Skip to content

📦 Bump the all-npm-dependencies group across 2 directories with 2 updates#329

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/tools/hcdp/all-npm-dependencies-e48085cb39
Closed

📦 Bump the all-npm-dependencies group across 2 directories with 2 updates#329
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/tools/hcdp/all-npm-dependencies-e48085cb39

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 12, 2026
edited
Loading

Bumps the all-npm-dependencies group with 1 update in the /tools/hcdp directory: ws.
Bumps the all-npm-dependencies group with 1 update in the /tools/hermes-parser/js directory: jest.

Updates ws from 8.20.0 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

  • Fixed a uninitialized memory disclosure in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

Commits
  • 5d9b316 [dist] 8.20.1
  • c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
  • ce2a3d6 [ci] Test on node 26
  • 58e45b8 [ci] Do not test on node 25
  • 5f26c24 [ci] Run the lint step on node 24
  • See full diff in compare view

Updates jest from 30.3.0 to 30.4.2

Release notes

Sourced from jest's releases.

v30.4.2

Fixes

  • [jest-runtime] Fix named imports from CJS modules whose module.exports is a function with own-property exports (#16150)

Full Changelog: jestjs/jest@v30.4.1...v30.4.2

v30.4.1

Features

  • [jest-config, jest-core, jest-runner, jest-schemas, jest-types] Allow custom runner configuration options via tuple format ['runner-path', {options}] (#16141)

Fixes

  • [jest-runtime] Align CJS-from-ESM default export with Node: module.exports is always the ESM default, __esModule unwrapping is no longer applied (#16143)

Full Changelog: jestjs/jest@v30.4.0...v30.4.1

v30.4.0

Big release! 😀

Main feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work require(esm) module is now supported on Node 24.9+ (still requires --experimental-vm-modules like before).

In addition we now support fake timers for the recently released Temporal API in Node v26.

React 19 is also supported properly in pretty-format, meaning snapshots of React components now work like they should.

Due to all the changes, there might be regressions that snuck in. Please report them!

Full list of changes below

Features

  • [babel-jest] Support collecting coverage from .mts, .cts (and other) files (#15994)
  • [jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types] Add --collect-tests flag to discover and list tests without executing them (#16006)
  • [jest-config, jest-runner, jest-worker] Add workerGracefulExitTimeout config option to control how long workers are given to exit before being force-killed (#15984)
  • [jest-config] Add support for jest.config.mts as a valid configuration file (#16005)
  • [jest-config, jest-core, jest-reporters, jest-runner] verbose and silent can now be set per-project; the project-level value overrides the global value for that project's tests (#16133)
  • [@jest/fake-timers] Accept Temporal.Duration in jest.advanceTimersByTime() and jest.advanceTimersByTimeAsync() (#16128)
  • [@jest/fake-timers] Accept Temporal.Instant and Temporal.ZonedDateTime in jest.setSystemTime() and useFakeTimers({now}) (#16128)
  • [@jest/fake-timers] Support faking Temporal.Now.* (#16131)
  • [jest-mock] Add clearMocksOnScope(scope) on ModuleMocker for clearing every mock function exposed on a scope object (#16088)
  • [jest-resolve] Add canResolveSync() on Resolver so callers can detect when a user-configured resolver only exports an async hook (#16064)
  • [jest-runtime] Use synchronous evaluate() for ES modules without top-level await on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#16062)
  • [jest-runtime] Support require() of ES modules on Node v24.9+ (#16074)
  • [jest-runtime] Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#16127)
  • [@jest/transform] Add canTransformSync(filename) on ScriptTransformer so callers can pick the sync vs async transform path (#16062)
  • [jest-util] Add isError helper (#16076)

... (truncated)

Changelog

Sourced from jest's changelog.

30.4.2

Fixes

  • [jest-runtime] Fix named imports from CJS modules whose module.exports is a function with own-property exports (#16150)

30.4.1

Features

  • [jest-config, jest-core, jest-runner, jest-schemas, jest-types] Allow custom runner configuration options via tuple format ['runner-path', {options}] (#16141)

Fixes

  • [jest-runtime] Align CJS-from-ESM default export with Node: module.exports is always the ESM default, __esModule unwrapping is no longer applied (#16143)

30.4.0

Features

  • [babel-jest] Support collecting coverage from .mts, .cts (and other) files (#15994)
  • [jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types] Add --collect-tests flag to discover and list tests without executing them (#16006)
  • [jest-config, jest-runner, jest-worker] Add workerGracefulExitTimeout config option to control how long workers are given to exit before being force-killed (#15984)
  • [jest-config] Add support for jest.config.mts as a valid configuration file (#16005)
  • [jest-config, jest-core, jest-reporters, jest-runner] verbose and silent can now be set per-project; the project-level value overrides the global value for that project's tests (#16133)
  • [@jest/fake-timers] Accept Temporal.Duration in jest.advanceTimersByTime() and jest.advanceTimersByTimeAsync() (#16128)
  • [@jest/fake-timers] Accept Temporal.Instant and Temporal.ZonedDateTime in jest.setSystemTime() and useFakeTimers({now}) (#16128)
  • [@jest/fake-timers] Support faking Temporal.Now.* (#16131)
  • [jest-mock] Add clearMocksOnScope(scope) on ModuleMocker for clearing every mock function exposed on a scope object (#16088)
  • [jest-resolve] Add canResolveSync() on Resolver so callers can detect when a user-configured resolver only exports an async hook (#16064)
  • [jest-runtime] Use synchronous evaluate() for ES modules without top-level await on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#16062)
  • [jest-runtime] Support require() of ES modules on Node v24.9+ (#16074)
  • [jest-runtime] Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#16127)
  • [@jest/transform] Add canTransformSync(filename) on ScriptTransformer so callers can pick the sync vs async transform path (#16062)
  • [jest-util] Add isError helper (#16076)
  • [pretty-format] Support React 19 (#16123)

Fixes

  • [expect-utils] Fix toStrictEqual failing on structuredClone results due to cross-realm constructor mismatch (#15959)
  • [@jest/expect-utils] Prevent toMatchObject/subset matching from throwing when encountering exotic iterables (#15952)
  • [fake-timers] Convert Date to milliseconds before passing to @sinonjs/fake-timers (#16029)
  • [jest] Export GlobalConfig and ProjectConfig TypeScript types (#16132)
  • [jest-circus] Prevent crash when asyncError is undefined for non-Error throws (#16003)
  • [jest-circus, jest-jasmine2] Include Error.cause in JSON failureMessages output (#15967)
  • [jest-config] Fix preset path resolution on Windows when the preset uses subpath exports (#15961)
  • [jest-config] Allow collectCoverage and coverageProvider in project config without a validation warning (#16132)
  • [jest-config] Project config validator now emits "is not supported in an individual project configuration" instead of "probably a typing mistake" for known global-only options (#16132)
  • [jest-environment-node] Fix --localstorage-file warning on Node 25+ (#16086)
  • [jest-reporters] Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (#16137)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
###### Microsoft Reviewers: [Open in CodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com//pull/329)

@dependabot
📦 Bump the all-npm-dependencies group across 2 directories with 2 upd…
34a1833 
…ates

Bumps the all-npm-dependencies group with 1 update in the /tools/hcdp directory: [ws](https://github.com/websockets/ws).
Bumps the all-npm-dependencies group with 1 update in the /tools/hermes-parser/js directory: [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest).


Updates `ws` from 8.20.0 to 8.20.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.0...8.20.1)

Updates `jest` from 30.3.0 to 30.4.2
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest)

---
updated-dependencies:
- dependency-name: ws
  dependency-version: 8.20.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-npm-dependencies
- dependency-name: jest
  dependency-version: 30.4.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 12, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 12, 2026 18:17
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 12, 2026
@dependabot dependabot Bot mentioned this pull request May 12, 2026
Closed
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 12, 2026

Benchmark Results

Total benchmarks: 204

Inputs: baseline/baseline.json, bench_result.json

v8 (3354ms, 6490ms) +93.5%
v8 hermes (CI) hermes (CI)
v8-crypto 616ms 643.2ms
v8-deltablue 747.6ms 825.2ms
v8-raytrace 133.2ms 138.8ms
v8-regexp 676.4ms 671ms
v8-richards 949ms 964ms
v8-splay 231.8ms 239ms
v8-crypto (static) - 460.6ms
v8-deltablue (static) - 676.4ms
v8-raytrace (static) - 93.8ms
v8-regexp (static) - 747.2ms
v8-richards (static) - 811.6ms
v8-splay (static) - 218.8ms
test-suites (177934ms, 325978ms) +83.2%
test-suites hermes (CI) hermes (CI)
box2d 3028.8ms 2982.8ms
earley-boyer 2574.4ms 2666.2ms
navier-stokes 5756.4ms 6251.6ms
pdfjs 992.8ms 1015.6ms
gbemu 2315.4ms 2339.2ms
code-load 4546ms 4782.6ms
typescript 3385.4ms 3189.6ms
simpleSum 8806.6ms 7796.8ms
propAccess 2655.8ms 2407.8ms
allocObj 251.2ms 225.8ms
allocObjLit 6341.6ms 6324.2ms
allocNewObj 20213.2ms 20299.8ms
allocArray 248.8ms 240.6ms
allocNewArray 35223.6ms 36364ms
arrayRead 119.2ms 139.4ms
arrayReadByIndex 543ms 485ms
largeArrayRead 781.6ms 732.8ms
arrayWrite 266.6ms 277.4ms
largeArrayWrite 2164.8ms 2197.6ms
interp-dispatch 2848.6ms 2717.8ms
wb-perf 8196.6ms 7380.6ms
arrayReverse 40.8ms 41.2ms
arrayMap 1495ms 1819.2ms
arrayIndexOf 153.4ms 147.4ms
arrayLastIndexOf 154.6ms 148.8ms
arrayEvery 2173ms 2938.2ms
arraySome 2174ms 2931ms
arrayFill 2367.8ms 2453.6ms
arrayFilter 1813.4ms 2117.6ms
arrayFind 3191.2ms 3235.6ms
arrayFindIndex 3251.6ms 3212.4ms
arrayPop 1072.2ms 1058.6ms
arrayReduce 2007.6ms 2317ms
arrayReduceRight 2008ms 2322.6ms
arrayShift 2051ms 2160.4ms
arrayUnshift 2083.2ms 2269.8ms
arrayIncludes 1219.6ms 1160ms
arrayFrom 1109.8ms 1268.8ms
arrayCopyWithin 1557.2ms 1608.6ms
stringFromCharCode 94.4ms 92.8ms
arraySlice 808.8ms 812.4ms
arraySplice 27ms 30ms
arrayOf 1075.6ms 1022.6ms
stringCharAt 1266.4ms 1340.2ms
stringMatch 2947.2ms 2885ms
stringSearch 2858.6ms 2883ms
stringStartsWith 601.2ms 599.6ms
stringEndsWith 561ms 544.6ms
stringIncludes 1545.4ms 1772.4ms
stringIndexOf 1508.4ms 1778ms
stringLastIndexOf 1758.2ms 1886.4ms
stringSplit 865.6ms 815.6ms
stringSlice 507.8ms 506.4ms
stringPadStart 2916.2ms 2863.2ms
stringPadEnd 2985.4ms 2860.6ms
regExpMatch 1513.6ms 1552.2ms
regExpSearch 1216.8ms 1370ms
regExpToString 1205.6ms 1210.6ms
stringReplace 1438.8ms 1696.8ms
regExpReplace 882.8ms 907.4ms
regExpFlags 927.8ms 954.2ms
regExpSplit 1320ms 1281ms
numberArrayReadWrite 2412.6ms 2454ms
protoCache 3504.8ms 2950.4ms
box2d (static) - 1858.2ms
earley-boyer (static) - 1895.2ms
navier-stokes (static) - 3486.2ms
pdfjs (static) - 811.4ms
gbemu (static) - 1716.4ms
code-load (static) - 4331.6ms
typescript (static) - 2665.4ms
simpleSum (static) - 1098.8ms
propAccess (static) - 2337.2ms
allocObj (static) - 0.2ms
allocObjLit (static) - 4302ms
allocNewObj (static) - 17916ms
allocArray (static) - 0.8ms
allocNewArray (static) - 31792ms
arrayRead (static) - 71ms
arrayReadByIndex (static) - 495.8ms
largeArrayRead (static) - 555ms
arrayWrite (static) - 175.2ms
largeArrayWrite (static) - 1592.2ms
interp-dispatch (static) - 2042.8ms
wb-perf (static) - 9311.4ms
arrayReverse (static) - 40.6ms
arrayMap (static) - 1068ms
arrayIndexOf (static) - 129.2ms
arrayLastIndexOf (static) - 128.6ms
arrayEvery (static) - 1539ms
arraySome (static) - 1533.2ms
arrayFill (static) - 1985.2ms
arrayFilter (static) - 1147.6ms
arrayFind (static) - 2509ms
arrayFindIndex (static) - 2504.4ms
arrayPop (static) - 929.2ms
arrayReduce (static) - 1535.8ms
arrayReduceRight (static) - 1444.6ms
arrayShift (static) - 1616.4ms
arrayUnshift (static) - 1631.2ms
arrayIncludes (static) - 981.2ms
arrayFrom (static) - 993.8ms
arrayCopyWithin (static) - 1140.2ms
stringFromCharCode (static) - 74.6ms
arraySlice (static) - 609ms
arraySplice (static) - 29.6ms
arrayOf (static) - 815.6ms
stringCharAt (static) - 1225.2ms
stringMatch (static) - 2337.6ms
stringSearch (static) - 2360.8ms
stringStartsWith (static) - 544.6ms
stringEndsWith (static) - 471ms
stringIncludes (static) - 1680.2ms
stringIndexOf (static) - 1580.2ms
stringLastIndexOf (static) - 2123.8ms
stringSplit (static) - 671.8ms
stringSlice (static) - 453.8ms
stringPadStart (static) - 2364.6ms
stringPadEnd (static) - 2360.6ms
regExpMatch (static) - 1413.8ms
regExpSearch (static) - 1361.4ms
regExpToString (static) - 1185.8ms
stringReplace (static) - 1491.8ms
regExpReplace (static) - 805.6ms
regExpFlags (static) - 811.2ms
regExpSplit (static) - 1063ms
numberArrayReadWrite (static) - 2081.4ms
protoCache (static) - 3652ms
micros (32446ms, 61617ms) +89.9%
micros hermes (CI) hermes (CI)
getNodeById.js 5157.6ms 5440.8ms
setInsert.js 2699.6ms 2780.8ms
stringify-number.js 1897.8ms 1903.2ms
typed-array-sort.js 22690.8ms 22395.2ms
getNodeById.js (static) - 4118.8ms
setInsert.js (static) - 2450.8ms
stringify-number.js (static) - 1666.4ms
typed-array-sort.js (static) - 20861.2ms
jit-benches (6261ms, 7795ms) +24.5%
jit-benches hermes (CI) hermes (CI)
idisp.js 2825.8ms 2336ms
idispn.js 3435.4ms 3025.8ms
idisp.js (static) - 2043.2ms
idispn.js (static) - 390ms
many-subclasses (48717ms, 76390ms) +56.8%
many-subclasses hermes (CI) hermes (CI)
many.js 19401.2ms 19388.4ms
many-sh-1.js 7433.6ms 7487.2ms
many-sh-2.js 7473.2ms 7480.6ms
many-sh-3.js 7176.8ms 7324.4ms
many-sh-4.js 7232.4ms 7321.8ms
many.js (static) - 17585.8ms
many-sh-1.js (static) - 2343ms
many-sh-2.js (static) - 2553.6ms
many-sh-3.js (static) - 2445.8ms
many-sh-4.js (static) - 2459.8ms
map-objects (2027ms, 3627ms) +78.9%
map-objects hermes (CI) hermes (CI)
map-objects-untyped.js 1037.6ms 1020.2ms
map-objects-typed.js 989.6ms 945.2ms
map-objects-untyped.js (static) - 924ms
map-objects-typed.js (static) - 737.6ms
map-strings (2415ms, 4154ms) +72.0%
map-strings hermes (CI) hermes (CI)
map-strings-untyped.js 1234.2ms 1149.8ms
map-strings-typed.js 1180.8ms 1067.4ms
map-strings-untyped.js (static) - 1068.2ms
map-strings-typed.js (static) - 868.8ms
nbody (2478ms, 3661ms) +47.8%
nbody hermes (CI) hermes (CI)
original/nbody.js 882.2ms 930.2ms
fully-typed/nbody.js 723.4ms 771.4ms
fully-typed/nbody.ts 872ms 922.4ms
original/nbody.js (static) - 450.6ms
fully-typed/nbody.js (static) - 128.4ms
fully-typed/nbody.ts (static) - 458.2ms
string-switch (1335ms, 5614ms) +320.4%
string-switch (string-switch/plain) hermes (CI) hermes (CI)
bench.js 1335.4ms 1361.8ms
bench.js (static) - 4252ms
raytracer (3319ms, 5845ms) +76.1%
raytracer (raytracer/original) hermes (CI) hermes (CI)
bench-raytracer.js 1606.6ms 1669.6ms
raytracer.ts 1712ms 1733.8ms
bench-raytracer.js (static) - 1233ms
raytracer.ts (static) - 1208.8ms
MiniReact (17368ms, 29553ms) +70.2%
MiniReact hermes (CI) hermes (CI)
no-objects/out/simple-stripped.js 2309.6ms 2133ms
no-objects/out/simple-lowered.js 2308ms 2159.6ms
no-objects/out/music-stripped.js 42.4ms 42.8ms
no-objects/out/music-lowered.js 47ms 49ms
no-deps/stripped/MiniReact.js 5203.4ms 4993.6ms
no-deps/MiniReact.js 5119.8ms 4934ms
no-objects/out/simple.js 2290.8ms 2143.2ms
no-objects/out/music.js 46.6ms 46ms
no-objects/out/simple-stripped.js (static) - 1703.4ms
no-objects/out/simple-lowered.js (static) - 1723.2ms
no-objects/out/music-stripped.js (static) - 19.4ms
no-objects/out/music-lowered.js (static) - 19.6ms
no-deps/stripped/MiniReact.js (static) - 3983.6ms
no-deps/MiniReact.js (static) - 3908.4ms
no-objects/out/simple.js (static) - 1674.4ms
no-objects/out/music.js (static) - 19.6ms
widgets (7554ms, 13545ms) +79.3%
widgets hermes (CI) hermes (CI)
simple-classes/widgets.js 1804.2ms 1840.4ms
original/es5/widgets.js 2865ms 3026.4ms
single-file/es5/widgets.js 2885.2ms 3032.2ms
simple-classes/widgets.js (static) - 1024.2ms
original/es5/widgets.js (static) - 2309.8ms
single-file/es5/widgets.js (static) - 2311.6ms

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 14, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 14, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/tools/hcdp/all-npm-dependencies-e48085cb39 branch May 14, 2026 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants