Skip to content

[javascript] Update Package Dependencies#224

Merged
hayat01sh1da merged 2 commits intomasterfrom
hayat01sh1da/javascript/update-package-dependencies
Apr 10, 2026
Merged

[javascript] Update Package Dependencies#224
hayat01sh1da merged 2 commits intomasterfrom
hayat01sh1da/javascript/update-package-dependencies

Conversation

@hayat01sh1da
Copy link
Copy Markdown
Owner

@hayat01sh1da hayat01sh1da commented Apr 10, 2026
edited
Loading

1. Overview

This PR updates package dependencies across three sub-projects: javascript, reactjs, and typescript. It includes both direct dependency bumps in package.json files and corresponding lock file updates.

2. Direct Dependency Changes

2-1. javascript/package.json

Package Old Version New Version
marked ^17.0.5 ^17.0.6

marked (17.0.5 → 17.0.6): A Markdown parser and compiler. Bug fixes include:

  • Avoid race condition in async parallel parse/parseInline with hooks (#3924)
  • CLI: honor positional input file (#3922)
  • CLI: use file URL for config import (#3923)

2-2. reactjs/package.json

Package Old Version New Version
react ^19.2.4 ^19.2.5
react-dom ^19.2.4 ^19.2.5
webpack-dev-server ^5.2.3 5.2.3 (pinned, caret removed)

react / react-dom (19.2.4 → 19.2.5): React core and DOM renderer. Changes include:

  • React Server Components: add more cycle protections (#36236)

webpack-dev-server (^5.2.3 → 5.2.3): The caret (^) was removed to pin the exact version, preventing automatic minor/patch upgrades. No version change in the resolved package.

2-3. typescript/package.json

Package Old Version New Version
@types/node ^25.5.2 ^25.6.0

@types/node (25.5.2 → 25.6.0): TypeScript type definitions for Node.js, updated to match Node.js v25.6. Key changes include:

  • Do not emit module JSDoc headers (#74661)
  • Fix Web Streams chunk parameter optionality (#74773)
  • Fix JSDoc for overloaded Node stream APIs (#74817)

2-4. Transitive Dependency Changes (pnpm-lock.yaml)

Package Old Version New Version
@types/node 25.5.2 25.6.0
undici-types 7.18.2 7.19.2
baseline-browser-mapping 2.10.14 2.10.17
caniuse-lite 1.0.30001785 1.0.30001787
electron-to-chromium 1.5.331 1.5.334
regjsparser 0.13.0 0.13.1
marked 17.0.5 17.0.6
react 19.2.4 19.2.5
react-dom 19.2.4 19.2.5
webpack 5.105.4 5.106.1
call-bind 1.0.8 1.0.9
es-abstract 1.24.1 1.24.2
es-iterator-helpers 1.3.1 1.3.2
side-channel-list 1.0.0 1.0.1
tinyglobby 0.2.15 0.2.16

2-4-1. @types/node (25.5.2 → 25.6.0)

TypeScript type definitions for Node.js, updated to match Node.js v25.6. Key changes include:

  • Do not emit module JSDoc headers (#74661)
  • Fix Web Streams chunk parameter optionality (#74773)
  • Fix JSDoc for overloaded Node stream APIs (#74817)

2-4-2. undici-types (7.18.2 → 7.19.2)

Companion types package for @types/node. Updated to reflect the latest undici (Node.js HTTP client) type definitions.

2-4-3. baseline-browser-mapping (2.10.14 → 2.10.17)

Updated browser baseline mapping data used by browserslist for determining browser support targets.

2-4-4. caniuse-lite (1.0.30001785 → 1.0.30001787)

Updated browser compatibility data from the Can I Use database, reflecting the latest browser feature support information.

2-4-5. electron-to-chromium (1.5.331 → 1.5.334)

Updated Electron-to-Chromium version mapping data, used by browserslist to determine which Chromium version corresponds to each Electron release.

2-4-6. regjsparser (0.13.0 → 0.13.1)

Patch fix for the JavaScript RegExp parser used by @babel/plugin-transform-unicode-regex and related Babel plugins for transpiling regular expressions.

2-4-7. marked (17.0.5 → 17.0.6)

Resolved version bump of the Markdown parser. See the direct dependency description above for details.

2-4-8. react / react-dom (19.2.4 → 19.2.5)

Resolved version bump of React and ReactDOM. See the direct dependency description above for details.

2-4-9. webpack (5.105.4 → 5.106.1)

JavaScript module bundler. Patch changes include:

  • Fix two ES5-environment regressions in the anonymous default export .name fix-up: the generated code referenced an undeclared __WEBPACK_DEFAULT_EXPORT__ binding causing ReferenceError, and used Reflect.defineProperty which is not available in pre-ES2015 runtimes (#20796)
  • Prevent !important from being renamed as a local identifier in CSS modules (#20798)
  • Use compiler context instead of module context for CSS modules local ident hashing to avoid hash collisions when files with the same name exist in different directories (#20799)

2-4-10. call-bind (1.0.8 → 1.0.9)

Utility for Function.prototype.bind with a reliable bound function. Changes include:

  • Fix: correct .length computation when partial args exceed function arity

2-4-11. es-abstract (1.24.1 → 1.24.2)

ECMAScript spec abstract operations implementation. Changes include:

  • Fix: IfAbruptCloseIterator — handle all abrupt completions, not just throw
  • Robustness: use +x instead of Number(x), use isFinite/parseInt intrinsics
  • Robustness: ensure undefined is undefined

2-4-12. es-iterator-helpers (1.3.1 → 1.3.2)

Polyfill for ECMAScript iterator helpers. Patch update with internal dependency cleanup (removed safe-array-concat dependency).

2-4-13. side-channel-list (1.0.0 → 1.0.1)

Linked-list implementation extracted from the side-channel package for storing key-value associations. Patch fix.

2-4-14. tinyglobby (0.2.15 → 0.2.16)

A fast and minimal glob matching library. Patch update with minor improvements.

@hayat01sh1da hayat01sh1da requested a review from Copilot April 10, 2026 18:56
@hayat01sh1da hayat01sh1da self-assigned this Apr 10, 2026
Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates JavaScript/TypeScript/React subproject dependency versions and syncs the corresponding pnpm-lock.yaml files to reflect the new resolutions.

Changes:

  • Bump @types/node to ^25.6.0 in the JavaScript and TypeScript subprojects (and update lockfiles accordingly).
  • Bump marked to ^17.0.6 in the JavaScript subproject (and update lockfile).
  • Bump React/ReactDOM to ^19.2.5 and update related transitive tooling resolutions in the React subproject (including lockfile updates).

Reviewed changes

Copilot reviewed 3 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
typescript/package.json Updates @types/node version range.
typescript/pnpm-lock.yaml Updates resolved @types/node and related snapshot entries.
javascript/package.json Updates marked version range.
javascript/pnpm-lock.yaml Updates resolved marked, @types/node, and related transitive entries.
reactjs/package.json Updates react/react-dom and pins webpack-dev-server to an exact version.
reactjs/pnpm-lock.yaml Updates resolved React packages and transitive dependency graph (e.g., webpack-related resolutions).
Files not reviewed (3)
  • javascript/pnpm-lock.yaml: Language not supported
  • reactjs/pnpm-lock.yaml: Language not supported
  • typescript/pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@hayat01sh1da
Update reactjs/package.json
2e6605b 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
hayat01sh1da
hayat01sh1da commented Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Owner Author

@hayat01sh1da hayat01sh1da left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hayat01sh1da hayat01sh1da merged commit c64cba4 into master Apr 10, 2026
7 checks passed
@hayat01sh1da hayat01sh1da deleted the hayat01sh1da/javascript/update-package-dependencies branch April 10, 2026 19:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@hayat01sh1da hayat01sh1da

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hayat01sh1da