Skip to content

chore(deps-dev): bump the dev-dependencies group across 1 directory with 4 updates#645

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-59ab8c9141
Open

chore(deps-dev): bump the dev-dependencies group across 1 directory with 4 updates#645
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-59ab8c9141

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-dependencies group with 4 updates in the / directory: js-yaml, turbo, @clerk/backend and @supabase/postgrest-js.

Updates js-yaml from 4.2.0 to 4.3.0

Changelog

Sourced from js-yaml's changelog.

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.

... (truncated)

Commits
  • 33d05b5 4.3.0 released
  • 663bfab Drop demo publish, to not override new v5 one.
  • 1cb8c7b Add v4-legacy tag for publish
  • 02f27af Restore umd builds back to es5
  • 8be84ed Fix es5 compatibility
  • 59423c6 Replace maxMergeSeqLength option with maxTotalMergeKeys (more robust). Ba...
  • 6842ef6 doc polish
  • See full diff in compare view

Updates turbo from 2.10.2 to 2.10.4

Release notes

Sourced from turbo's releases.

Turborepo v2.10.4

What's Changed

Changelog

... (truncated)

Commits
  • 1506a11 publish 2.10.4 to registry
  • 11a68c7 fix: Stop flagging relative imports that resolve into node_modules in boundar...
  • 947b478 fix: Raise the open-file soft limit at startup (#13282)
  • ddc584d feat: Make turbo prune Cargo-aware (#13281)
  • ff0d508 perf: Skip dependency-closure assembly for toolchains that derive nothing (#1...
  • 39d623e feat: Make turbo watch Cargo-aware (#13280)
  • af01fdf fix: Collapse nested package-manager fallback conditional (#13279)
  • 7e02f94 release(turborepo): 2.10.4-canary.2 (#13278)
  • 8e3a59f release(library): 0.0.1-canary.23 (#13276)
  • ce18f0a test: Add end-to-end coverage for Cargo workspaces (#13274)
  • Additional commits viewable in compare view

Updates @clerk/backend from 3.4.9 to 3.11.0

Release notes

Sourced from @​clerk/backend's releases.

@​clerk/backend@​3.11.0

Minor Changes

  • Add idpCertificateIssuedAt and idpCertificateExpiresAt to SAML enterprise connections, exposing the IdP certificate validity window (#9077) by @​LauraBeatris

Patch Changes

Changelog

Sourced from @​clerk/backend's changelog.

3.11.0

Minor Changes

  • Add idpCertificateIssuedAt and idpCertificateExpiresAt to SAML enterprise connections, exposing the IdP certificate validity window (#9077) by @​LauraBeatris

Patch Changes

3.10.0

Minor Changes

  • Add an experimental clerkClient.emails.create() method for sending transactional emails. It accepts address- or user-based recipients, supports optional replyTo, subject, and HTML and/or text content, and returns the created Email resource. (#9010) by @​cbnsndwch

    This method is marked @experimental and may change in a future release.

3.9.0

Minor Changes

  • Add clerkClient.oauthApplications.revokeToken() for revoking opaque OAuth application access and refresh tokens. (#9040) by @​jfoshee

Patch Changes

  • organizations.deleteOrganization() now validates that an organization ID was provided. Calling it with an empty ID throws A valid resource ID is required. locally instead of issuing a DELETE request to the organizations collection endpoint, matching the other ID-based methods on the API. (#9036) by @​jacekradko

  • M2M JWT verification now validates the token-category (cat) header and rejects M2M JWTs tagged as a different token class. M2M JWTs minted by Clerk carry the correct category and are unaffected; M2M JWTs without the header continue to verify. (#9038) by @​wobsoriano

  • Updated dependencies [4306146, 533f0b1]:

    • @​clerk/shared@​4.23.0

3.8.5

Patch Changes

  • Add an optional externalAccountId to the backend ExternalAccount resource. For Google and Facebook accounts the resource id is the idn_-prefixed identification id, which users.deleteUserExternalAccount() rejects; externalAccountId now exposes the eac_-prefixed id those calls expect. For all other providers id is already the eac_ id and externalAccountId is undefined, so use externalAccountId ?? id to get an id you can delete with. (#8995) by @​jacekradko

  • Updated dependencies [cb76aa2]:

    • @​clerk/shared@​4.22.1

3.8.4

Patch Changes

  • Updated dependencies [19ce04a]:
    • @​clerk/shared@​4.22.0

... (truncated)

Commits
  • 485bca5 ci(repo): Version packages (#9062)
  • 71e88b9 docs(repo): Add tooltip to OAuth access token (#9070)
  • 1efc7e5 feat(shared,backend,clerk-js): Add SAML certificate validity fields (#9077)
  • 8842511 ci(repo): Version packages (#9050)
  • f42aad9 feat(backend): transactional email send with user_id recipient (#9010)
  • feac5f3 docs(backend,shared): Generate typedoc output for backend docs (#8853)
  • 59d2456 ci(repo): Version packages (#9035)
  • 6a9bb60 feat(backend): add OAuth application token revocation (#9040)
  • 2914c2c fix(backend): guard deleteOrganization against empty organization ID (#9036)
  • 07e1b06 feat(backend): Validate cat header when verifying M2M JWTs (#9038)
  • Additional commits viewable in compare view

Updates @supabase/postgrest-js from 2.105.4 to 2.110.0

Release notes

Sourced from @​supabase/postgrest-js's releases.

v2.110.0

2.110.0 (2026-06-30)

🚀 Features

  • repo: drop Node.js 20 support (#2482)

❤️ Thank You

v2.110.0-canary.0

2.110.0-canary.0 (2026-06-30)

🚀 Features

  • repo: drop Node.js 20 support (#2482)

❤️ Thank You

v2.109.0

2.109.0 (2026-06-30)

🚀 Features

  • auth: add custom_claims_allowlist to custom providers admin API (#2473)
  • realtime: add postgres_changes filter builder, new operators and select (#2463)
  • storage: expose purgeCache for buckets and single objects (#2429)

🩹 Fixes

  • functions: honor a caller's Content-Type override regardless of casing (#2455)
  • realtime: pin @​supabase/phoenix and browser test CDN deps (#2457)
  • realtime: add replication connection system message option (#2470)
  • storage: keep sortBy defaults when list() is given a partial sortBy (#2454)

❤️ Thank You

v2.108.3-canary.2

2.108.3-canary.2 (2026-06-19)

... (truncated)

Changelog

Sourced from @​supabase/postgrest-js's changelog.

2.110.0 (2026-06-30)

🚀 Features

  • repo: drop Node.js 20 support (#2482)

❤️ Thank You

2.109.0 (2026-06-30)

This was a version bump only for @​supabase/postgrest-js to align it with other projects, there were no code changes.

2.108.2 (2026-06-15)

This was a version bump only for @​supabase/postgrest-js to align it with other projects, there were no code changes.

2.108.0 (2026-06-08)

🩹 Fixes

  • postgrest: pass request headers as plain object for RN/custom-fetch compatibility (#2414)

❤️ Thank You

2.107.0 (2026-06-02)

🩹 Fixes

  • postgrest: return a structured error for non-JSON body on successful responses (#2398)

❤️ Thank You

2.106.2 (2026-05-25)

This was a version bump only for @​supabase/postgrest-js to align it with other projects, there were no code changes.

2.106.1 (2026-05-20)

This was a version bump only for @​supabase/postgrest-js to align it with other projects, there were no code changes.

2.106.0 (2026-05-18)

... (truncated)

Commits
  • c3d5e6d feat(repo): drop Node.js 20 support (#2482)
  • b2e02b9 chore(release): version 2.109.0 changelogs (#2481)
  • 6d2d952 chore(repo): declare supabase-js compliance with SDK capability matrix (#2441)
  • a25062e chore(release): version 2.108.2 changelogs (#2449)
  • c8a6649 docs(misc): clarifications, grouping of modifier methods (#2435)
  • 21e9d4b fix(postgrest): then typing (#2349)
  • 65fafe5 chore(release): version 2.108.0 changelogs (#2433)
  • 2edb581 fix(postgrest): pass request headers as plain object for RN/custom-fetch comp...
  • b7a8247 docs(postgrest): rename count to rows for better comprehension (#2427)
  • 57014e1 chore(release): version 2.107.0 changelogs (#2421)
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: supply-chain. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 14, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 14, 2026 04:36
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 14, 2026
@changeset-bot

changeset-bot Bot commented Jul 14, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: a23fb10

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderdan

Copy link
Copy Markdown
Contributor

@dependabot rebase

…ith 4 updates

Bumps the dev-dependencies group with 4 updates in the / directory: [js-yaml](https://github.com/nodeca/js-yaml), [turbo](https://github.com/vercel/turborepo), [@clerk/backend](https://github.com/clerk/javascript/tree/HEAD/packages/backend) and [@supabase/postgrest-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/postgrest-js).


Updates `js-yaml` from 4.2.0 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.2.0...4.3.0)

Updates `turbo` from 2.10.2 to 2.10.4
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.10.2...v2.10.4)

Updates `@clerk/backend` from 3.4.9 to 3.11.0
- [Release notes](https://github.com/clerk/javascript/releases)
- [Changelog](https://github.com/clerk/javascript/blob/main/packages/backend/CHANGELOG.md)
- [Commits](https://github.com/clerk/javascript/commits/@clerk/backend@3.11.0/packages/backend)

Updates `@supabase/postgrest-js` from 2.105.4 to 2.110.0
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/postgrest-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.110.0/packages/core/postgrest-js)

---
updated-dependencies:
- dependency-name: "@clerk/backend"
  dependency-version: 3.11.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@supabase/postgrest-js"
  dependency-version: 2.110.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: turbo
  dependency-version: 2.10.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-59ab8c9141 branch from 77df762 to a23fb10 Compare July 14, 2026 06:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant