Skip to content

build(deps): bump the npm_and_yarn group across 2 directories with 13 updates#424

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-a4bec21e30
Open

build(deps): bump the npm_and_yarn group across 2 directories with 13 updates#424
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-a4bec21e30

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package From To
@mariozechner/pi-coding-agent 0.71.1 0.73.1
@whiskeysockets/baileys 7.0.0-rc.9 7.0.0-rc12
markdown-it 14.1.1 14.2.0
next 16.2.5 16.2.6
postcss 8.5.8 8.5.10
vite 8.0.11 8.0.16
@hono/node-server 1.19.11 1.19.14
esbuild 0.27.4 0.27.7
fast-uri 3.1.0 3.1.3
follow-redirects 1.15.11 1.16.0
form-data 4.0.5 4.0.6
hono 4.12.8 4.12.27
ws 8.19.0 8.21.0

Bumps the npm_and_yarn group with 1 update in the /packages/api directory: @mariozechner/pi-coding-agent.

Updates @mariozechner/pi-coding-agent from 0.71.1 to 0.73.1

Release notes

Sourced from @​mariozechner/pi-coding-agent's releases.

v0.73.1

New Features

  • Self-update support for the npm scope migration: pi update --self now supports the upcoming package rename from @mariozechner/pi-coding-agent to @earendil-works/pi-coding-agent. After the new package is published, existing global installs can update through the normal self-update flow; pi will uninstall the old global package and install the package name returned by the version check endpoint.
  • Interactive OAuth login selection: OAuth providers can now present multiple login choices in /login, enabling provider-specific interactive authentication flows. See Providers.
  • JSONC-style models.json parsing: models.json now allows comments and trailing commas, making custom provider and model configuration easier to maintain. See Providers and Custom Providers.

Added

  • Added interactive login selection support so OAuth providers can present multiple login choices (#4190 by @​mitsuhiko).

Changed

  • Changed pi update --self to honor the active package name returned by the Pi version check endpoint, defaulting to the current package when omitted and uninstalling the old global package before installing a renamed package.
  • Changed extension loading to use upstream jiti 2.7 instead of the @mariozechner/jiti fork (#4244 by @​pi0).
  • Changed models.json parsing to allow comments and trailing commas (#4162 by @​julien-c).

Fixed

  • Fixed pi -p treating prompts that start with YAML frontmatter as extension flags instead of user messages (#4163).
  • Fixed pending tool results not updating in the live TUI after toggling thinking block visibility while the tool is running (#4167).
  • Fixed /copy reporting success on Linux without writing the clipboard on Wayland-only compositors (Hyprland, Niri, ...) by skipping the X11-only native addon on Linux and routing through wl-copy/xclip/xsel instead (#4177).
  • Fixed HTML session exports to strip skill wrapper XML from rendered user messages (#4234 by @​aliou).
  • Fixed OpenAI-compatible chat completion streams that interleave content and tool-call deltas in the same choice.
  • Fixed OpenAI Codex OAuth refresh failures writing directly to stderr while the TUI is active (#4141).
  • Fixed OpenAI Codex Responses requests to send a non-empty system prompt (#4184).
  • Fixed Kimi For Coding model resolution for the Kimi K2 P6 alias (#4218).
  • Fixed Kitty inline image redraws to stay within TUI-owned terminal regions and avoid writing below the active viewport.
  • Fixed Kitty inline image rendering by letting the terminal allocate image ids and bounding parsed image ids to valid values.
  • Fixed inline image capability detection to disable inline images in cmux terminals.

v0.73.0

New Features

Breaking Changes

  • Switched the built-in xiaomi provider from Token Plan AMS to Xiaomi's API billing endpoint, and renamed its /login display from "Xiaomi MiMo Token Plan" to "Xiaomi MiMo". XIAOMI_API_KEY now refers to the API billing key from platform.xiaomimimo.com. Users on Token Plan should switch to the appropriate xiaomi-token-plan-* provider and set the corresponding env var (#4112 by @​Phoen1xCode).

Added

  • Added three Xiaomi MiMo Token Plan regional providers visible in /login: xiaomi-token-plan-cn (XIAOMI_TOKEN_PLAN_CN_API_KEY), xiaomi-token-plan-ams (XIAOMI_TOKEN_PLAN_AMS_API_KEY), xiaomi-token-plan-sgp (XIAOMI_TOKEN_PLAN_SGP_API_KEY). Each defaults to mimo-v2.5-pro (#4112 by @​Phoen1xCode).

Changed

... (truncated)

Changelog

Sourced from @​mariozechner/pi-coding-agent's changelog.

[0.73.1] - 2026-05-07

New Features

  • Self-update support for the npm scope migration: pi update --self now supports the upcoming package rename from @mariozechner/pi-coding-agent to @earendil-works/pi-coding-agent. After the new package is published, existing global installs can update through the normal self-update flow; pi will uninstall the old global package and install the package name returned by the version check endpoint.
  • Interactive OAuth login selection: OAuth providers can now present multiple login choices in /login, enabling provider-specific interactive authentication flows. See Providers.
  • JSONC-style models.json parsing: models.json now allows comments and trailing commas, making custom provider and model configuration easier to maintain. See Providers and Custom Providers.

Added

  • Added interactive login selection support so OAuth providers can present multiple login choices (#4190 by @​mitsuhiko).

Changed

  • Changed pi update --self to honor the active package name returned by the Pi version check endpoint, defaulting to the current package when omitted and uninstalling the old global package before installing a renamed package.
  • Changed extension loading to use upstream jiti 2.7 instead of the @mariozechner/jiti fork (#4244 by @​pi0).
  • Changed models.json parsing to allow comments and trailing commas (#4162 by @​julien-c).

Fixed

  • Fixed pi -p treating prompts that start with YAML frontmatter as extension flags instead of user messages (#4163).
  • Fixed pending tool results not updating in the live TUI after toggling thinking block visibility while the tool is running (#4167).
  • Fixed /copy reporting success on Linux without writing the clipboard on Wayland-only compositors (Hyprland, Niri, ...) by skipping the X11-only native addon on Linux and routing through wl-copy/xclip/xsel instead (#4177).
  • Fixed HTML session exports to strip skill wrapper XML from rendered user messages (#4234 by @​aliou).
  • Fixed OpenAI-compatible chat completion streams that interleave content and tool-call deltas in the same choice.
  • Fixed OpenAI Codex OAuth refresh failures writing directly to stderr while the TUI is active (#4141).
  • Fixed OpenAI Codex Responses requests to send a non-empty system prompt (#4184).
  • Fixed Kimi For Coding model resolution for the Kimi K2 P6 alias (#4218).
  • Fixed Kitty inline image redraws to stay within TUI-owned terminal regions and avoid writing below the active viewport.
  • Fixed Kitty inline image rendering by letting the terminal allocate image ids and bounding parsed image ids to valid values.
  • Fixed inline image capability detection to disable inline images in cmux terminals.

[0.73.0] - 2026-05-04

New Features

Breaking Changes

  • Switched the built-in xiaomi provider from Token Plan AMS to Xiaomi's API billing endpoint, and renamed its /login display from "Xiaomi MiMo Token Plan" to "Xiaomi MiMo". XIAOMI_API_KEY now refers to the API billing key from platform.xiaomimimo.com. Users on Token Plan should switch to the appropriate xiaomi-token-plan-* provider and set the corresponding env var (#4112 by @​Phoen1xCode).

Added

  • Added three Xiaomi MiMo Token Plan regional providers visible in /login: xiaomi-token-plan-cn (XIAOMI_TOKEN_PLAN_CN_API_KEY), xiaomi-token-plan-ams (XIAOMI_TOKEN_PLAN_AMS_API_KEY), xiaomi-token-plan-sgp (XIAOMI_TOKEN_PLAN_SGP_API_KEY). Each defaults to mimo-v2.5-pro (#4112 by @​Phoen1xCode).

Changed

... (truncated)

Commits
  • 781152f Release v0.73.1
  • 7fa924b docs: audit unreleased changelog entries
  • 5e1e4c3 feat(coding-agent): support renamed self-update package
  • 50993d7 chore(coding-agent): switch back from fork to upstream jiti 2.7 (#4244)
  • 8861966 fix(coding-agent): strip skill wrapper XML from HTML export user messages (#4...
  • 060c10b fix(coding-agent): skip X11-only native addon for /copy on Linux
  • 755da30 fix(coding-agent): keep pending tool renders after thinking toggle
  • b5755fd feat(oauth): support interactive login selection (#4190)
  • bb25a39 feat(coding-agent): allow comments and trailing commas in models.json (#4162)
  • bac2df3 fix(coding-agent): handle frontmatter prompts in print mode
  • Additional commits viewable in compare view

Updates @whiskeysockets/baileys from 7.0.0-rc.9 to 7.0.0-rc12

Release notes

Sourced from @​whiskeysockets/baileys's releases.

v7.0.0-rc12

7.0.0-rc12

This version patches the security flaw addressed in GHSA-qvv5-jq5g-4cgg. Please exercise extreme caution and upgrade to the latest version or latest legacy version (6.7.22).

v7.0.0-rc11

A quick release meant to pin the libsignal pipeline to the NPM registry. The release also includes a small bug fix for old VPSes lacking SIMD support for the WASM. We moved Baileys's dep from git to NPM:

  1. This should remove the need to install git to install baileys.
  2. This should increase code transparency & security as libsignal now goes under the same Trusted Publishing and Provenance as Baileys rc10.

Read the full rc10 patch notes here: https://github.com/WhiskeySockets/Baileys/releases/tag/v7.0.0-rc10

We are working on migrating away from the libsignal dep as soon as possible to our own Rust-based equivalent to prevent licensing issues. Note that libsignal is in GPLv3 but Baileys is under MIT (Adhiraj left us a mess 😓).

v7.0.0-rc10

Since September, I've been working really hard on version 7. This is a really important version for Baileys. We introduced ESM, modernized the syntax and DX a lot compared to previous versions and been shipping stability fix after another. We faced a lot of challenges: LIDs, restrictions, WAM, warnings, bans, random logouts, decryption & encryption errors to name a few.

It is now, that I'm proud to announce, our biggest release yet:

VERSION 7.0.0-rc10 THE FINAL RELEASE CANDIDATE.

This is the largest release since we started the WhiskeySockets fork. Baileys hasn't been released since November 21, 2025, for a period of over 5 months.

Key changes include since rc9:

... (truncated)

Changelog

Sourced from @​whiskeysockets/baileys's changelog.

7.0.0-rc12 (2026-05-20)

Bug Fixes

  • process-message: only drop self-only protocolMessages from non-self senders (3beb08e)
Commits
  • 1aee6ed chore(release): v7.0.0-rc12
  • 3beb08e fix(process-message): only drop self-only protocolMessages from non-self senders
  • 28ca087 fix: guard fetch dispatcher option (#2557)
  • 988a34f chore(release): v7.0.0-rc11
  • 25bc999 Fix release and move to NPM based libsignal
  • 6cb7d34 feat: expose group online count in presence updates (#2545)
  • a263cb0 chore: bump whatsapp-rust-bridge@0.5.4 to support non simd (#2542)
  • dfad98f fix release
  • 04f6d70 ci: Update publishing to use Trusted Publishers
  • 42c19c7 chore(release): v7.0.0-rc10
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​whiskeysockets/baileys since your current version.

Install script changes

This version adds preinstall, prepare scripts that run during installation. Review the package contents before updating.


Updates markdown-it from 14.1.1 to 14.2.0

Changelog

Sourced from markdown-it's changelog.

[14.2.0] - 2026-05-24

Added

  • isPunctCharCode to utilities.

Fixed

  • Don't end HTML comment blocks on a blank line, #1155.
  • Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
  • Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
  • More strict entities decode to avoid false positives ;, #1096.
  • Restore block parser state on fail in lheading rule, #1131.

Security

  • Fixed poor smartquotes perfomance on > 70k quotes in single block
  • Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.
Commits

Updates next from 16.2.5 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

Low:

Core Changes

  • fix: preserve HTTP access fallbacks during prerender recovery (#92231)
  • Fix fallback route params case in app-page handler (#91737)
  • Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)
  • Patch setHeader for direct route handlers (#93101)
  • Include deployment id in cacheHandlers keys (#93453)
  • Fix double-encoding of URL pathname parts in client param parsing (#93491)
Commits
  • ee6e79b v16.2.6
  • afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
  • 97a154e Turbopack: Fix middleware matcher suffix (#93590)
  • 83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
  • 7b222b9 [backport][test] Pin package manager to patch versions (#93595)
  • a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
  • See full diff in compare view

Updates postcss from 8.5.8 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Changelog

Sourced from postcss's changelog.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Commits

Updates vite from 8.0.11 to 8.0.16

Release notes

Sourced from vite's releases.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

8.0.15 (2026-06-01)

Features

Bug Fixes

  • capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)
  • deps: update all non-major dependencies (#22511) (2686d7d)
  • dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)
  • glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)
  • optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)
  • resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

Code Refactoring

8.0.14 (2026-05-21)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22471) (98b8163)
  • dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
  • html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
  • optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

  • deps: update rolldown-related dependencies (#22470) (7cb728e)
  • remove irrelevant commits from changelog (2c69495)

Code Refactoring

  • glob: do not rewrite import path for absolute base (#22310) (0ae2844)

... (truncated)

Commits

Updates @hono/node-server from 1.19.11 to 1.19.14

Release notes

Sourced from @​hono/node-server's releases.

v1.19.14

What's Changed

Full Changelog: honojs/node-server@v1.19.13...v1.19.14

v1.19.13

Security Fix

Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (//) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-92pp-h63x-v22m for details.

v1.19.12

What's Changed

Full Changelog: honojs/node-server@v1.19.11...v1.19.12

Commits

Updates esbuild from 0.27.4 to 0.27.7

Release notes

Sourced from esbuild's releases.

v0.27.7

  • Fix lowering of define semantics for TypeScript parameter properties (#4421)

    The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

    // Original code
    class Foo {
      constructor(public x = 1) {}
      y = 2
    }
    // Old output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    this.x = x;
    __publicField(this, "y", 2);
    }
    x;
    }
    // New output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    __publicField(this, "x", x);
    __publicField(this, "y", 2);
    }
    }

v0.27.5

  • Fix for an async generator edge case (#4401, #4417)

    Support for transforming async generators into the equivalent state machine was added in version 0.19.0. However, the generated state machine didn't work correctly when polling async generators concurrently, such as in the following code:

    async function* inner() { yield 1; yield 2 }
    async function* outer() { yield* inner() }
    let gen = outer()
    for await (let x of [gen.next(), gen.next()]) console.log(x)

    Previously esbuild's output of the above code behaved incorrectly when async generators were transformed (such as with --supported:async-generator=false). The transformation should be fixed starting with this release.

    This fix was contributed by @​2767mr.

  • Fix a regression when metafile is enabled (#4420, #4418)

    This release fixes a regression introduced by the previous release. When metafile: true was enabled in esbuild's JavaScript API, builds with build errors were incorrectly throwing an error about an empty JSON string instead of an object containing the build errors.

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.7

  • Fix lowering of define semantics for TypeScript parameter properties (#4421)

    The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

    // Original code
    class Foo {
      constructor(public x = 1) {}
      y = 2
    }
    // Old output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    this.x = x;
    __publicField(this, "y", 2);
    }
    x;
    }
    // New output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    __publicField(this, "x", x);
    __publicField(this, "y", 2);
    }
    }

0.27.5

  • Fix for an async generator edge case (#4401, #4417)

    Support for transforming async generators into the equivalent state machine was added in version 0.19.0. However, the generated state machine didn't work correctly when polling async generators concurrently, such as in the following code:

    async function* inner() { yield 1; yield 2 }
    async function* outer() { yield* inner() }
    let gen = outer()
    for await (let x of [gen.next(), gen.next()]) console.log(x)

    Previously esbuild's output of the above code behaved incorrectly when async generators were transformed (such as with --supported:async-generator=false). The transformation should be fixed starting with this release.

    This fix was contributed by @​2767mr.

  • Fix a regression when metafile is enabled (#4420, #4418)

... (truncated)

Commits
  • 2025c9f publish 0.27.7 to npm
  • c6b586e fix typo in Makefile for @esbuild/win32-x64
  • 9785e14 publish 0.27.6 to npm
  • b169d8c Revert "update go 1.25.7 => 1.26.1"
  • 7ac8762 run make update-compat-table
  • 8b5ff53 remove an incorrect else
  • e955268 fix #4421: lower generated class fields if needed
  • a5a2500 ci: move make test-old-ts
  • b71e7ac omit go's buildvcs for more reproducible builds
  • 7406b09 organize make platform-all output in Makefile
  • Additional commits viewable in compare view

Updates fast-uri from 3.1.0 to 3.1.3

Release notes

Sourced from fast-uri's releases.

v3.1.3

⚠️ Security Release

Full Changelog: fastify/fast-uri@v3.1.2...v3.1.3

v3.1.2

⚠️ Security Release

What's Changed

Full Changelog: fastify/fast-uri@v3.1.1...v3.1.2

v3.1.1

⚠️ Security Release

What's Changed

New Contributors

Full Changelog: fastify/fast-uri@v3.1.0...v3.1.1

Commits
  • 0549fe3 Bumped v3.1.3
  • 2a6d357 Merge commit from fork
  • 919dd8e Bumped v3.1.2
  • Description has been truncated

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 3, 2026
… updates

Bumps the npm_and_yarn group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@mariozechner/pi-coding-agent](https://github.com/badlogic/pi-mono/tree/HEAD/packages/coding-agent) | `0.71.1` | `0.73.1` |
| [@whiskeysockets/baileys](https://github.com/WhiskeySockets/Baileys) | `7.0.0-rc.9` | `7.0.0-rc12` |
| [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.1` | `14.2.0` |
| [next](https://github.com/vercel/next.js) | `16.2.5` | `16.2.6` |
| [postcss](https://github.com/postcss/postcss) | `8.5.8` | `8.5.10` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.11` | `8.0.16` |
| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.11` | `1.19.14` |
| [esbuild](https://github.com/evanw/esbuild) | `0.27.4` | `0.27.7` |
| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.3` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |
| [form-data](https://github.com/form-data/form-data) | `4.0.5` | `4.0.6` |
| [hono](https://github.com/honojs/hono) | `4.12.8` | `4.12.27` |
| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.21.0` |

Bumps the npm_and_yarn group with 1 update in the /packages/api directory: [@mariozechner/pi-coding-agent](https://github.com/badlogic/pi-mono/tree/HEAD/packages/coding-agent).


Updates `@mariozechner/pi-coding-agent` from 0.71.1 to 0.73.1
- [Release notes](https://github.com/badlogic/pi-mono/releases)
- [Changelog](https://github.com/earendil-works/pi/blob/main/packages/coding-agent/CHANGELOG.md)
- [Commits](https://github.com/badlogic/pi-mono/commits/v0.73.1/packages/coding-agent)

Updates `@whiskeysockets/baileys` from 7.0.0-rc.9 to 7.0.0-rc12
- [Release notes](https://github.com/WhiskeySockets/Baileys/releases)
- [Changelog](https://github.com/WhiskeySockets/Baileys/blob/master/CHANGELOG.md)
- [Commits](WhiskeySockets/Baileys@v7.0.0-rc.9...v7.0.0-rc12)

Updates `markdown-it` from 14.1.1 to 14.2.0
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@14.1.1...14.2.0)

Updates `next` from 16.2.5 to 16.2.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v16.2.5...v16.2.6)

Updates `postcss` from 8.5.8 to 8.5.10
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.8...8.5.10)

Updates `vite` from 8.0.11 to 8.0.16
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite)

Updates `@hono/node-server` from 1.19.11 to 1.19.14
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v1.19.11...v1.19.14)

Updates `esbuild` from 0.27.4 to 0.27.7
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.4...v0.27.7)

Updates `fast-uri` from 3.1.0 to 3.1.3
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.1.0...v3.1.3)

Updates `follow-redirects` from 1.15.11 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0)

Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `hono` from 4.12.8 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.8...v4.12.27)

Updates `ws` from 8.19.0 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.19.0...8.21.0)

Updates `@mariozechner/pi-coding-agent` from 0.71.1 to 0.73.1
- [Release notes](https://github.com/badlogic/pi-mono/releases)
- [Changelog](https://github.com/earendil-works/pi/blob/main/packages/coding-agent/CHANGELOG.md)
- [Commits](https://github.com/badlogic/pi-mono/commits/v0.73.1/packages/coding-agent)

Updates `@whiskeysockets/baileys` from 7.0.0-rc.9 to 7.0.0-rc12
- [Release notes](https://github.com/WhiskeySockets/Baileys/releases)
- [Changelog](https://github.com/WhiskeySockets/Baileys/blob/master/CHANGELOG.md)
- [Commits](WhiskeySockets/Baileys@v7.0.0-rc.9...v7.0.0-rc12)

Updates `@mariozechner/pi-coding-agent` from 0.71.1 to 0.73.1
- [Release notes](https://github.com/badlogic/pi-mono/releases)
- [Changelog](https://github.com/earendil-works/pi/blob/main/packages/coding-agent/CHANGELOG.md)
- [Commits](https://github.com/badlogic/pi-mono/commits/v0.73.1/packages/coding-agent)

Updates `@mariozechner/pi-coding-agent` from 0.71.1 to 0.73.1
- [Release notes](https://github.com/badlogic/pi-mono/releases)
- [Changelog](https://github.com/earendil-works/pi/blob/main/packages/coding-agent/CHANGELOG.md)
- [Commits](https://github.com/badlogic/pi-mono/commits/v0.73.1/packages/coding-agent)

---
updated-dependencies:
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.14
  dependency-type: indirect
- dependency-name: "@mariozechner/pi-coding-agent"
  dependency-version: 0.73.1
  dependency-type: direct:production
- dependency-name: "@mariozechner/pi-coding-agent"
  dependency-version: 0.73.1
  dependency-type: direct:production
- dependency-name: "@mariozechner/pi-coding-agent"
  dependency-version: 0.73.1
  dependency-type: direct:production
- dependency-name: "@mariozechner/pi-coding-agent"
  dependency-version: 0.73.1
  dependency-type: direct:production
- dependency-name: "@whiskeysockets/baileys"
  dependency-version: 7.0.0-rc12
  dependency-type: direct:production
- dependency-name: "@whiskeysockets/baileys"
  dependency-version: 7.0.0-rc12
  dependency-type: direct:production
- dependency-name: esbuild
  dependency-version: 0.27.7
  dependency-type: indirect
- dependency-name: fast-uri
  dependency-version: 3.1.3
  dependency-type: indirect
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: indirect
- dependency-name: markdown-it
  dependency-version: 14.2.0
  dependency-type: direct:production
- dependency-name: next
  dependency-version: 16.2.6
  dependency-type: direct:production
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
- dependency-name: vite
  dependency-version: 8.0.16
  dependency-type: direct:development
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-a4bec21e30 branch from 2f834cc to b608cb7 Compare July 4, 2026 06:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants