Bump the npm group with 4 updates by dependabot[bot] · Pull Request #2159 · poad/github-oauth-example

dependabot · 2026-05-15T14:48:58Z

Bumps the npm group with 4 updates: @eslint/compat, @types/node, eslint-config-next and brace-expansion.

Updates @eslint/compat from 2.0.5 to 2.1.0

Release notes

Sourced from @eslint/compat's releases.

compat: v2.1.0

2.1.0 (2026-05-08)

Features

Add new includeIgnoreFile() to config-helpers (#430) (9b51352)

migrate-config: v2.1.0

2.1.0 (2026-05-08)

Features

Add new includeIgnoreFile() to config-helpers (#430) (9b51352)

Dependencies

The following workspace dependencies were updated

dependencies

@eslint/config-helpers bumped from ^0.5.5 to ^0.6.0

migrate-config: v2.0.7

2.0.7 (2026-05-01)

Bug Fixes

update espree to the latest (#437) (a8ff72f)

migrate-config: v2.0.6

2.0.6 (2026-04-08)

Dependencies

The following workspace dependencies were updated

dependencies

@eslint/compat bumped from ^2.0.4 to ^2.0.5

devDependencies

@eslint/core bumped from ^1.2.0 to ^1.2.1

Changelog

Sourced from @eslint/compat's changelog.

2.1.0 (2026-05-08)

Features

Add new includeIgnoreFile() to config-helpers (#430) (9b51352)

Commits

b894953 chore: release main (#446)
334038d docs: Update README sponsors
9b51352 feat: Add new includeIgnoreFile() to config-helpers (#430)
70b6997 docs: Update README sponsors
35b6b94 chore: update TypeScript to v6 (#417)
7807d71 docs: Update README sponsors
57001ea docs: Update README sponsors
0b62133 docs: Update README sponsors
See full diff in compare view

Updates @types/node from 25.6.0 to 25.6.2

Commits

See full diff in compare view

Updates eslint-config-next from 16.2.5 to 16.2.6

Release notes

Sourced from eslint-config-next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

fix: preserve HTTP access fallbacks during prerender recovery (#92231)

Fix fallback route params case in app-page handler (#91737)

Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)

Patch setHeader for direct route handlers (#93101)

Include deployment id in cacheHandlers keys (#93453)

Fix double-encoding of URL pathname parts in client param parsing (#93491)

Commits

ee6e79b v16.2.6
See full diff in compare view

Updates brace-expansion from 1.1.14 to 5.0.6

Release notes

Sourced from brace-expansion's releases.

v4.0.1

fmt 5a5cc17

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 0b6a978

juliangruber/brace-expansion@v4.0.0...v4.0.1

v4.0.0

feat: use string replaces instead of splits (#64) 278132b

fmt dd72a59

add tea.yaml 70e4c1b

juliangruber/brace-expansion@v3.0.0...v4.0.0

As a precaution to not risk breaking anything with 278132b, this is a new semver major release

v3.0.1

pkg: publish on tag 3.x 3059c07

fmt 8229e6f

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 15f9b3c

juliangruber/brace-expansion@v3.0.0...v3.0.1

v3.0.0

Switch to ES Modules and balanced-match 3.0.0 (#62) c0360e8

added jsdoc (#55) 68c0e37

node 16 is EOL 9e781e9

add standard 3494c4d

use const and let (#57) dd5a4cb

docs 6dad209

remove test e3dd8ae

ci: update node versions d23ede9

docs: add @lanodan to contributors 1eb3fa4

docs 1e7c9cd

switch from tape to test module (#60) 2520537

Bump minimist from 1.2.5 to 1.2.6 (#59) 61a94f1

Bump path-parse from 1.0.6 to 1.0.7 (#51) dc741cf

docs: add back ci badge 8ee5626

Add github actions, remove travis. Closes #52 (#53) 5c8756a

CI: Drop unused sudo: false Travis directive (#50) 05978a7

juliangruber/brace-expansion@v2.0.1...v3.0.0

v2.0.2

pkg: publish on tag 2.x 14f1d91

fmt ed7780a

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

... (truncated)

Commits

46317b5 5.0.6
c0b095b Merge commit from fork
ec56020 Bump picomatch from 4.0.3 to 4.0.4 (#93)
8793901 5.0.5
9a02af5 Merge commit from fork
daa71bc Bump tar from 7.5.10 to 7.5.11 (#92)
799e5f7 Bump tar from 7.5.9 to 7.5.10 (#90)
012c230 5.0.4
243c491 Fix handling of brackets. Closes #87
609f858 Correct incorrect brace-expansion import (#89)
Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm group with 4 updates: [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) and [brace-expansion](https://github.com/juliangruber/brace-expansion). Updates `@eslint/compat` from 2.0.5 to 2.1.0 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/compat-v2.1.0/packages/compat) Updates `@types/node` from 25.6.0 to 25.6.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `eslint-config-next` from 16.2.5 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/commits/v16.2.6/packages/eslint-config-next) Updates `brace-expansion` from 1.1.14 to 5.0.6 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v1.1.14...v5.0.6) --- updated-dependencies: - dependency-name: "@eslint/compat" dependency-version: 2.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@types/node" dependency-version: 25.6.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: eslint-config-next dependency-version: 16.2.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: brace-expansion dependency-version: 5.0.6 dependency-type: indirect update-type: version-update:semver-major dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-05-15T14:49:01Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
github-oauth-example	Error		May 15, 2026 2:49pm

dependabot Bot assigned poad May 15, 2026

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 15, 2026

vercel Bot had a problem deploying to Preview May 15, 2026 14:49 Failure

github-actions Bot approved these changes May 15, 2026

View reviewed changes

github-actions Bot enabled auto-merge (squash) May 15, 2026 14:49

github-actions Bot merged commit 654caf2 into main May 15, 2026
5 of 6 checks passed

github-actions Bot deleted the dependabot/npm_and_yarn/npm-56dca2d143 branch May 15, 2026 14:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm group with 4 updates#2159

Bump the npm group with 4 updates#2159
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-56dca2d143

dependabot Bot commented on behalf of github May 15, 2026

Uh oh!

vercel Bot commented May 15, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 15, 2026

compat: v2.1.0

2.1.0 (2026-05-08)

Features

migrate-config: v2.1.0

2.1.0 (2026-05-08)

Features

Dependencies

migrate-config: v2.0.7

2.0.7 (2026-05-01)

Bug Fixes

migrate-config: v2.0.6

2.0.6 (2026-04-08)

Dependencies

2.1.0 (2026-05-08)

Features

v16.2.6

Security Fixes

Core Changes

v4.0.1

v4.0.0

v3.0.1

v3.0.0

v2.0.2

Uh oh!

vercel Bot commented May 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

vercel Bot commented May 15, 2026 •

edited

Loading