build(deps): bump the npm_and_yarn group across 3 directories with 6 updates by dependabot[bot] · Pull Request #5 · martyn-v/gitdbt

dependabot · 2026-06-01T19:15:05Z

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
turbo	`2.8.14`	`2.9.14`
@nestjs/core	`11.1.16`	`11.1.18`
drizzle-orm	`0.39.3`	`0.45.2`
vitest	`3.2.4`	`4.1.0`
vite	`6.4.1`	`6.4.2`

Bumps the npm_and_yarn group with 3 updates in the /apps/server directory: @nestjs/core, drizzle-orm and vitest.
Bumps the npm_and_yarn group with 2 updates in the /apps/web directory: vitest and vite.

Updates turbo from 2.8.14 to 2.9.14

Release notes

Sourced from turbo's releases.

Turborepo v2.9.14

[!NOTE] This release contains important security fixes.

High:

GHSA-5xc8-49mv-x4mm: Turborepo VSCode Extension command injection

Low:

GHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation

GHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection

What's Changed

Changelog

release(turborepo): 2.9.12 by @github-actions[bot] in vercel/turborepo#12774

fix: Restore docs mobile menu by @anthonyshew in vercel/turborepo#12782

ci: Use pull_request for PR title linting by @anthonyshew in vercel/turborepo#12787

ci: Scope GitHub Actions caches by branch by @anthonyshew in vercel/turborepo#12788

test: Validate lockfiles without dependency downloads by @anthonyshew in vercel/turborepo#12789

Removed unneeded import form hash creation script in docs by @dancrumb in vercel/turborepo#12799

fix: Validate auth callback state by @anthonyshew in vercel/turborepo#12802

fix: Harden VS Code extension command execution by @anthonyshew in vercel/turborepo#12800

fix: Avoid project-local Yarn during detection by @anthonyshew in vercel/turborepo#12801

chore: Release 2.9.13 by @anthonyshew in vercel/turborepo#12803

New Contributors

@dancrumb made their first contribution in vercel/turborepo#12799

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

Turborepo v2.9.13-canary.1

What's Changed

Changelog

release(turborepo): 2.9.11-canary.7 by @github-actions[bot] in vercel/turborepo#12768

fix: Allow $TURBO_EXTENDS$ in LSP diagnostics by @anthonyshew in vercel/turborepo#12770

release(turborepo): 2.9.11 by @github-actions[bot] in vercel/turborepo#12771

fix: Allow transit nodes in LSP diagnostics by @anthonyshew in vercel/turborepo#12773

release(turborepo): 2.9.12 by @github-actions[bot] in vercel/turborepo#12774

fix: Restore docs mobile menu by @anthonyshew in vercel/turborepo#12782

ci: Use pull_request for PR title linting by @anthonyshew in vercel/turborepo#12787

ci: Scope GitHub Actions caches by branch by @anthonyshew in vercel/turborepo#12788

test: Validate lockfiles without dependency downloads by @anthonyshew in vercel/turborepo#12789

Removed unneeded import form hash creation script in docs by @dancrumb in vercel/turborepo#12799

fix: Validate auth callback state by @anthonyshew in vercel/turborepo#12802

fix: Harden VS Code extension command execution by @anthonyshew in vercel/turborepo#12800

fix: Avoid project-local Yarn during detection by @anthonyshew in vercel/turborepo#12801

... (truncated)

Commits

fc62fe0 publish 2.9.14 to registry
fb8c9ae chore: Release 2.9.13 (#12803)
e8e629d fix: Avoid project-local Yarn during detection (#12801)
91c90cb fix: Harden VS Code extension command execution (#12800)
84f4508 fix: Validate auth callback state (#12802)
1779ad7 Removed unneeded import form hash creation script in docs (#12799)
71f8c90 test: Validate lockfiles without dependency downloads (#12789)
5fcb960 ci: Scope GitHub Actions caches by branch (#12788)
4cf9fab ci: Use pull_request for PR title linting (#12787)
859c629 fix: Restore docs mobile menu (#12782)
Additional commits viewable in compare view

Updates @nestjs/core from 11.1.16 to 11.1.18

Release notes

Sourced from @nestjs/core's releases.

v11.1.18 (2026-04-03)

Bug fixes

microservices

#16675 fix(microservices): preserve packet headers in nats serializer (@wwenrr)

core

#16683 fix(core): prevent injector hang when design:paramtypes is missing (@Youmoo)

#16637 fix(core): dependency injection edge case with moduleref.create (@JakobStaudinger)

nestjs/nest#16686 fix(core): sanitize sse message

Dependencies

core, platform-express, platform-fastify

#16679 fix(deps): update dependency path-to-regexp to v8.4.2 (@renovate[bot])

platform-fastify

#16623 fix(deps): update dependency fastify to v5.8.4 (@renovate[bot])

platform-ws

#16618 chore(deps): bump ws from 8.19.0 to 8.20.0 (@dependabot[bot])

common

#16619 chore(deps): bump file-type from 21.3.3 to 21.3.4 (@dependabot[bot])

Committers: 6

Ankit San (@ankitbelal)

Jakob Staudinger (@JakobStaudinger)

Kamil Mysliwiec (@kamilmysliwiec)

Krishna Chaitanya (@Krishnachaitanyakc)

MK (@wwenrr)

youmoo (@Youmoo)

v11.1.17 (2026-03-16)

Enhancements

microservices

#16218 feat(microservices): add redis driver identification (@vchomakov)

Bugs

platform-fastify

auto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) nestjs/nest@cbdf737 (@kamilmysliwiec)

Dependencies

common

#16567 fix(deps): update dependency file-type to v21.3.2 (@renovate[bot])

platform-fastify

#16533 fix(deps): update dependency fastify to v5.8.2 (@renovate[bot])

Committers: 3

Rohan Santhosh Kumar (@Rohan5commit)

Vasil Chomakov (@vchomakov)

Kamil Mysliwiec (@kamilmysliwiec)

Commits

3c1cc5f chore(release): publish v11.1.18 release
0f962c7 fix(core): sanitize sse message
94aa424 Merge pull request #16679 from nestjs/renovate/path-to-regexp-8.x
368691c fix(core): prevent injector hang when design:paramtypes is missing
25d4fde fix(deps): update dependency path-to-regexp to v8.4.2
5c0b11e fix(deps): update dependency path-to-regexp to v8.4.1
f7d4460 Merge pull request #16637 from JakobStaudinger/moduleref-create-transient-sco...
d0a9dc9 fix(deps): update dependency path-to-regexp to v8.4.0
4677434 feat(core): export IEntryNestModule type
7493b94 fix(core): dependency injection edge case with moduleref.create
Additional commits viewable in compare view

Updates drizzle-orm from 0.39.3 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @EthanKim88, @0x90sh and @wgoodall01 for reaching out to us with a reproduction and suggested fix

0.45.1

Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

0.45.0

Fixed pg-native Pool detection in node-postgres transactions

Allowed subqueries in select fields

Updated typo algorythm => algorithm

Fixed $onUpdate not handling SQL values (fixes #2388, tests implemented by L-Mario564 in #2911)

Fixed pg mappers not handling Date instances in bun-sql:postgresql driver responses for date, timestamp types (fixes #4493)

0.44.7

fix durable sqlite transaction return value #3746 - thanks @joaocstro

0.44.6

feat: add $replicas reference #4874

0.44.5

Fixed invalid usage of .one() in durable-sqlite session

Fixed spread operator related crash in sqlite blob columns

Better browser support for sqlite blob columns

Improved sqlite blob mapping

0.44.4

Fix wrong DrizzleQueryError export. thanks @nathankleyn

0.44.3

Fixed types of $client for clients created by drizzle function
await db.$client.[...]
Added the updated_at column to the neon_auth.users_sync table definition.

0.44.2

[BUG]: Fixed type issues with joins with certain variations of tsconfig: #4535, #4457

0.44.1

[BUG]: Drizzle can no longer run on Durable Objects

0.44.0

Error handling

Starting from this version, we’ve introduced a new DrizzleQueryError that wraps all errors from database drivers and provides a set of useful information:

... (truncated)

Commits

273c780 + 0.45.2 (#5534)
4aa6ecf Kit updates (#5490)
e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
c445637 Merge pull request #5095 from drizzle-team/main-workflows
e7b3aaa Merge branch 'main' into main-workflows
0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for drizzle-orm since your current version.

Updates vitest from 3.2.4 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

🚀 Features

Return a disposable from doMock() - by @kirkwaiblinger in vitest-dev/vitest#9332 (e3e65)

Added chai style assertions - by @ronnakamoto and @sheremet-va in vitest-dev/vitest#8842 (841df)

Update to sinon/fake-timers v15 and add setTickMode to timer controls - by @atscott and @sheremet-va in vitest-dev/vitest#8726 (4b480)

Expose matcher types - by @sheremet-va in vitest-dev/vitest#9448 (3e4b9)

Add toTestSpecification to reported tasks - by @sheremet-va in vitest-dev/vitest#9464 (1a470)

Show a warning if vi.mock or vi.hoisted are declared outside of top level of the module - by @sheremet-va in vitest-dev/vitest#9387 (5db54)

Track and display expectedly failed tests (.fails) in UI and CLI - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#9476 (77d75)

Support tags - by @sheremet-va in vitest-dev/vitest#9478 (de7c8)

Implement aroundEach and aroundAll hooks - by @sheremet-va in vitest-dev/vitest#9450 (2a8cb)

Stabilize experimental features - by @sheremet-va in vitest-dev/vitest#9529 (b5fd2)

Accept new or all in --update flag - by @sheremet-va in vitest-dev/vitest#9543 (a5acf)

Support meta in test options - by @sheremet-va in vitest-dev/vitest#9535 (7d622)

Support type inference with a new test.extend syntax - by @sheremet-va in vitest-dev/vitest#9550 (e5385)

Support vite 8 beta, fix type issues in the config with different vite versions - by @sheremet-va in vitest-dev/vitest#9587 (99028)

Add assertion helper to hide internal stack traces - by @hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9594 (eeb0a)

Store failure screenshots using artifacts API - by @macarie in vitest-dev/vitest#9588 (24603)

Allow vitest list to statically collect tests instead of running files to collect them - by @sheremet-va in vitest-dev/vitest#9630 (7a8e7)

Add --detect-async-leaks - by @AriPerkkio in vitest-dev/vitest#9528 (c594d)

Implement mockThrow and mockThrowOnce - by @thor-juhasz and @sheremet-va in vitest-dev/vitest#9512 (61917)

Support update: "none" and add docs about snapshots behavior on CI - by @hi-ogawa in vitest-dev/vitest#9700 (05f18)

Support playwright launchOptions with connectOptions - by @hi-ogawa in vitest-dev/vitest#9702 (f0ff1)

Add page/locator.mark API to enhance playwright trace - by @hi-ogawa in vitest-dev/vitest#9652 (d0ee5)

api:

Support tests starting or ending with test in experimental_parseSpecification - by @jgillick and Jeremy Gillick in vitest-dev/vitest#9235 (2f367)

Add filters to createSpecification - by @sheremet-va in vitest-dev/vitest#9336 (c8e6c)

Expose runTestFiles as alternative to runTestSpecifications - by @sheremet-va in vitest-dev/vitest#9443 (43d76)

Add allowWrite and allowExec options to api - by @sheremet-va in vitest-dev/vitest#9350 (20e00)

Allow passing down test cases to toTestSpecification - by @sheremet-va in vitest-dev/vitest#9627 (6f17d)

browser:

Add userEvent.wheel API - by @macarie in vitest-dev/vitest#9188 (66080)

Add filterNode option to prettyDOM for filtering browser assertion error output - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#9475 (d3220)

Support playwright persistent context - by @hi-ogawa, Claude Opus 4.6 and @sheremet-va in vitest-dev/vitest#9229 (f865d)

Added detailsPanelPosition option and button - by @shairez in vitest-dev/vitest#9525 (c8a31)

Use BlazeDiff instead of pixelmatch - by @macarie in vitest-dev/vitest#9514 (30936)

Add findElement and enable strict mode in webdriverio and preview - by @sheremet-va in vitest-dev/vitest#9677 (c3f37)

cli:

Add @bomb.sh/tab completions - by @AmirSa12 and @sheremet-va in vitest-dev/vitest#8639 (200f3)

coverage:

Support ignore start/stop ignore hints - by @AriPerkkio in vitest-dev/vitest#9204 (e59c9)

Add coverage.changed option to report only changed files - by @kykim00 and @AriPerkkio in vitest-dev/vitest#9521 (1d939)

experimental:

Add onModuleRunner hook to worker.init - by @sheremet-va in vitest-dev/vitest#9286 (e977f)

Option to disable the module runner - by @sheremet-va and @AriPerkkio in vitest-dev/vitest#9210 (9be61)

... (truncated)

Commits

4150b91 chore: release v4.1.0
1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
eab68ba chore(deps): update all non-major dependencies (#9824)
031f02a fix: allow catch/finally for async assertion (#9827)
3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
0c2c013 chore: release v4.1.0-beta.6
8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
689a22a fix(browser): types of getCDPSession and cdp() (#9716)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.

Updates vite from 6.4.1 to 6.4.2

Release notes

Sourced from vite's releases.

v6.4.2

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.2 (2026-04-06)

fix: apply server.fs check to env transport (#22159) (#22163) (fe28e47), closes #22159 #22163

fix: avoid path traversal with optimize deps sourcemap handler (#22161) (ca4da5d), closes #22161

Commits

6b3fad0 release: v6.4.2
ca4da5d fix: avoid path traversal with optimize deps sourcemap handler (#22161)
fe28e47 fix: apply server.fs check to env transport (#22159) (#22163)
5487f4f release: v6.4.1
1114b5d fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969)
f12697c release: v6.4.0
ca6455e feat: allow passing down resolved config to vite's createServer (#20932)
0e173d8 release: v6.3.7
c59a222 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)
3f337c5 release: v6.3.6
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Fix bad text values in parse #126, thanks to @connor4312

Changed

Remove process global to work outside of node #129, thanks to @styfle

Add sideEffects to package.json #128, thanks to @frandiox

Removed os, make compatible browser environment. See #124, thanks to @gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

81cba8d Publish 2.3.2
fc1f6b6 Merge commit from fork
eec17ae Merge commit from fork
78f8ca4 Merge pull request #156 from micromatch/backport-144
3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
See full diff in compare view

Updates @nestjs/core from 11.1.16 to 11.1.18

Release notes

Sourced from @nestjs/core's releases.

v11.1.18 (2026-04-03)

Bug fixes

microservices

#16675 fix(microservices): preserve packet headers in nats serializer (@wwenrr)

core

#16683 fix(core): prevent injector hang when design:paramtypes is missing (@Youmoo)

#16637 fix(core): dependency injection edge case with moduleref.create (@JakobStaudinger)

nestjs/nest#16686 fix(core): sanitize sse message

Dependencies

core, platform-express, platform-fastify

#16679 fix(deps): update dependency path-to-regexp to v8.4.2 (@renovate[bot])

platform-fastify

#16623 fix(deps): update dependency fastify to v5.8.4 (@renovate[bot])

platform-ws

#16618 chore(deps): bump ws from 8.19.0 to 8.20.0 (@dependabot[bot])

common

#16619 chore(deps): bump file-type from 21.3.3 to 21.3.4 (@dependabot[bot])

Committers: 6

Ankit San (@ankitbelal)

Jakob Staudinger (@JakobStaudinger)

Kamil Mysliwiec (@kamilmysliwiec)

Krishna Chaitanya (@Krishnachaitanyakc)

MK (@wwenrr)

youmoo (@Youmoo)

v11.1.17 (2026-03-16)

Enhancements

microservices

#16218 feat(microservices): add redis driver identification (@vchomakov)

Bugs

platform-fastify

auto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) nestjs/nest@cbdf737 (@kamilmysliwiec)

Dependencies

common

#16567 fix(deps): update dependency file-type to v21.3.2 (@renovate[bot])

platform-fastify

#16533 fix(deps): update dependency fastify to v5.8.2 (@renovate[bot])

Committers: 3

Rohan Santhosh Kumar (@Rohan5commit)

Vasil Chomakov (@vchomakov)

Kamil Mysliwiec (@kamilmysliwiec)

Commits

3c1cc5f chore(release): publish v11.1.18 release
0f962c7 fix(core): sanitize sse message
94aa424 Merge pull request #16679 from nestjs/renovate/path-to-regexp-8.x
368691c fix(core): prevent injector hang when design:paramtypes is missing
25d4fde fix(deps): update dependency path-to-regexp to v8.4.2
5c0b11e fix(deps): update dependency path-to-regexp to v8.4.1
f7d4460 Merge pull request #16637 from JakobStaudinger/moduleref-create-transient-sco...
d0a9dc9 fix(deps): update dependency path-to-regexp to v8.4.0
4677434 feat(core): export IEntryNestModule type
7493b94 fix(core): dependency injection edge case with moduleref.create
Additional commits viewable in compare view

Updates drizzle-orm from 0.39.3 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @EthanKim88, @0x90sh and @wgoodall01 for reaching out to us with a reproduction and suggested fix

0.45.1

Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

0.45.0

Fixed pg-native Pool detection in node-postgres transactions

Allowed subqueries in select fields

Updated typo algorythm => algorithm

Fixed $onUpdate not handling SQL values (fixes #2388, tests implemented by L-Mario564 in #2911)

Fixed pg mappers not handling Date instances in bun-sql:postgresql driver responses for date, timestamp types (fixes #4493)

0.44.7

fix durable sqlite transaction return value #3746 - thanks @joaocstro

0.44.6

feat: add $replicas reference #4874

0.44.5

Fixed invalid usage of .one() in durable-sqlite session

Fixed spread operator related crash in sqlite blob columns

Better browser support for sqlite blob columns

Improved sqlite blob mapping

0.44.4

Fix wrong DrizzleQueryError export. thanks @nathankleyn

0.44.3

Fixed types of $client for clients created by drizzle function
await db.$client.[...]
Added the updated_at column to the neon_auth.users_sync table definition.

0.44.2

[BUG]: Fixed type issues with joins with certain variations of tsconfig: #4535, #4457

0.44.1

[BUG]: Drizzle can no longer run on Durable Objects

0.44.0

Error handling

Starting from this version, we’ve introduced a new DrizzleQueryError that wraps all errors from database drivers and provides a set of useful information:

... (truncated)

Commits

273c780 + 0.45.2 (#5534)
4aa6ecf Kit updates (#5490)
e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
c445637 Merge pull request #5095 from drizzle-team/main-workflows
e7b3aaa Merge branch 'main' into main-workflows
0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for drizzle-orm since your current version.

Updates vitest from 3.2.4 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

🚀 Features

Return a disposable from doMock() - by @kirkwaiblinger in vitest-dev/vitest#9332 (e3e65)

Added chai style assertions - by @ronnakamoto and @sheremet-va in vitest-dev/vitest#8842 (841df)

Update to sinon/fake-timers v15 and add setTickMode to timer controls - by @atscott and

…updates Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [turbo](https://github.com/vercel/turborepo) | `2.8.14` | `2.9.14` | | [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.16` | `11.1.18` | | [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.39.3` | `0.45.2` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.2.4` | `4.1.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.4.1` | `6.4.2` | Bumps the npm_and_yarn group with 3 updates in the /apps/server directory: [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core), [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 2 updates in the /apps/web directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `turbo` from 2.8.14 to 2.9.14 - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.8.14...v2.9.14) Updates `@nestjs/core` from 11.1.16 to 11.1.18 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v11.1.18/packages/core) Updates `drizzle-orm` from 0.39.3 to 0.45.2 - [Release notes](https://github.com/drizzle-team/drizzle-orm/releases) - [Commits](drizzle-team/drizzle-orm@0.39.3...0.45.2) Updates `vitest` from 3.2.4 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) Updates `vite` from 6.4.1 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `@nestjs/core` from 11.1.16 to 11.1.18 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v11.1.18/packages/core) Updates `drizzle-orm` from 0.39.3 to 0.45.2 - [Release notes](https://github.com/drizzle-team/drizzle-orm/releases) - [Commits](drizzle-team/drizzle-orm@0.39.3...0.45.2) Updates `vitest` from 3.2.4 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) Updates `vitest` from 3.2.4 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) Updates `vite` from 6.4.1 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) --- updated-dependencies: - dependency-name: turbo dependency-version: 2.9.14 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@nestjs/core" dependency-version: 11.1.18 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: drizzle-orm dependency-version: 0.45.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@nestjs/core" dependency-version: 11.1.18 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: drizzle-orm dependency-version: 0.45.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 1, 2026

dependabot Bot mentioned this pull request Jun 1, 2026

build(deps): bump the npm_and_yarn group across 2 directories with 4 updates #4

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 3 directories with 6 updates#5

build(deps): bump the npm_and_yarn group across 3 directories with 6 updates#5
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-870e4f6351

dependabot Bot commented on behalf of github Jun 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 1, 2026

Turborepo v2.9.14

High:

Low:

What's Changed

Changelog

New Contributors

Turborepo v2.9.13-canary.1

What's Changed

Changelog

v11.1.18 (2026-04-03)

Bug fixes

Dependencies

Committers: 6

v11.1.17 (2026-03-16)

Enhancements

Bugs

Dependencies

Committers: 3

0.45.2

0.45.1

0.45.0

0.44.7

0.44.6

0.44.5

0.44.4

0.44.3

0.44.2

0.44.1

0.44.0

Error handling

v4.1.0

🚀 Features

v6.4.2

6.4.2 (2026-04-06)

2.3.2

What's Changed

Release history

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

v11.1.18 (2026-04-03)

Bug fixes

Dependencies

Committers: 6

v11.1.17 (2026-03-16)

Enhancements

Bugs

Dependencies

Committers: 3

0.45.2

0.45.1

0.45.0

0.44.7

0.44.6

0.44.5

0.44.4

0.44.3

0.44.2

0.44.1

0.44.0

Error handling

v4.1.0

🚀 Features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants