Bump the npm_and_yarn group across 4 directories with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
cookie	0.6.0	0.7.0
tsup	8.3.0	8.3.5
undici	5.28.5	5.29.0
esbuild	0.25.4	0.25.5
vite	5.4.14	5.4.19

Bumps the npm_and_yarn group with 1 update in the /fixtures/import-npm directory: undici.
Bumps the npm_and_yarn group with 1 update in the /fixtures/worker-app directory: cookie.
Bumps the npm_and_yarn group with 1 update in the /packages/vite-plugin-cloudflare directory: tsup.

Updates cookie from 0.6.0 to 0.7.0

Release notes

Sourced from cookie's releases.

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

Commits

• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• d6f39b0 Fix tests for old node
• 6bb701f Remove failing scorecard
• ca70da4 test(serialize): additional tests for name, domain and path RFC validations (...
• 47917c9 Iterate whitespace for perf (#170)
• 927d48a Add main to package.json (#166)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates tsup from 8.3.0 to 8.3.5

Release notes

Sourced from tsup's releases.

v8.3.5

   🐞 Bug Fixes

• Run experimentalDts only once  -  by @​aryaemami59 in egoist/tsup#1236 (fddd4)

    View changes on GitHub

v8.3.4

No significant changes

    View changes on GitHub

v8.3.3

No significant changes

    View changes on GitHub

v8.3.1

   🚀 Features

• Add es2024 target  -  by @​sxzz (4c8cd)

   🐞 Bug Fixes

• Support TS 5.6 for svelte  -  by @​sxzz (28b9c)
• Add neutral value to platform options in schema.json  -  by @​venables in egoist/tsup#982 (a03db)
• Wider restriction for target option  -  by @​odanado in egoist/tsup#1118 (1979b)
• Add terser value to minify option in schema.json  -  by @​damienbutt in egoist/tsup#991 (34951)
• Change newlineKind to lf for experimentalDts  -  by @​aryaemami59 in egoist/tsup#1234 (4584b)
• Enable rollup output.compact when minify is enabled  -  by @​hyrious in egoist/tsup#1232 (9cc86)
• Support Node16 and NodeNext module resolution in experimentalDts  -  by @​aryaemami59 in egoist/tsup#1225 (41c98)

    View changes on GitHub

Commits

• cd03e1e chore: release v8.3.5
• fddd451 fix: run experimentalDts only once (#1236)
• 21b1193 chore: release v8.3.4
• 580e03d ci: fix release workflow
• 01b38f2 chore: release v8.3.3
• 4f5b71e ci: fix release workflow
• e80dad6 chore: release v8.3.2
• f4af79a ci: fix release workflow (#1241)
• 4b72d61 chore: release v8.3.1
• 41c98ff fix: support Node16 and NodeNext module resolution in experimentalDts (...
• Additional commits viewable in compare view

Updates undici from 5.28.5 to 5.29.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

• Fix tests in v5.x for Node 20 by @​mcollina in nodejs/undici#4104
• Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

Commits

• 9528f68 Bumped v5.29.0
• f1d75a4 increase timeout for redirect test
• 2d31ed6 remove fuzzing tests
• 6b36d49 fix redirect test in Node v16
• 648dd8f more fix for the wpt runner on Windows
• a0516ba don't use internal header state for cookies (#3295)
• 87ce4af fix test/client for node 20
• c2c8fd5 fix: accept v20 SSL specific error for alpn selection in http/2
• 82200bd [v6.x] fix wpts on windows (#4093)
• 47546fa test: fix windows wpt (#4050)
• Additional commits viewable in compare view

Updates esbuild from 0.25.4 to 0.25.5

Release notes

Sourced from esbuild's releases.

v0.25.5

• Fix a regression with browser in package.json (#4187)

  The fix to #4144 in version 0.25.3 introduced a regression that caused browser overrides specified in package.json to fail to override relative path names that end in a trailing slash. That behavior change affected the axios@0.30.0 package. This regression has been fixed, and now has test coverage.

• Add support for certain keywords as TypeScript tuple labels (#4192)

  Previously esbuild could incorrectly fail to parse certain keywords as TypeScript tuple labels that are parsed by the official TypeScript compiler if they were followed by a ? modifier. These labels included function, import, infer, new, readonly, and typeof. With this release, these keywords will now be parsed correctly. Here's an example of some affected code:

  type Foo = [
    value: any,
    readonly?: boolean, // This is now parsed correctly
  ]

• Add CSS prefixes for the stretch sizing value (#4184)

  This release adds support for prefixing CSS declarations such as div { width: stretch }. That CSS is now transformed into this depending on what the --target= setting includes:

  div {
    width: -webkit-fill-available;
    width: -moz-available;
    width: stretch;
  }

Changelog

Sourced from esbuild's changelog.

0.25.5

• Fix a regression with browser in package.json (#4187)

  The fix to #4144 in version 0.25.3 introduced a regression that caused browser overrides specified in package.json to fail to override relative path names that end in a trailing slash. That behavior change affected the axios@0.30.0 package. This regression has been fixed, and now has test coverage.

• Add support for certain keywords as TypeScript tuple labels (#4192)

  Previously esbuild could incorrectly fail to parse certain keywords as TypeScript tuple labels that are parsed by the official TypeScript compiler if they were followed by a ? modifier. These labels included function, import, infer, new, readonly, and typeof. With this release, these keywords will now be parsed correctly. Here's an example of some affected code:

  type Foo = [
    value: any,
    readonly?: boolean, // This is now parsed correctly
  ]

• Add CSS prefixes for the stretch sizing value (#4184)

  This release adds support for prefixing CSS declarations such as div { width: stretch }. That CSS is now transformed into this depending on what the --target= setting includes:

  div {
    width: -webkit-fill-available;
    width: -moz-available;
    width: stretch;
  }

Commits

• ea453bf publish 0.25.5 to npm
• 223ddc6 fix #4187: browser package.json regression
• b2c8251 fix #4192: typescript tuple label parser edge case
• 28cf2f3 fix #4184: css prefixes for stretch
• bee1b09 fix comment indents
• 9ddfe5f run make update-compat-table
• c339f34 fix a misplaced comment
• See full diff in compare view

Updates vite from 5.4.14 to 5.4.19

Release notes

Sourced from vite's releases.

v5.4.19

Please refer to CHANGELOG.md for details.

v5.4.18

Please refer to CHANGELOG.md for details.

v5.4.17

Please refer to CHANGELOG.md for details.

v5.4.16

Please refer to CHANGELOG.md for details.

v5.4.15

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.19 (2025-04-30)

• fix: backport #19965, check static serve file inside sirv (#19966) (766947e), closes #19965 #19966

5.4.18 (2025-04-10)

• fix: backport #19830, reject requests with # in request-target (#19831) (823675b), closes #19830 #19831

5.4.17 (2025-04-03)

• fix: backport #19782, fs check with svg and relative paths (#19784) (84b2b46), closes #19782 #19784

5.4.16 (2025-03-31)

• fix: backport #19761, fs check in transform middleware (#19762) (b627c50), closes #19761 #19762

5.4.15 (2025-03-24)

• fix: backport #19702, fs raw query with query separators (#19703) (807d7f0), closes #19702 #19703

Commits

• 80a333a release: v5.4.19
• 766947e fix: backport #19965, check static serve file inside sirv (#19966)
• 731b77d release: v5.4.18
• 823675b fix: backport #19830, reject requests with # in request-target (#19831)
• 0a2518a release: v5.4.17
• 84b2b46 fix: backport #19782, fs check with svg and relative paths (#19784)
• 712cb71 release: v5.4.16
• b627c50 fix: backport #19761, fs check in transform middleware (#19762)
• 9b0f4c8 release: v5.4.15
• 807d7f0 fix: backport #19702, fs raw query with query separators (#19703)
• See full diff in compare view

Updates undici from 5.28.5 to 5.29.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

• Fix tests in v5.x for Node 20 by @​mcollina in nodejs/undici#4104
• Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

Commits

• 9528f68 Bumped v5.29.0
• f1d75a4 increase timeout for redirect test
• 2d31ed6 remove fuzzing tests
• 6b36d49 fix redirect test in Node v16
• 648dd8f more fix for the wpt runner on Windows
• a0516ba don't use internal header state for cookies (#3295)
• 87ce4af fix test/client for node 20
• c2c8fd5 fix: accept v20 SSL specific error for alpn selection in http/2
• 82200bd [v6.x] fix wpts on windows (#4093)
• 47546fa test: fix windows wpt (#4050)
• Additional commits viewable in compare view

Updates cookie from 0.6.0 to 0.7.0

Release notes

Sourced from cookie's releases.

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

Commits

• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• d6f39b0 Fix tests for old node
• 6bb701f Remove failing scorecard
• ca70da4 test(serialize): additional tests for name, domain and path RFC validations (...
• 47917c9 Iterate whitespace for perf (#170)
• 927d48a Add main to package.json (#166)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates tsup from 8.3.0 to 8.3.5

Release notes

Sourced from tsup's releases.

v8.3.5

   🐞 Bug Fixes

• Run experimentalDts only once  -  by @​aryaemami59 in egoist/tsup#1236 (fddd4)

    View changes on GitHub

v8.3.4

No significant changes

    View changes on GitHub

v8.3.3

No significant changes

    View changes on GitHub

v8.3.1

   🚀 Features

• Add es2024 target  -  by @​sxzz (4c8cd)

   🐞 Bug Fixes

• Support TS 5.6 for svelte  -  by @​sxzz (28b9c)
• Add neutral value to platform options in schema.json  -  by @​venables in egoist/tsup#982 (a03db)
• Wider restriction for target option  -  by @​odanado in egoist/tsup#1118 (1979b)
• Add terser value to minify option in schema.json  -  by @​damienbutt in egoist/tsup#991 (34951)
• Change newlineKind to lf for experimentalDts  -  by @​aryaemami59 in egoist/tsup#1234 (4584b)
• Enable rollup output.compact when minify is enabled  -  by @​hyrious in egoist/tsup#1232 (9cc86)
• Support Node16 and NodeNext module resolution in experimentalDts  -  by @​aryaemami59 in egoist/tsup#1225 (41c98)

    View changes on GitHub

Commits

• cd03e1e chore: release v8.3.5
• fddd451 fix: run experimentalDts only once (#1236)
• 21b1193 chore: release v8.3.4
• 580e03d ci: fix release workflow
• 01b38f2 chore: release v8.3.3
• 4f5b71e ci: fix release workflow
• e80dad6 chore: release v8.3.2
• f4af79a ci: fix release workflow (#1241)
• 4b72d61 chore: release v8.3.1
• 41c98ff fix: support Node16 and NodeNext module resolution in experimentalDts (...
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.