Skip to content

chore(deps): bump the npm-minor group across 1 directory with 3 updates#891

Merged
doerfli merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-minor-7a200ff79e
Jul 3, 2026
Merged

chore(deps): bump the npm-minor group across 1 directory with 3 updates#891
doerfli merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-minor-7a200ff79e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-minor group with 3 updates in the / directory: @fortawesome/fontawesome-free, webpack and webpack-cli.

Updates @fortawesome/fontawesome-free from 7.2.0 to 7.3.0

Release notes

Sourced from @​fortawesome/fontawesome-free's releases.

Release 7.3.0

Change log available at https://fontawesome.com/docs/changelog/

Commits

Updates webpack from 5.107.2 to 5.108.3

Release notes

Sourced from webpack's releases.

v5.108.3

Patch Changes

v5.108.2

Patch Changes

v5.108.1

Patch Changes

  • Fix invalid property access for escaped namespace imports with multi-character mangled export names. (by @​xiaoxiaojx in #21280)

  • Add frames to ProfilingPlugin TracingStartedInBrowser event so the trace loads in Chrome DevTools. (by @​alexander-akait in #21269)

v5.108.0

Minor Changes

  • Treat top-level await and import.meta as ES module markers, matching Node.js syntax detection so no explicit module type is needed. (by @​alexander-akait in #21218)

  • Add a bun target that emits ESM and externalizes bun:* and node.js built-in modules. (by @​alexander-akait in #21248)

  • Support CommonJS reexports via Object.defineProperty value and getter descriptors. (by @​alexander-akait in #21129)

  • Support JSON Schema const when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Support JSON Schema if/then/else when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Skip import specifiers, require() and import() calls in dead conditional branches gated by inlined imported constants (isDEV ? A : B), evaluated via getCondition. (by @​hai-x in #21136)

  • CSS localIdentName [hash] now resolves to the local ident hash (matching css-loader); use [modulehash] for the module hash. (by @​alexander-akait in #21259)

  • Add CSS parser as option and resolve url() inside HTML style attributes. (by @​alexander-akait in #21157)

  • Add dedicated module classes for all built-in module types. (by @​alexander-akait in #21164)

  • Support .html/.css for the default ./src entry under the html/css experiments. (by @​alexander-akait in #21039)

  • Add defineConfig helper for typed configuration files. (by @​alexander-akait in #21169)

  • Add a deno target (with versions, e.g. deno, deno2, deno1.40) that emits ESM, resolves node.js built-ins via the required node: specifier, and keeps Deno's own import protocols (npm:, jsr:, node:, http(s)://) external. (by @​alexander-akait in #21247)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.108.3

Patch Changes

5.108.2

Patch Changes

5.108.1

Patch Changes

  • Fix invalid property access for escaped namespace imports with multi-character mangled export names. (by @​xiaoxiaojx in #21280)

  • Add frames to ProfilingPlugin TracingStartedInBrowser event so the trace loads in Chrome DevTools. (by @​alexander-akait in #21269)

5.108.0

Minor Changes

  • Treat top-level await and import.meta as ES module markers, matching Node.js syntax detection so no explicit module type is needed. (by @​alexander-akait in #21218)

  • Add a bun target that emits ESM and externalizes bun:* and node.js built-in modules. (by @​alexander-akait in #21248)

  • Support CommonJS reexports via Object.defineProperty value and getter descriptors. (by @​alexander-akait in #21129)

  • Support JSON Schema const when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Support JSON Schema if/then/else when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Skip import specifiers, require() and import() calls in dead conditional branches gated by inlined imported constants (isDEV ? A : B), evaluated via getCondition. (by @​hai-x in #21136)

  • CSS localIdentName [hash] now resolves to the local ident hash (matching css-loader); use [modulehash] for the module hash. (by @​alexander-akait in #21259)

  • Add CSS parser as option and resolve url() inside HTML style attributes. (by @​alexander-akait in #21157)

  • Add dedicated module classes for all built-in module types. (by @​alexander-akait in #21164)

  • Support .html/.css for the default ./src entry under the html/css experiments. (by @​alexander-akait in #21039)

... (truncated)

Commits

Updates webpack-cli from 7.0.3 to 7.1.0

Release notes

Sourced from webpack-cli's releases.

webpack-cli@7.1.0

Minor Changes

  • feat(cli): refresh the --help output using commander's configureHelp API — branded headers, section dividers, colorized terms and a clearer footer. Colors and chrome collapse to plain text when output is piped or --no-color is used, so scripts keep working. (by @​alexander-akait in #4779)

  • feat: support .json5, .yaml/.yml and .toml configuration files by parsing them directly, with the parser package (json5, js-yaml, toml) installed on demand by the user and declared as optional peerDependencies so the parsers resolve correctly under Yarn PnP (by @​alexander-akait in #4777)

Changelog

Sourced from webpack-cli's changelog.

7.1.0

Minor Changes

  • feat(cli): refresh the --help output using commander's configureHelp API — branded headers, section dividers, colorized terms and a clearer footer. Colors and chrome collapse to plain text when output is piped or --no-color is used, so scripts keep working. (by @​alexander-akait in #4779)

  • feat: support .json5, .yaml/.yml and .toml configuration files by parsing them directly, with the parser package (json5, js-yaml, toml) installed on demand by the user and declared as optional peerDependencies so the parsers resolve correctly under Yarn PnP (by @​alexander-akait in #4777)

Commits
  • 3cd7423 chore(release): new release (#4778)
  • b42d1f4 fix(webpack-cli): declare json5/js-yaml/toml as optional peerDependencies (#4...
  • 3471103 refactor(cli): hierarchical indentation for styled CLI output (#4786)
  • 772330c build(deps): update dependencies (except commander) (#4785)
  • a7380e1 feat(cli): refresh CLI output via commander's help API + shared status icons ...
  • 721d8fd chore(deps): bump the dependencies group with 2 updates (#4780)
  • 65aa86c chore(deps-dev): bump the dependencies group with 3 updates (#4781)
  • 134e62d feat(webpack-cli): support json5/yaml/toml configs via direct parsing (no int...
  • 0b22f77 fix(cli): make config loading errors more verbose (#4776)
  • a5af401 chore(deps): bump launch-editor from 2.13.1 to 2.14.1 (#4774)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@fortawesome/fontawesome-free 7.3.0 🟢 4
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 4Found 9/22 approved changesets -- score normalized to 4
Maintained🟢 101 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow⚠️ -1no workflows found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ -1No tokens found
Security-Policy⚠️ 0security policy file not detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ -1no dependencies found
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
npm/enhanced-resolve 5.24.1 🟢 5.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 1/11 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/minimizer-webpack-plugin 5.6.1 UnknownUnknown
npm/watchpack 2.5.2 🟢 5.9
Details
CheckScoreReason
Code-Review🟢 3Found 1/3 approved changesets -- score normalized to 3
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/webpack 5.108.3 🟢 5.7
Details
CheckScoreReason
Code-Review🟢 3Found 7/22 approved changesets -- score normalized to 3
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Pinned-Dependencies🟢 10all dependencies are pinned
Binary-Artifacts⚠️ 0binaries present in source code
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
npm/webpack-cli 7.1.0 🟢 5.7
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 1Found 1/10 approved changesets -- score normalized to 1
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • yarn.lock

Bumps the npm-minor group with 3 updates in the / directory: [@fortawesome/fontawesome-free](https://github.com/FortAwesome/Font-Awesome), [webpack](https://github.com/webpack/webpack) and [webpack-cli](https://github.com/webpack/webpack-cli).


Updates `@fortawesome/fontawesome-free` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/FortAwesome/Font-Awesome/releases)
- [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/7.x/CHANGELOG.md)
- [Commits](FortAwesome/Font-Awesome@7.2.0...7.3.0)

Updates `webpack` from 5.107.2 to 5.108.3
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.107.2...v5.108.3)

Updates `webpack-cli` from 7.0.3 to 7.1.0
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/webpack-cli@7.0.3...webpack-cli@7.1.0)

---
updated-dependencies:
- dependency-name: "@fortawesome/fontawesome-free"
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: webpack
  dependency-version: 5.108.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: webpack-cli
  dependency-version: 7.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the npm-minor group with 3 updates chore(deps): bump the npm-minor group across 1 directory with 3 updates Jul 3, 2026
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-minor-7a200ff79e branch from 647d481 to b589069 Compare July 3, 2026 09:52
@doerfli
doerfli merged commit 99ca953 into main Jul 3, 2026
5 checks passed
@doerfli
doerfli deleted the dependabot/npm_and_yarn/npm-minor-7a200ff79e branch July 3, 2026 09:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant