Skip to content

Bump the minor-and-patch group with 4 updates#748

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/minor-and-patch-8e4ea87829
Feb 16, 2026
Merged

Bump the minor-and-patch group with 4 updates#748
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/minor-and-patch-8e4ea87829

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 16, 2026

Bumps the minor-and-patch group with 4 updates: @types/node, esbuild, glob and ovsx.

Updates @types/node from 25.2.0 to 25.2.3

Commits

Updates esbuild from 0.27.2 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

  • Preserve URL fragments in data URLs (#4370)

    Consider the following HTML, CSS, and SVG:

    • index.html:

      <!DOCTYPE html>
<html>
  <head><link rel="stylesheet" href="icons.css"></head>
  <body><div class="triangle"></div></body>
</html>

    • icons.css:

      .triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}

    • triangle.svg:

      <svg xmlns="http://www.w3.org/2000/svg">
  <defs>
    <clipPath id="x">
      <path d="M0 0H10V10Z"/>
    </clipPath>
  </defs>
</svg>

    The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

    /* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
}

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.3

  • Preserve URL fragments in data URLs (#4370)

    Consider the following HTML, CSS, and SVG:

    • index.html:

      <!DOCTYPE html>
<html>
  <head><link rel="stylesheet" href="icons.css"></head>
  <body><div class="triangle"></div></body>
</html>

    • icons.css:

      .triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}

    • triangle.svg:

      <svg xmlns="http://www.w3.org/2000/svg">
  <defs>
    <clipPath id="x">
      <path d="M0 0H10V10Z"/>
    </clipPath>
  </defs>
</svg>

    The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

    /* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
}

... (truncated)

Commits
  • 9129e00 publish 0.27.3 to npm
  • e20e411 small fix to release notes
  • 0dc0f2d fix #4322: parse and print CSS @scope rules
  • 55fe391 update firefox css gradient support
  • 2c35297 update gradient lowering transform
  • 9209e44 Update Go to 1.25.7 (#4388)
  • e8d861b close #4374: compat table for the using feature
  • 19b8887 no longer need williamkapke/node-compat-table
  • 7e44218 the kangax/compat-table repo moved to a new url
  • 23b9338 run make update-compat-table
  • Additional commits viewable in compare view

Updates glob from 13.0.0 to 13.0.3

Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates ovsx from 0.10.8 to 0.10.9

Release notes

Sourced from ovsx's releases.

CLI v0.10.9

Fixes

  • Support custom registry url including a subpath (#1542)

Changes

  • Move ovsx script to bin directory (#1538)
  • Disable the automatic execution of lifecycle scripts by yarn (#1546)

Dependencies

  • Bump lodash from 4.17.21 to 4.17.23 (#1567)
  • Bump tar from 6.2.1 to 7.5.7
Changelog

Sourced from ovsx's changelog.

[v0.10.9] (Feb. 2026)

Fixes

  • Support custom registry url including a subpath (#1542)

Changes

  • Move ovsx script to bin directory (#1538)
  • Disable the automatic execution of lifecycle scripts by yarn (#1546)

Dependencies

  • Bump lodash from 4.17.21 to 4.17.23 (#1567)
  • Bump tar from 6.2.1 to 7.5.7
Commits
  • 170af84 chore: bump cli version for release
  • e821026 chore: prepare cli release v0.10.9
  • 0e3ac34 build(deps): bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1 in /cli (#1583)
  • 9016c26 chore(deps): bump vsce to latest version 3.7.1 in the package.json to avoid a...
  • 8b3f638 chore(deps): bump optional dep node-gyp to latest
  • b121ddc chore(deps): bump tar from 6.2.1 to 7.5.7
  • 8da1960 build(deps): bump lodash from 4.17.21 to 4.17.23 in /cli (#1567)
  • 0f3019c Disable scripts by default for yarn (#1546)
  • cd711c0 Support custom registry url with a subpath (#1542)
  • 62a53cc Cleanup cli script (#1538)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the minor-and-patch group with 4 updates
00226c3 
Bumps the minor-and-patch group with 4 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [esbuild](https://github.com/evanw/esbuild), [glob](https://github.com/isaacs/node-glob) and [ovsx](https://github.com/eclipse/openvsx/tree/HEAD/cli).


Updates `@types/node` from 25.2.0 to 25.2.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `esbuild` from 0.27.2 to 0.27.3
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.2...v0.27.3)

Updates `glob` from 13.0.0 to 13.0.3
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v13.0.0...v13.0.3)

Updates `ovsx` from 0.10.8 to 0.10.9
- [Release notes](https://github.com/eclipse/openvsx/releases)
- [Changelog](https://github.com/eclipse/openvsx/blob/master/cli/CHANGELOG.md)
- [Commits](https://github.com/eclipse/openvsx/commits/cli-0.10.9/cli)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.2.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: esbuild
  dependency-version: 0.27.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: glob
  dependency-version: 13.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: ovsx
  dependency-version: 0.10.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner February 16, 2026 16:09
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 16, 2026
@github-actions github-actions bot enabled auto-merge February 16, 2026 16:09
@github-actions github-actions bot merged commit 78603e7 into main Feb 16, 2026
4 checks passed
@github-actions github-actions bot deleted the dependabot/npm_and_yarn/minor-and-patch-8e4ea87829 branch February 16, 2026 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants

Comments