Skip to content

Bump the minor-and-patch group across 1 directory with 16 updates#285

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-cf5975e873
Open

Bump the minor-and-patch group across 1 directory with 16 updates#285
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-cf5975e873

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 16 updates in the / directory:

Package From To
@pixiv/three-vrm 3.5.1 3.5.5
@solana/spl-token 0.4.14 0.4.15
@vitejs/plugin-basic-ssl 2.2.0 2.3.0
axios 1.13.6 1.18.1
gsap 3.14.2 3.15.0
ktx2-encoder 0.5.1 0.5.3
postprocessing 6.38.3 6.39.2
react 19.2.4 19.2.7
react-colorful 5.6.1 5.7.0
react-dom 19.2.4 19.2.7
three 0.183.2 0.185.1
three-mesh-bvh 0.9.9 0.9.10
wrangler 4.72.0 4.109.0
@react-spring/three 10.0.3 10.1.2
sass 1.98.0 1.101.0
vite-plugin-node-polyfills 0.25.0 0.28.0

Updates @pixiv/three-vrm from 3.5.1 to 3.5.5

Release notes

Sourced from @​pixiv/three-vrm's releases.

v3.5.5

pixiv/three-vrm@v3.5.4...v3.5.5 https://github.com/pixiv/three-vrm/tree/v3.5.5


🧹 Chores

v3.5.4

pixiv/three-vrm@v3.5.3...v3.5.4 https://github.com/pixiv/three-vrm/tree/v3.5.4


💡 Behavior Changes

  • #1842: three-vrm-core, humanoid, Handle negative node indices (-1) in VRM0.0 humanoid bones
  • #1843: warn when VRM0 morph bind target mesh is not found

🧹 Chores

  • #1844: pnpm-workspace.yaml, add allowBuilds config for esbuild and nx

v3.5.3

pixiv/three-vrm@v3.5.2...v3.5.3 https://github.com/pixiv/three-vrm/tree/v3.5.3


💡 Behavior Changes

  • #1840: fix: VRMSpringBoneLoaderPlugin, VRM0 import, improve error handling
  • #1841: fix: MToon loader, improve texture assignment error handling

v3.5.2

pixiv/three-vrm@v3.5.1...v3.5.2 https://github.com/pixiv/three-vrm/tree/v3.5.2


📢 NOTE FOR DEVS

... (truncated)

Commits

Updates @solana/spl-token from 0.4.14 to 0.4.15

Release notes

Sourced from @​solana/spl-token's releases.

js-legacy@v0.4.15

What's new

Commits
  • 27c359d Publish js-legacy@v0.4.15
  • 6a09978 js-legacy: Update package.json for trusted publishing (#1303)
  • 5b2d7fe build(deps): bump solana-packet from 4.1.0 to 4.2.0 (#1302)
  • ca02a9a deps: Update crossbeam-epoch for audit (#1301)
  • 1ead7bb build(deps-dev): bump typedoc from 0.28.19 to 0.28.20 in /clients/js (#1297)
  • 3eb2f00 build(deps-dev): bump typedoc from 0.28.19 to 0.28.20 in /clients/js-legacy (...
  • 800990a build(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.61.1 to 8.62.1 ...
  • e578003 build(deps-dev): bump vitest from 4.1.9 to 4.1.10 in /clients/js (#1296)
  • 1d8f1f8 build(deps-dev): bump @​typescript-eslint/parser from 8.61.1 to 8.62.1 in /cli...
  • c338a07 build(deps-dev): bump prettier from 3.8.4 to 3.9.4 in /clients/js-legacy (#1295)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​solana/spl-token since your current version.


Updates @vitejs/plugin-basic-ssl from 2.2.0 to 2.3.0

Release notes

Sourced from @​vitejs/plugin-basic-ssl's releases.

v2.3.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from @​vitejs/plugin-basic-ssl's changelog.

2.3.0 (2026-03-24)

Features

Miscellaneous Chores

  • deps: update all non-major dependencies (#100) (34ef8a0)
  • deps: update all non-major dependencies (#96) (acb0779)
  • deps: update dependency vite to v8 (#99) (987fb1a)
  • deps: update pnpm/action-setup action to v5 (#101) (4b9d639)

Build System

Commits

Updates axios from 1.13.6 to 1.18.1

Release notes

Sourced from axios's releases.

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

🔧 Maintenance & Chores

  • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

  • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

... (truncated)

Commits
  • a209bfb chore(release): prepare release 1.18.1 (#11027)
  • fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
  • 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
  • a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
  • cf1306a docs: add Deno to install instructions (#11023)
  • b32880a fix: incorrect use of error (#11021)
  • 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
  • 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
  • 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
  • e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates gsap from 3.14.2 to 3.15.0

Commits

Updates ktx2-encoder from 0.5.1 to 0.5.3

Release notes

Sourced from ktx2-encoder's releases.

v0.5.3

No significant changes

    View changes on GitHub
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for ktx2-encoder since your current version.


Updates postprocessing from 6.38.3 to 6.39.2

Release notes

Sourced from postprocessing's releases.

v6.39.2

Requires three ≥ 0.168.0 < 0.186.0

What's Changed

  • Update dependencies

Full Changelog: pmndrs/postprocessing@v6.39.1...v6.39.2

Special Thanks

Thanks @​juliangarnier and @​donmccurdy for the continued support! 🚀

v6.39.1

Requires three ≥ 0.168.0 < 0.185.0

What's Changed

  • Resolution: removed resizable property #742, 0933567
  • Updated dependencies

Full Changelog: pmndrs/postprocessing@v6.39.0...v6.39.1

Special Thanks

Thanks @​juliangarnier and @​donmccurdy for the continued support! ✨

v6.39.0

Requires three ≥ 0.168.0 < 0.184.0

ℹ️ The minimum version of three was raised to r168

What's Changed

  • Fix recursive depth texture binding issues in EffectComposer by @​Ameobea in pmndrs/postprocessing#740
  • Change default type of internal depth textures to FloatType 67b277c
  • Fix depth texture management #225, 1bcdefa
  • EffectComposer: Remove unused constructor param alpha 5477fce
  • EffectComposer: Remove createBuffer 3faeb4e, dd2bf69
  • Pass: Add needsDepthBlit ab99cd1

New Contributors

Full Changelog: pmndrs/postprocessing@v6.38.3...v6.39.0

Special Thanks

Thanks @​juliangarnier and @​donmccurdy for the continued support! ❤️

Commits

Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Changelog

Sourced from react's changelog.

19.2.7 (June 1, 2026)

React Server Components

19.2.6 (May 6, 2026)

React Server Components

19.2.5 (March 18, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates react-colorful from 5.6.1 to 5.7.0

Release notes

Sourced from react-colorful's releases.

v5.7.0 (onChangeEnd)

Added onChangeEnd callback that fires when the user finishes changing a color (on mouse up, touch end, or arrow key up). Useful for undo/redo, saving to a database, or other expensive operations. (via #230)

<HexColorPicker
  color={color}
  onChange={setColor}
  onChangeEnd={(color) => saveToDatabase(color)}
/>

v5.6.2 (React 19 support)

Fix React 19 TypeScript compatibility (via #229)

Commits

Updates react-dom from 19.2.4 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Changelog

Sourced from react-dom's changelog.

19.2.7 (June 1, 2026)

React Server Components

19.2.6 (May 6, 2026)

React Server Components

19.2.5 (March 18, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


Updates three from 0.183.2 to 0.185.1

Commits

Updates three-mesh-bvh from 0.9.9 to 0.9.10

Release notes

Sourced from three-mesh-bvh's releases.

v0.9.10

Fixed

  • MeshBVH: closestPointToGeometry will no longer log warnings for coplanar triangles.
  • Updated types.
  • Fix internal imports causing types to break in some cases.
Changelog

Sourced from three-mesh-bvh's changelog.

[0.9.10] - 2026-05-13

Fixed

  • MeshBVH: closestPointToGeometry will no longer log warnings for coplanar triangles.
  • Updated types.
  • Fix internal imports causing types to break in some cases.
Commits
  • 30811dc 0.9.10
  • e473d35 Update CHANGELOG for version 0.9.10 release
  • eca498b Update CHANGELOG.md
  • 5f7def0 Merge pull request #875 from isamu/fix/umd-self-require
  • 39682e3 Update CHANGELOG.md
  • ef9ad04 Update CHANGELOG with recent changes and fixes
  • b0013cf Merge pull request #876 from matthewgertner/suppress-coplanar-warning
  • 164c4b8 Suppress the warning about coplanar triangles when calling intersectsTriangle...
  • 85c11a8 fix: use relative imports in ObjectBVH and SkinnedMeshBVH
  • a64460c Merge pull request #872 from firefila/codex/safari-webgpu-storage-vec4
  • Additional commits viewable in compare view

Updates wrangler from 4.72.0 to 4.109.0

Release notes

Sourced from wrangler's releases.

wrangler@4.109.0

Minor Changes

  • #14489 e3f0cd6 Thanks @​edmundhung! - Add listDurableObjectIds() to createTestHarness Worker handles

    Tests using createTestHarness can now list persisted Durable Object instance IDs for a Durable Object binding. This helps integration tests discover objects created by app behavior without adding test-only endpoints.

  • #14465 2fedb1f Thanks @​vaishnav-mk! - Add rollback support when terminating Workflow instances

    WorkflowInstance.terminate({ rollback: true }) now runs registered rollback handlers before marking a local Workflow instance as terminated. Wrangler also supports this via wrangler workflows instances terminate --rollback, including local mode.

    The rollback option is only sent for terminate operations and is rejected by the Local Explorer API for pause, resume, and restart actions.

  • #14511 17d2fc1 Thanks @​juleslemee! - Add wrangler turnstile widget commands for managing Turnstile widgets

    You can now create, list, inspect, update, and delete Turnstile widgets from the CLI:

    wrangler turnstile widget create <name> --domain example.com --mode managed
    wrangler turnstile widget list
    wrangler turnstile widget get <sitekey>
    wrangler turnstile widget update <sitekey> --name "Renamed"
    wrangler turnstile widget delete <sitekey>
    

    All five subcommands accept --json for machine-readable output (get prints a formatted view by default; the rest print a short human summary). --domain accepts comma-separated values, e.g. --domain a.com,b.com. delete --json requires --skip-confirmation/-y to keep output pipeable.

    create prints the sitekey, the secret, and the canonical challenges.cloudflare.com/turnstile/v0/siteverify endpoint for backend verification. The hint is backend-agnostic; it doesn't assume Workers. The secret is redacted from list and update output but remains available via get for retrieval later. delete prompts for confirmation; pass --skip-confirmation/-y to bypass.

    The OAuth flow now requests the challenge-widgets.write scope (the existing Bach-derived scope for Turnstile widget CRUD). Existing OAuth sessions need to run wrangler login again to pick it up. API token users need a token with the Account.Turnstile:Edit permission.

Patch Changes

  • #14596 8511ddf Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260706.1 1.20260708.1
    @​cloudflare/workers-types ^5.20260706.1 ^5.20260708.1
  • #14604 9f74a5f Thanks @​vaishnav-mk! - Improve the deploy error for cron-triggered Workflows on free plans

    Wrangler now explains that Workflow schedules require a paid Workers plan instead of showing only the generic Workflows API request failure.

  • #14616 c782e2a Thanks @​penalosa! - Fix wrangler deploy aborting in CI for autoconfigured projects

    A recent change guarded non-interactive deploys against overwriting a same-named Worker whenever there was no config file naming it. This was too broad: a plain wrangler deploy run in CI without a config file (for example an autoconfigured project whose generated config PR has not been merged) would fail with "A Worker named ... already exists in your account", even though re-deploying to that Worker is the intended behaviour.

