13
- [Release notes](https://github.com/slack-edge/slack-web-api-client/releases)
- [Commits](slack-edge/slack-web-api-client@1.1.12...v1.1.13)

Updates `@cloudflare/vite-plugin` from 1.40.2 to 1.42.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/vite-plugin-cloudflare/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/@cloudflare/vite-plugin@1.42.0/packages/vite-plugin-cloudflare)

Updates `@cloudflare/workers-types` from 4.20260611.1 to 4.20260617.1
- [Release notes](https://github.com/cloudflare/workerd/releases)
- [Changelog](https://github.com/cloudflare/workerd/blob/main/RELEASE.md)
- [Commits](https://github.com/cloudflare/workerd/commits)

Updates `wrangler` from 4.100.0 to 4.102.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.102.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@tightknitai/block-kitchen"
  dependency-version: 0.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: "@tightknitai/slack-block-kit-validator"
  dependency-version: 0.1.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: hono
  dependency-version: 4.12.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: slack-web-api-client
  dependency-version: 1.1.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: "@cloudflare/vite-plugin"
  dependency-version: 1.42.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: "@cloudflare/workers-types"
  dependency-version: 4.20260617.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: wrangler
  dependency-version: 4.102.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 18, 2026
@github-actions github-actions Bot merged commit 4a89474 into main Jun 18, 2026
1 check passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm-minor-and-patch-995940d1d8 branch June 18, 2026 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants