Bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 3 updates in the / directory: brace-expansion, esbuild and sanity.

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates esbuild from 0.21.5 to 0.25.6

Release notes

Sourced from esbuild's releases.

v0.25.6

• Fix a memory leak when cancel() is used on a build context (#4231)

  Calling rebuild() followed by cancel() in rapid succession could previously leak memory. The bundler uses a producer/consumer model internally, and the resource leak was caused by the consumer being termianted while there were still remaining unreceived results from a producer. To avoid the leak, the consumer now waits for all producers to finish before terminating.

• Support empty :is() and :where() syntax in CSS (#4232)

  Previously using these selectors with esbuild would generate a warning. That warning has been removed in this release for these cases.

• Improve tree-shaking of try statements in dead code (#4224)

  With this release, esbuild will now remove certain try statements if esbuild considers them to be within dead code (i.e. code that is known to not ever be evaluated). For example:

  // Original code
  return 'foo'
  try { return 'bar' } catch {}
  // Old output (with --minify)
  return"foo";try{return"bar"}catch{}
  // New output (with --minify)
  return"foo";

• Consider negated bigints to have no side effects

  While esbuild currently considers 1, -1, and 1n to all have no side effects, it didn't previously consider -1n to have no side effects. This is because esbuild does constant folding with numbers but not bigints. However, it meant that unused negative bigint constants were not tree-shaken. With this release, esbuild will now consider these expressions to also be side-effect free:

  // Original code
  let a = 1, b = -1, c = 1n, d = -1n
  // Old output (with --bundle --minify)
  (()=>{var n=-1n;})();
  // New output (with --bundle --minify)
  (()=>{})();

• Support a configurable delay in watch mode before rebuilding (#3476, #4178)

  The watch() API now takes a delay option that lets you add a delay (in milliseconds) before rebuilding when a change is detected in watch mode. If you use a tool that regenerates multiple source files very slowly, this should make it more likely that esbuild's watch mode won't generate a broken intermediate build before the successful final build. This option is also available via the CLI using the --watch-delay= flag.

  This should also help avoid confusion about the watch() API's options argument. It was previously empty to allow for future API expansion, which caused some people to think that the documentation was missing. It's no longer empty now that the watch() API has an option.

• Allow mixed array for entryPoints API option (#4223)

  The TypeScript type definitions now allow you to pass a mixed array of both string literals and object literals to the entryPoints API option, such as ['foo.js', { out: 'lib', in: 'bar.js' }]. This was always possible to do in JavaScript but the TypeScript type definitions were previously too restrictive.

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

0.24.2

• Fix regression with --define and import.meta (#4010, #4012, #4013)

  The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

  This fix was contributed by @​sapphi-red.

0.24.1

• Allow es2024 as a target in tsconfig.json (#4004)

  TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

  {
    "compilerOptions": {
      "target": "ES2024"
    }
  }

  As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

  This fix was contributed by @​billyjanitsch.

• Allow automatic semicolon insertion after get/set

  This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

  class Foo {
    get
    *x() {}
    set
    *y() {}
  }

  The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

• Allow quoted property names in --define and --pure (#4008)

  The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

... (truncated)

Commits

• d38c1f0 publish 0.25.6 to npm
• 11e547e missing ) in release notes
• cc8ac0a fix trailing comment whitespace
• 1e3fb57 fix #4178: add the --watch-delay= option
• c1f5f18 fix #4209: disable binary executable optimization on WASM platform (#4210)
• 3ed5ecc fix incorrect locations in CHANGELOG.md
• 248089c fix #4224: allow try statements to become dead
• 42f159c openharmony: keep makefile targets sorted
• 63256e1 chore: fix some comments (#4211)
• d803f72 add support for openharmony-arm64 platform (#4212)
• Additional commits viewable in compare view

Updates sanity from 3.81.0 to 3.98.1

Release notes

Sourced from sanity's releases.

v3.98.1

Sanity Studio v3.98.0

This release includes various improvements and bug fixes.

For the complete changelog with all details, please visit: www.sanity.io/changelog/8738ca58-04f2-4547-b183-2c9121d1aca9

Install or upgrade Sanity Studio

To upgrade to this version, run:

npm install sanity@latest

To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.

If you are updating from a version earlier than 3.37.0, you should also check out this article to ensure your dependencies are up to date.

📓 Full changelog

Author	Message	Commit
renovate[bot]	fix(deps): update dependency @​portabletext/editor to ^1.57.0 (#9913)	e124c21b47
Jordan Lawrence	fix: correcting yaml syntax to git tag on publish (#9914)	b9f02243c5
renovate[bot]	fix(deps): update dependency @​portabletext/editor to ^1.57.1 (#9919)	32ebd0c750
Jordan Lawrence	chore: using lerna full for creating release PR (#9917)	82b3fbc5d9
renovate[bot]	fix(deps): update dependency @​portabletext/block-tools to ^1.1.36 (#9918)	46a7d9deaa
Jordan Lawrence	fix: add commit-message field to release PR workflow (#9922)	23b4a3a76a
Ken Jones	docs: Marketing/add function examples (#9760)	ca1d50eb81
RitaDias	test: remove flag from cli token tests (#9925)	6b4088abfa
Cody Olsen	chore: fix vercel pnpm install issues with recast (#9930)	c1041cd442
renovate[bot]	fix(deps): update dependency @​portabletext/block-tools to ^1.1.37 (#9927)	c545a1bb6e
renovate[bot]	chore(deps): update dependency esbuild to v0.25.6 (#9908)	90821b148a
RitaDias	test(cli): update to use pnpm to install instead of npm (#9929)	ebba8b0c91
renovate[bot]	fix(deps): update dependency @​sanity/ui to ^2.16.3 (#9931)	d2b3cf52c0
Jordan Lawrence	fix: handling where no templates available and not showing create doc button (#9933)	d2f9810b3c
renovate[bot]	fix(deps): update dependency @​portabletext/editor to ^1.57.3 (#9928)	ea2b66de0b

v3.98.0

Sanity Studio v3.98.0

This release includes various improvements and bug fixes.

For the complete changelog with all details, please visit: www.sanity.io/changelog/c31a5727-9677-4389-9a6a-c89a71211952

Install or upgrade Sanity Studio

... (truncated)

Changelog

Sourced from sanity's changelog.

3.98.1 (2025-07-09)

• fix: handling where no templates available and not showing create doc button (#9933) (d2f9810), closes #9933
• fix(deps): update dependency @​portabletext/block-tools to ^1.1.36 (#9918) (46a7d9d), closes #9918
• fix(deps): update dependency @​portabletext/block-tools to ^1.1.37 (#9927) (c545a1b), closes #9927
• fix(deps): update dependency @​portabletext/editor to ^1.57.0 (#9913) (e124c21), closes #9913
• fix(deps): update dependency @​portabletext/editor to ^1.57.1 (#9919) (32ebd0c), closes #9919
• fix(deps): update dependency @​portabletext/editor to ^1.57.3 (#9928) (ea2b66d), closes #9928
• fix(deps): update dependency @​sanity/ui to ^2.16.3 (#9931) (d2b3cf5), closes #9931

3.98.0 (2025-07-07)

Features

• synchronize schema to the server (#9622) (2d6d901) by Magnus Holm (judofyr@gmail.com)

Bug Fixes

• core: actions flickering- remove cleanup step for hook states on change (#9885) (2ab9505) by Pedro Bonamin (46196328+pedrobonamin@users.noreply.github.com)
• deps: update dependency @​portabletext/block-tools to ^1.1.35 (#9897) (d21610b) by renovate[bot] (29139614+renovate[bot]@​users.noreply.github.com)
• deps: update dependency @​portabletext/editor to ^1.56.0 (#9889) (9cfd35d) by renovate[bot] (29139614+renovate[bot]@​users.noreply.github.com)

3.97.1 (2025-07-04)

Note: Version bump only for package sanity

3.97.0 (2025-07-04)

Features

• cli: add API tokens management commands (#9821) (6494f59) by Rune Botten (rbotten@gmail.com)

Bug Fixes

• deps: update dependency @​portabletext/block-tools to ^1.1.34 (#9874) (c7f16f0) by renovate[bot] (29139614+renovate[bot]@​users.noreply.github.com)
• deps: update dependency @​portabletext/editor to ^1.55.15 (#9875) (41afd49) by renovate[bot] (29139614+renovate[bot]@​users.noreply.github.com)

3.96.0 (2025-07-02)

Features

• sanity: account for draft model being switched off in isPerspectiveWriteable (3d68545) by Ash (ash@sanity.io)
• sanity: add document.drafts.enabled configuration option (a06c4a5) by Ash (ash@sanity.io)
• sanity: add draft model switched off message to ChooseNewDocumentDestinationBanner (1337002) by Ash (ash@sanity.io)
• sanity: add option to compare draft to ObsoleteDraftBanner (0f6c350) by Ash (ash@sanity.io)
• sanity: do not render draft status indicators if draft model is not switched on (453e102) by Ash (ash@sanity.io)

... (truncated)

Commits

• 8bac124 chore(release): publish 3.98.1 (#9921)
• ea2b66d fix(deps): update dependency @​portabletext/editor to ^1.57.3 (#9928)
• d2f9810 fix: handling where no templates available and not showing create doc button ...
• d2b3cf5 fix(deps): update dependency @​sanity/ui to ^2.16.3 (#9931)
• c545a1b fix(deps): update dependency @​portabletext/block-tools to ^1.1.37 (#9927)
• 46a7d9d fix(deps): update dependency @​portabletext/block-tools to ^1.1.36 (#9918)
• 32ebd0c fix(deps): update dependency @​portabletext/editor to ^1.57.1 (#9919)
• e124c21 fix(deps): update dependency @​portabletext/editor to ^1.57.0 (#9913)
• 950ae95 chore(release): publish v3.98.0 (#9896)
• 5d9cf9f feat(core): add way to revert unpublishing in a release (#9873)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by sanity-io, a new releaser for sanity since your current version.

Updates tar-fs from 2.1.2 to 2.1.3

Commits

• 4b7e868 2.1.3
• 266194b hardlink tweak from main
• See full diff in compare view

Updates vite from 6.2.4 to 6.3.5

Release notes

Sourced from vite's releases.

v6.3.5

Please refer to CHANGELOG.md for details.

v6.3.4

Please refer to CHANGELOG.md for details.

v6.3.3

Please refer to CHANGELOG.md for details.

v6.3.2

Please refer to CHANGELOG.md for details.

create-vite@6.3.1

Please refer to CHANGELOG.md for details.

v6.3.1

Please refer to CHANGELOG.md for details.

create-vite@6.3.0

Please refer to CHANGELOG.md for details.

v6.3.0

Please refer to CHANGELOG.md for details.

v6.3.0-beta.2

Please refer to CHANGELOG.md for details.

v6.3.0-beta.1

Please refer to CHANGELOG.md for details.

v6.3.0-beta.0

Please refer to CHANGELOG.md for details.

v6.2.7

Please refer to CHANGELOG.md for details.

v6.2.6

Please refer to CHANGELOG.md for details.

v6.2.5

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.3.5 (2025-05-05)

Bug Fixes

• ssr: handle uninitialized export access as undefined (#19959) (fd38d07)

6.3.4 (2025-04-30)

Bug Fixes

• check static serve file inside sirv (#19965) (c22c43d)
• optimizer: return plain object when using require to import externals in optimized dependencies (#19940) (efc5eab)

Code Refactoring

• remove duplicate plugin context type (#19935) (d6d01c2)

6.3.3 (2025-04-24)

Bug Fixes

• assets: ensure ?no-inline is not included in the asset url in the production environment (#19496) (16a73c0)
• css: resolve relative imports in sass properly on Windows (#19920) (ffab442)
• deps: update all non-major dependencies (#19899) (a4b500e)
• ignore malformed uris in tranform middleware (#19853) (e4d5201)
• ssr: fix execution order of re-export (#19841) (ed29dee)
• ssr: fix live binding of default export declaration and hoist exports getter (#19842) (80a91ff)

Performance Improvements

• skip sourcemap generation for renderChunk hook of import-analysis-build plugin (#19921) (55cfd04)

Tests

• ssr: test ssrTransform re-export deps and test stacktrace with first line (#19629) (9399cda)

6.3.2 (2025-04-18)

Features

• css: improve lightningcss messages (#19880) (c713f79)

Bug Fixes

• css: respect css.lightningcss option in css minification process (#19879) (b5055e0)
• deps: update all non-major dependencies (#19698) (bab4cb9)
• match default asserts case insensitive (#19852) (cbdab1d)
• open first url if host does not match any urls (#19886) (6abbdce)

6.3.1 (2025-04-17)

Bug Fixes

• avoid using Promise.allSettled in preload function (#19805) (35c7f35)
• backward compat for internal plugin transform calls (#19878) (a152b7c)

... (truncated)

Commits

• 84e4647 release: v6.3.5
• fd38d07 fix(ssr): handle uninitialized export access as undefined (#19959)
• b040d54 release: v6.3.4
• c22c43d fix: check static serve file inside sirv (#19965)
• efc5eab fix(optimizer): return plain object when using require to import externals ...
• d6d01c2 refactor: remove duplicate plugin context type (#19935)
• db9eb97 release: v6.3.3
• e4d5201 fix: ignore malformed uris in tranform middleware (#19853)
• 55cfd04 perf: skip sourcemap generation for renderChunk hook of import-analysis-build...
• ffab442 fix(css): resolve relative imports in sass properly on Windows (#19920)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
sanity-ignite	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 10, 2025 5:07pm

[nicholasio]

@dependabot rebase

[nicholasio]

@dependabot rebase

[dependabot]

Superseded by #69.