... (truncated)

Commits
  • 774c09e Version Packages (#14603)
  • 2fedb1f Support workflow terminate rollback (#14465)
  • c782e2a [wrangler] Restrict name-ownership guard to Pages-to-Workers delegation (#14616)
  • 17d2fc1 [wrangler] Add turnstile widget CLI commands (#14511)
  • 315c77c chore: use catalog for workerd dependency (#14607)
  • 9f74a5f Workflows: Improve scheduled Workflows free-plan deploy error (#14604)
  • 394b8ae Fix wrangler linting (failing because of deprecated detectAgenticEnvironment ...
  • dbf024e Enable @typescript-eslint/no-deprecated linting rule for wrangler (#14579)
  • e3f0cd6 feat(wrangler): list durable object ids in test harness (#14489)
  • 8511ddf Bump the workerd-and-workers-types group with 2 updates (#14596)
  • Additional commits viewable in compare view

Updates @react-spring/three from 10.0.3 to 10.1.2

Release notes

Sourced from @​react-spring/three's releases.

v10.1.2

Bug Fixes

  • core: PickAnimated now infers all animated keys when a partial from is provided. Previously a from prop collapsed the result type to just the from shape, dropping to keys, forward props, and the other transition phases — so useSpring({ width: 100, height: 100, from: { width: 0 } }) made styles.height a compile error even though height animates at runtime. It now merges from with the to, forward, and transition-phase values. (#2545)
  • core: The SpringValue-level onChange now receives an AnimationResult ({ value, finished: false, cancelled: false }) instead of the raw value, so result.value is no longer undefined mid-animation. This matches onStart/onRest and the Controller-level onChange. The internal change event the animated tree subscribes to still emits the raw value. (#2548)
  • animated: Fixed a cannot add a new property crash when wrapping non-extensible React Native host components. On Hermes, host components like View, Text, and Image become non-extensible after their first render, breaking the wrapper cache. createHost now attempts the direct write first (fast path, unchanged for extensible components) and falls back to a module-level WeakMap when the write is rejected. (#2535)

Performance

  • shared: Improved string interpolation performance with large amounts of data by caching output number parsing in createStringInterpolator. (#2547)

Full Changelog: pmndrs/react-spring@v10.1.1...v10.1.2

v10.1.1

What's Changed

Full Changelog: pmndrs/react-spring@v10.1.0...v10.1.1

v10.1.0

What's Changed

Bumps the minor-and-patch group with 16 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@pixiv/three-vrm](https://github.com/pixiv/three-vrm/tree/HEAD/packages/three-vrm) | `3.5.1` | `3.5.5` |
| [@solana/spl-token](https://github.com/solana-program/token-2022) | `0.4.14` | `0.4.15` |
| [@vitejs/plugin-basic-ssl](https://github.com/vitejs/vite-plugin-basic-ssl) | `2.2.0` | `2.3.0` |
| [axios](https://github.com/axios/axios) | `1.13.6` | `1.18.1` |
| [gsap](https://github.com/greensock/GSAP) | `3.14.2` | `3.15.0` |
| [ktx2-encoder](https://github.com/gz65555/ktx2-encoder) | `0.5.1` | `0.5.3` |
| [postprocessing](https://github.com/pmndrs/postprocessing) | `6.38.3` | `6.39.2` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.7` |
| [react-colorful](https://github.com/omgovich/react-colorful) | `5.6.1` | `5.7.0` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.7` |
| [three](https://github.com/mrdoob/three.js) | `0.183.2` | `0.185.1` |
| [three-mesh-bvh](https://github.com/gkjohnson/three-mesh-bvh) | `0.9.9` | `0.9.10` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.72.0` | `4.109.0` |
| [@react-spring/three](https://github.com/pmndrs/react-spring) | `10.0.3` | `10.1.2` |
| [sass](https://github.com/sass/dart-sass) | `1.98.0` | `1.101.0` |
| [vite-plugin-node-polyfills](https://github.com/davidmyersdev/vite-plugin-node-polyfills) | `0.25.0` | `0.28.0` |



Updates `@pixiv/three-vrm` from 3.5.1 to 3.5.5
- [Release notes](https://github.com/pixiv/three-vrm/releases)
- [Commits](https://github.com/pixiv/three-vrm/commits/v3.5.5/packages/three-vrm)

Updates `@solana/spl-token` from 0.4.14 to 0.4.15
- [Release notes](https://github.com/solana-program/token-2022/releases)
- [Commits](https://github.com/solana-program/token-2022/compare/js-legacy@v0.4.14...js-legacy@v0.4.15)

Updates `@vitejs/plugin-basic-ssl` from 2.2.0 to 2.3.0
- [Release notes](https://github.com/vitejs/vite-plugin-basic-ssl/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-basic-ssl/blob/main/CHANGELOG.md)
- [Commits](vitejs/vite-plugin-basic-ssl@v2.2.0...v2.3.0)

Updates `axios` from 1.13.6 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.6...v1.18.1)

Updates `gsap` from 3.14.2 to 3.15.0
- [Commits](greensock/GSAP@3.14.2...3.15.0)

Updates `ktx2-encoder` from 0.5.1 to 0.5.3
- [Release notes](https://github.com/gz65555/ktx2-encoder/releases)
- [Commits](gz65555/ktx2-encoder@v0.5.1...v0.5.3)

Updates `postprocessing` from 6.38.3 to 6.39.2
- [Release notes](https://github.com/pmndrs/postprocessing/releases)
- [Commits](pmndrs/postprocessing@v6.38.3...v6.39.2)

Updates `react` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-colorful` from 5.6.1 to 5.7.0
- [Release notes](https://github.com/omgovich/react-colorful/releases)
- [Changelog](https://github.com/omgovich/react-colorful/blob/master/CHANGELOG.md)
- [Commits](https://github.com/omgovich/react-colorful/commits/5.7.0)

Updates `react-dom` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `three` from 0.183.2 to 0.185.1
- [Release notes](https://github.com/mrdoob/three.js/releases)
- [Commits](https://github.com/mrdoob/three.js/commits)

Updates `three-mesh-bvh` from 0.9.9 to 0.9.10
- [Release notes](https://github.com/gkjohnson/three-mesh-bvh/releases)
- [Changelog](https://github.com/gkjohnson/three-mesh-bvh/blob/master/CHANGELOG.md)
- [Commits](gkjohnson/three-mesh-bvh@v0.9.9...v0.9.10)

Updates `wrangler` from 4.72.0 to 4.109.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.109.0/packages/wrangler)

Updates `@react-spring/three` from 10.0.3 to 10.1.2
- [Release notes](https://github.com/pmndrs/react-spring/releases)
- [Commits](https://github.com/pmndrs/react-spring/compare/v10.0.3...@react-spring/three@10.1.2)

Updates `sass` from 1.98.0 to 1.101.0
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.98.0...1.101.0)

Updates `vite-plugin-node-polyfills` from 0.25.0 to 0.28.0
- [Release notes](https://github.com/davidmyersdev/vite-plugin-node-polyfills/releases)
- [Commits](davidmyersdev/vite-plugin-node-polyfills@v0.25.0...v0.28.0)

---
updated-dependencies:
- dependency-name: "@pixiv/three-vrm"
  dependency-version: 3.5.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@solana/spl-token"
  dependency-version: 0.4.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@vitejs/plugin-basic-ssl"
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: gsap
  dependency-version: 3.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: ktx2-encoder
  dependency-version: 0.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: postprocessing
  dependency-version: 6.39.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: react-colorful
  dependency-version: 5.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: three
  dependency-version: 0.185.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: three-mesh-bvh
  dependency-version: 0.9.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: wrangler
  dependency-version: 4.109.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@react-spring/three"
  dependency-version: 10.1.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: sass
  dependency-version: 1.101.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: vite-plugin-node-polyfills
  dependency-version: 0.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants