fix: bump the version-updates group across 1 directory with 8 updates

[dependabot]

Bumps the version-updates group with 8 updates in the / directory:

Package	From	To
@mxenabled/mxui	1.5.5	1.5.6
axios	1.11.0	1.12.2
dompurify	3.2.6	3.2.7
commander	14.0.0	14.0.1
esbuild	0.25.9	0.25.10
rollup	4.50.1	4.52.0
semantic-release	24.2.7	24.2.9
typescript-eslint	8.42.0	8.44.0

Updates @mxenabled/mxui from 1.5.5 to 1.5.6

Updates axios from 1.11.0 to 1.12.2

Release notes

Sourced from axios's releases.

Release v1.12.2

Release notes:

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

Release v1.12.1

Release notes:

Bug Fixes

• types: fixed env config types; (#7020) (b5f26b7)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.12.0

Release notes:

Bug Fixes

• adding build artifacts (9ec86de)
• dont add dist on release (a2edc36)
• fetch-adapter: set correct Content-Type for Node FormData (#6998) (a9f47af)
• node: enforce maxContentLength for data: URLs (#7011) (945435f)
• package exports (#5627) (aa78ac2)
• params: removing '[' and ']' from URL encode exclude characters (#3316) (#5715) (6d84189)
• release pr run (fd7f404)
• types: change the type guard on isCancel (#5595) (0dbb7fd)

Features

• adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
• fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
• support reviver on JSON.parse (#5926) (2a97634), closes #5924
• types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

• Willian Agostini
• Dmitriy Mozgovoy
• khani
• Ameer Assadi
• Emiedonmokumo Dick-Boro
• Zeroday BYTE

... (truncated)

Changelog

Sourced from axios's changelog.

1.12.2 (2025-09-14)

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

1.12.1 (2025-09-12)

Bug Fixes

• types: fixed env config types; (#7020) (b5f26b7)

Contributors to this release

• Dmitriy Mozgovoy

1.12.0 (2025-09-11)

Bug Fixes

• adding build artifacts (9ec86de)
• dont add dist on release (a2edc36)
• fetch-adapter: set correct Content-Type for Node FormData (#6998) (a9f47af)
• node: enforce maxContentLength for data: URLs (#7011) (945435f)
• package exports (#5627) (aa78ac2)
• params: removing '[' and ']' from URL encode exclude characters (#3316) (#5715) (6d84189)
• release pr run (fd7f404)
• types: change the type guard on isCancel (#5595) (0dbb7fd)

Features

• adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
• fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
• support reviver on JSON.parse (#5926) (2a97634), closes #5924
• types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

• Willian Agostini
• Dmitriy Mozgovoy
• khani

... (truncated)

Commits

• e5a3336 chore(release): v1.12.2 (#7031)
• 38726c7 refactor: change if in else to else if (#7028)
• cf78825 fix(fetch): use current global fetch instead of cached one when env fetch is ...
• c26d00f refactor: remove redundant assignment (#7029)
• 9fb41a8 chore(ci): add local HTTP server for Karma tests; (#7022)
• 19f9f36 docs(readme): add custom fetch section; (#7024)
• 3cac78c chore(release): v1.12.1 (#7021)
• b5f26b7 fix(types): fixed env config types; (#7020)
• 0d8ad6e chore(release): v1.12.0 (#7013)
• fd7f404 fix: release pr run
• Additional commits viewable in compare view

Updates dompurify from 3.2.6 to 3.2.7

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.7

• Added new attributes and elements to default allow-list, thanks @​elrion018
• Added tagName parameter to custom element attributeNameCheck, thanks @​nelstrom
• Added better check for animated href attributes, thanks @​llamakko
• Updated and improved the bundled types, thanks @​ssi02014
• Updated several tests to better align with new browser encoding behaviors
• Improved the handling of potentially risky content inside CDATA elements, thanks @​securityMB & @​terjanq
• Improved the regular expression for raw-text elements to cover textareas, thanks @​securityMB & @​terjanq

Commits

• eaa0bdb Merge pull request #1144 from cure53/main
• f712593 fix: removed a possibly dossy regex
• eb9b3b6 Merge branch 'main' of github.com:cure53/DOMPurify
• ce006f7 chore: Preparing 3.2.7 release
• ef0e0cb chore: Preparing 3.2.6 release
• 2f09cd3 Update README.md
• 6a795bc Merge pull request #1142 from cure53/dependabot/github_actions/actions/setup-...
• 2458bbd build(deps): bump actions/setup-node from 4 to 5
• e43d3f3 Merge pull request #1136 from cure53/dependabot/github_actions/actions/checko...
• 6f5be37 build(deps): bump actions/checkout from 4 to 5
• Additional commits viewable in compare view

Updates commander from 14.0.0 to 14.0.1

Release notes

Sourced from commander's releases.

v14.0.1

Fixed

• broken markdown link in README (#2369)

Changed

• improve code readability by using optional chaining (#2394)
• use more idiomatic code with object spread instead of Object.assign() (#2395)
• improve code readability using string.endsWith() instead of string.slice() (#2396)
• refactor .parseOptions() to process args array in-place (#2409)
• change private variadic support routines from ._concatValue() to ._collectValue() (change code from array.concat() to array.push()) (#2410)
• update (dev) dependencies

Changelog

Sourced from commander's changelog.

[14.0.1] (2025-09-12)

Fixed

• broken markdown link in README (#2369)

Changed

• improve code readability by using optional chaining (#2394)
• use more idiomatic code with object spread instead of Object.assign() (#2395)
• improve code readability using string.endsWith() instead of string.slice() (#2396)
• refactor .parseOptions() to process args array in-place (#2409)
• change private variadic support routines from ._concatValue() to ._collectValue() (change code from array.concat() to array.push()) (#2410)
• update (dev) dependencies

Commits

• bd4ae26 Prepare for 14.0.1 release (#2426)
• cb7ae51 Bump actions/setup-node from 4 to 5 (#2422)
• b855083 Update dependencies (#2421)
• 64003ac Bump tsd from 0.32.0 to 0.33.0 (#2419)
• 025ee3f Bump @​eslint/js from 9.32.0 to 9.34.0 (#2417)
• fb2429e Bump prettier from 3.5.3 to 3.6.2 (#2415)
• 6e40543 Bump actions/checkout from 4 to 5 (#2412)
• c635fad Collect variadic with push, add tests (#2410)
• 201d932 Refactor parseOptions to process args in-place (#2409)
• fb65fca Bump eslint from 9.30.1 to 9.32.0 (#2402)
• Additional commits viewable in compare view

Updates esbuild from 0.25.9 to 0.25.10

Release notes

Sourced from esbuild's releases.

v0.25.10

• Fix a panic in a minification edge case (#4287)

  This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

  function identity(x) { return x }
  identity({ y: identity(123) })

• Fix @supports nested inside pseudo-element (#4265)

  When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

  The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

  However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

  /* Original code */
  ::placeholder {
    color: red;
    body & { color: green }
    @supports (color: blue) { color: blue }
  }
  /* Old output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  {
  color: blue;
  }
  }
  /* New output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  ::placeholder {
  color: blue;
  }

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.25.10

• Fix a panic in a minification edge case (#4287)

  This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

  function identity(x) { return x }
  identity({ y: identity(123) })

• Fix @supports nested inside pseudo-element (#4265)

  When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

  The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

  However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

  /* Original code */
  ::placeholder {
    color: red;
    body & { color: green }
    @supports (color: blue) { color: blue }
  }
  /* Old output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  {
  color: blue;
  }
  }
  /* New output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  ::placeholder {
  color: blue;

... (truncated)

Commits

• d6b668f publish 0.25.10 to npm
• 5088c19 refactor: use strings.Builder (#4290)
• 755da31 run make update-compat-table
• a1d9c86 fix #4287: marked the wrong issue as fixed
• 73a0b2a fix #4286: minifier panic due to identity function
• 134dadf fix #4265: @supports nested inside ::pseudo
• See full diff in compare view

Updates rollup from 4.50.1 to 4.52.0

Release notes

Sourced from rollup's releases.

v4.52.0

4.52.0

2025-09-19

Features

• Add option output.onlyExplicitManualChunks to turn off merging additional dependencies into manual chunks (#6087)
• Add support for x86_64-pc-windows-gnu platform (#6110)

Pull Requests

• #6087: fix: manualChunks and non manualChunks shared dependencies are merged with the first manualChunk encountered alphabetically (@​maiieul)
• #6110: Add support x86_64-pc-windows-gnu (@​lsq, @​lukastaegert)
• #6118: Automatically remove REPL artefacts label from PRs (@​lukastaegert)

v4.51.0

4.51.0

2025-09-19

Features

• Support ROLLUP_FILE_URL_OBJ placeholder to inject file URLs into the generated code (#6108)

Bug Fixes

• Improve OpenHarmony build to work in more situations (#6115)

Pull Requests

• #6108: feat: support ROLLUP_FILE_URL_OBJ for URL object instead of string (@​guybedford, @​lukastaegert)
• #6112: Disable Cargo cache for Android (@​lukastaegert)
• #6113: fix(deps): update rust crate swc_compiler_base to v35 (@​renovate[bot])
• #6114: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6115: Disable local_dynamic_tls for OpenHarmony (@​hqzing)
• #6116: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6117: chore(deps): lock file maintenance (@​renovate[bot])

v4.50.2

4.50.2

2025-09-15

Bug Fixes

• Resolve an issue where unused destructured array pattern declarations would conflict with included variables (#6100)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.52.0

2025-09-19

Features

• Add option output.onlyExplicitManualChunks to turn off merging additional dependencies into manual chunks (#6087)
• Add support for x86_64-pc-windows-gnu platform (#6110)

Pull Requests

• #6087: fix: manualChunks and non manualChunks shared dependencies are merged with the first manualChunk encountered alphabetically (@​maiieul)
• #6110: Add support x86_64-pc-windows-gnu (@​lsq, @​lukastaegert)
• #6118: Automatically remove REPL artefacts label from PRs (@​lukastaegert)

4.51.0

2025-09-19

Features

• Support ROLLUP_FILE_URL_OBJ placeholder to inject file URLs into the generated code (#6108)

Bug Fixes

• Improve OpenHarmony build to work in more situations (#6115)

Pull Requests

• #6108: feat: support ROLLUP_FILE_URL_OBJ for URL object instead of string (@​guybedford, @​lukastaegert)
• #6112: Disable Cargo cache for Android (@​lukastaegert)
• #6113: fix(deps): update rust crate swc_compiler_base to v35 (@​renovate[bot])
• #6114: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6115: Disable local_dynamic_tls for OpenHarmony (@​hqzing)
• #6116: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6117: chore(deps): lock file maintenance (@​renovate[bot])

4.50.2

2025-09-15

Bug Fixes

• Resolve an issue where unused destructured array pattern declarations would conflict with included variables (#6100)

Pull Requests

• #6100: Tree-shake un-included elements in array pattern (@​TrickyPi)
• #6102: chore(deps): update actions/setup-node action to v5 (@​renovate[bot])
• #6103: chore(deps): update dependency eslint-plugin-unicorn to v61 (@​renovate[bot])

... (truncated)

Commits

• 2029f63 4.52.0
• 039ba6b Fix release script for commits without GitHub authors
• 98f5d35 Automatically remove REPL artefacts label from PRs (#6118)
• 3f124ba fix: manualChunks and non manualChunks shared dependencies are merged with th...
• a0bb78c Add support x86_64-pc-windows-gnu (#6110)
• 1748736 4.51.0
• e518bde chore(deps): lock file maintenance (#6117)
• 9265955 Disable local_dynamic_tls for OpenHarmony (#6115)
• 0b8e19d fix(deps): update rust crate swc_compiler_base to v35 (#6113)
• b14f803 chore(deps): lock file maintenance minor/patch updates (#6116)
• Additional commits viewable in compare view

Updates semantic-release from 24.2.7 to 24.2.9

Release notes

Sourced from semantic-release's releases.

v24.2.9

24.2.9 (2025-09-19)

Bug Fixes

• deps: update dependency semver-diff to v5 (#3867) (a834948)

v24.2.8

24.2.8 (2025-09-10)

Bug Fixes

• deps: update dependency hook-std to v4 (#3859) (67abe56)

Commits

• a834948 fix(deps): update dependency semver-diff to v5 (#3867)
• 14a5bec chore(deps): update dependency publint to v0.3.13 (#3871)
• c1a63dc chore(deps): update dependency @​types/node to v22.18.6 (#3870)
• 83409e2 chore(deps): update dependency got to v14.4.9 (#3869)
• 4197efe chore(deps): update dependency @​types/node to v22.18.5 (#3868)
• 7415b95 chore(deps): update dependency fs-extra to v11.3.2 (#3866)
• d0c8d19 chore(deps): update dependency @​types/node to v22.18.4 (#3865)
• e660d3c chore(deps): lock file maintenance (#3864)
• 33ce27b chore(deps): update dependency @​types/node to v22.18.3 (#3862)
• e55e1f9 ci(action): update github/codeql-action action to v3.30.3 (#3860)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.42.0 to 8.44.0

Release notes

Sourced from typescript-eslint's releases.

v8.44.0

8.44.0 (2025-09-15)

🚀 Features

• eslint-plugin: [await-thenable] report invalid (non-promise) values passed to promise aggregator methods (#11267)

🩹 Fixes

• deps: update dependency @​eslint-community/eslint-utils to v4.8.0 (#11589)
• eslint-plugin: [no-unnecessary-type-conversion] ignore enum members (#11490)

❤️ Thank You

• Moses Odutusin @​thebolarin
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.43.0

8.43.0 (2025-09-08)

🚀 Features

• typescript-estree: disallow empty type parameter/argument lists (#11563)

🩹 Fixes

• eslint-plugin: [no-non-null-assertion] do not suggest optional chain on LHS of assignment (#11489)
• eslint-plugin: [no-unnecessary-type-conversion] only report ~~ on integer literal types (#11517)
• eslint-plugin: [consistent-type-exports] fix declaration shadowing (#11457)
• eslint-plugin: [no-floating-promises] allowForKnownSafeCalls now supports function names (#11423, #11430)
• eslint-plugin: [no-deprecated] should report deprecated exports and reexports (#11359)
• eslint-plugin: [prefer-return-this-type] don't report an error when returning a union type that includes a classType (#11432)
• rule-tester: normalize paths before checking if they escape cwd (#11525)
• scope-manager: exclude Program from DefinitionBase node types (#11469)
• type-utils: add union type support to TypeOrValueSpecifier (#11526)
• typescript-estree: match filenames starting with a period when using glob in allowDefaultProject / (#11537)

❤️ Thank You

• Dima @​dbarabashh
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Nicolas Le Cam
• tao
• Victor Genaev @​mainframev
• Yukihiro Hasegawa @​y-hsgw
• 민감자(Minji Kim) @​mouse0429
• 송재욱

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.44.0 (2025-09-15)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.43.0 (2025-09-08)

🩹 Fixes

• eslint-plugin: [no-deprecated] should report deprecated exports and reexports (#11359)

❤️ Thank You

• Victor Genaev @​mainframev

You can read about our versioning strategy and releases on our website.

Commits

• 77056f7 chore(release): publish 8.44.0
• ef9173c chore(release): publish 8.43.0
• d8ca5ef fix(eslint-plugin): [no-deprecated] should report deprecated exports and reex...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.