Skip to content

chore(deps): Bump the production-dependencies group across 1 directory with 8 updates#175

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-3ac2d8b09d
Open

chore(deps): Bump the production-dependencies group across 1 directory with 8 updates#175
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-3ac2d8b09d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 15, 2026

Bumps the production-dependencies group with 8 updates in the / directory:

Package From To
turbo 2.9.9 2.9.14
@playwright/test 1.59.1 1.60.0
posthog-js 1.372.8 1.373.5
react 19.2.5 19.2.6
react-dom 19.2.5 19.2.6
@types/node 25.6.0 25.8.0
tsx 4.21.0 4.22.0
ws 8.20.0 8.20.1

Updates turbo from 2.9.9 to 2.9.14

Release notes

Sourced from turbo's releases.

Turborepo v2.9.14

[!NOTE] This release contains important security fixes.

High:

Low:

What's Changed

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

Turborepo v2.9.13-canary.1

What's Changed

Changelog

... (truncated)

Commits

Updates @playwright/test from 1.59.1 to 1.60.0

Release notes

Sourced from @​playwright/test's releases.

v1.60.0

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});
await page.locator('#dropzone').drop({
data: {
'text/plain': 'hello world',
'text/uri-list': 'https://example.com',
},
});

🎯 Aria snapshots

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

... (truncated)

Commits

Updates posthog-js from 1.372.8 to 1.373.5

Release notes

Sourced from posthog-js's releases.

posthog-js@1.373.5

1.373.5

Patch Changes

  • #3613 221973e Thanks @​lucasheriques! - Surveys: submit open text questions with Cmd/Ctrl+Enter. The textarea still inserts a newline on plain Enter (native behaviour), matching the convention used by Slack, GitHub, Discord, and ChatGPT for multi-line inputs. Single-line "Other:" inputs continue to submit on plain Enter as before. (2026-05-15)
  • Updated dependencies []:
    • @​posthog/types@​1.373.5
    • @​posthog/core@​1.29.2

posthog-js@1.373.4

1.373.4

Patch Changes

  • #3602 4b895bf Thanks @​marandaneto! - Validate gzip request bodies at the browser send boundary and fall back to JSON if the outgoing body is not gzip data. (2026-05-12)
  • Updated dependencies [4b895bf]:
    • @​posthog/core@​1.29.1
    • @​posthog/types@​1.373.4

posthog-js@1.373.3

1.373.3

Patch Changes

  • Updated dependencies [ad60818]:
    • @​posthog/core@​1.29.0
    • @​posthog/types@​1.373.3

posthog-js@1.373.2

1.373.2

Patch Changes

  • #3568 223d925 Thanks @​marandaneto! - Validate native gzip output before sending requests and fall back when CompressionStream returns malformed data. (2026-05-11)
  • Updated dependencies [223d925]:
    • @​posthog/core@​1.28.7
    • @​posthog/types@​1.373.2

posthog-js@1.373.1

1.373.1

Patch Changes

  • #3566 7d027bc Thanks @​dustinbyrne! - Prevent browser log capture from throwing when console arguments contain unreadable properties. (2026-05-11)
  • Updated dependencies []:

... (truncated)

Commits
  • 0a7143b chore: update versions and lockfile [version bump]
  • 221973e feat(surveys): submit open text questions with Cmd/Ctrl+Enter (#3613)
  • c9f6c79 chore: update versions and lockfile [version bump]
  • 77ee9df fix: set default next pages export to client version, matching the default ex...
  • 6407531 chore: update versions and lockfile [version bump]
  • afb0ae8 fix: send absolute current URLs for Next pageviews (#3608)
  • 50480eb chore: update versions and lockfile [version bump]
  • 4b895bf fix: validate gzip body before browser send (#3602)
  • db56be8 ci: add notice for edits to auto-generated files (#3603)
  • 417765c chore: update versions and lockfile [version bump]
  • Additional commits viewable in compare view

Updates react from 19.2.5 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

Commits

Updates react-dom from 19.2.5 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

Commits

Updates @types/node from 25.6.0 to 25.8.0

Commits

Updates tsx from 4.21.0 to 4.22.0

Release notes

Sourced from tsx's releases.

v4.22.0

4.22.0 (2026-05-14)

Features

This release is also available on:

v4.21.1

4.21.1 (2026-05-14)

Bug Fixes

  • support Node 20.11/21.2 import.meta paths (acf3d8f)
  • support Node.js 24.15.0 (c1d2d45)
  • support Node.js 26.1.0 and 25.9.0 (1d7e528)

This release is also available on:

Commits
  • b29f6ee feat: upgrade esbuild to 0.28 (#789)
  • 0dd17e9 test: cover registerHooks loader composition
  • acf3d8f fix: support Node 20.11/21.2 import.meta paths
  • 4bbef80 test: cover configDir paths without baseUrl
  • dddc5ce test: cover sync-hook watch reruns and cleanup retries
  • 09e8f8c test: assert CLI runs without warnings
  • 1d7e528 fix: support Node.js 26.1.0 and 25.9.0
  • c1d2d45 fix: support Node.js 24.15.0
  • d04672d test: update node version feature gates
  • abd863f build: bundle get-tsconfig v5
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.


Updates ws from 8.20.0 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

  • Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

Commits
  • 5d9b316 [dist] 8.20.1
  • c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
  • ce2a3d6 [ci] Test on node 26
  • 58e45b8 [ci] Do not test on node 25
  • 5f26c24 [ci] Run the lint step on node 24
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump the production-dependencies group across 1 director…
52bc0fc 
…y with 8 updates

Bumps the production-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [turbo](https://github.com/vercel/turborepo) | `2.9.9` | `2.9.14` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.59.1` | `1.60.0` |
| [posthog-js](https://github.com/PostHog/posthog-js) | `1.372.8` | `1.373.5` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.5` | `19.2.6` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.5` | `19.2.6` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.6.0` | `25.8.0` |
| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.0` |
| [ws](https://github.com/websockets/ws) | `8.20.0` | `8.20.1` |



Updates `turbo` from 2.9.9 to 2.9.14
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.9.9...v2.9.14)

Updates `@playwright/test` from 1.59.1 to 1.60.0
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.59.1...v1.60.0)

Updates `posthog-js` from 1.372.8 to 1.373.5
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/compare/posthog-js@1.372.8...posthog-js@1.373.5)

Updates `react` from 19.2.5 to 19.2.6
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react)

Updates `react-dom` from 19.2.5 to 19.2.6
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react-dom)

Updates `@types/node` from 25.6.0 to 25.8.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `tsx` from 4.21.0 to 4.22.0
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.21.0...v4.22.0)

Updates `ws` from 8.20.0 to 8.20.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.0...8.20.1)

---
updated-dependencies:
- dependency-name: turbo
  dependency-version: 2.9.14
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@playwright/test"
  dependency-version: 1.60.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: posthog-js
  dependency-version: 1.373.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: react
  dependency-version: 19.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@types/node"
  dependency-version: 25.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: tsx
  dependency-version: 4.22.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: ws
  dependency-version: 8.20.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants