chore(studio-deps-dev)(deps-dev): bump webpack from 5.105.4 to 5.106.1 in /studio in the build-tools group by dependabot[bot] · Pull Request #3823 · ArcadeData/arcadedb

dependabot · 2026-04-12T09:03:33Z

Bumps the build-tools group in /studio with 1 update: webpack.

Updates webpack from 5.105.4 to 5.106.1

Release notes

v5.106.1

Patch Changes

Fix two ES5-environment regressions in the anonymous default export .name fix-up: the generated code referenced an undeclared __WEBPACK_DEFAULT_EXPORT__ binding causing ReferenceError, and used Reflect.defineProperty which is not available in pre-ES2015 runtimes. The fix-up now references the real assignment target and uses Object.defineProperty / Object.getOwnPropertyDescriptor. (by @xiaoxiaojx in #20796)

Prevent !important from being renamed as a local identifier in CSS modules. (by @xiaoxiaojx in #20798)

Use compiler context instead of module context for CSS modules local ident hashing to avoid hash collisions when files with the same name exist in different directories. (by @xiaoxiaojx in #20799)

v5.106.0

Minor Changes

Add exportType: "style" for CSS modules to inject styles into DOM via HTMLStyleElement, similar to style-loader functionality. (by @xiaoxiaojx in #20579)

Add context option support for VirtualUrlPlugin (by @xiaoxiaojx in #20449)

The context for the virtual module. A string path. Defaults to 'auto', which will try to resolve the context from the module id.

Support custom context path for resolving relative imports in virtual modules

Add examples demonstrating context usage and filename customization

Generate different CssModule instances for different exportType values. (by @xiaoxiaojx in #20590)

Added the localIdentHashFunction option to configure the hash function to be used for hashing. (by @alexander-akait in #20694) Additionally, the localIdentName option can now be a function.

Added support for destructuring assignment require in cjs, allowing for tree shaking. (by @ahabhgk in #20548)

Added the validate option to enable/disable validation in webpack/plugins/loaders, also implemented API to make it inside plugins. (by @xiaoxiaojx in #20275)

Added source support for async WASM modules. (by @magic-akari in #20364)

Patch Changes

Add a static getSourceBasicTypes method to the Module class to prevent errors across multiple versions. (by @xiaoxiaojx in #20614)

Included fragment groups in the conflicting order warning for CSS. (by @aryanraj45 in #20660)

Avoid rendering unused top-level __webpack_exports__ declaration when output ECMA module library. (by @hai-x in #20669)

Fixed resolving in CSS modules. (by @alexander-akait in #20771)

Allow external modules place in async chunks when output ECMA module. (by @hai-x in #20662)

Implement deprecate flag in schema for better TypeScript support to show which options are already deprecated by the configuration (by @bjohansebas in #20432)

Set .name to "default" for anonymous default export functions and classes per ES spec (by @xiaoxiaojx in #20773)

Hash entry chunks after runtime chunks to prevent stale content hash references in watch mode (by @xiaoxiaojx in #20724)

Fix multiple bugs and optimizations in CSS modules: correct third code point position in walkCssTokens number detection, fix multiline CSS comment regex, fix swapped :import/:export error message, fix comma callback incorrectly popping balanced stack, fix cache comparison missing array length check, fix match.index mutation side effect, move publicPathAutoRegex to module scope, precompute merged callbacks in consumeUntil, simplify redundant ternary in CssGenerator, fix typo GRID_TEMPLATE_ARES, remove duplicate grid-column-start, and merge duplicate getCompilationHooks calls. (by @xiaoxiaojx in #20648)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.106.1

Patch Changes

Fix two ES5-environment regressions in the anonymous default export .name fix-up: the generated code referenced an undeclared __WEBPACK_DEFAULT_EXPORT__ binding causing ReferenceError, and used Reflect.defineProperty which is not available in pre-ES2015 runtimes. The fix-up now references the real assignment target and uses Object.defineProperty / Object.getOwnPropertyDescriptor. (by @xiaoxiaojx in #20796)

Prevent !important from being renamed as a local identifier in CSS modules. (by @xiaoxiaojx in #20798)

Use compiler context instead of module context for CSS modules local ident hashing to avoid hash collisions when files with the same name exist in different directories. (by @xiaoxiaojx in #20799)

5.106.0

Minor Changes

Add exportType: "style" for CSS modules to inject styles into DOM via HTMLStyleElement, similar to style-loader functionality. (by @xiaoxiaojx in #20579)

Add context option support for VirtualUrlPlugin (by @xiaoxiaojx in #20449)

The context for the virtual module. A string path. Defaults to 'auto', which will try to resolve the context from the module id.

Support custom context path for resolving relative imports in virtual modules

Add examples demonstrating context usage and filename customization

Generate different CssModule instances for different exportType values. (by @xiaoxiaojx in #20590)

Added the localIdentHashFunction option to configure the hash function to be used for hashing. (by @alexander-akait in #20694) Additionally, the localIdentName option can now be a function.

Added support for destructuring assignment require in cjs, allowing for tree shaking. (by @ahabhgk in #20548)

Added the validate option to enable/disable validation in webpack/plugins/loaders, also implemented API to make it inside plugins. (by @xiaoxiaojx in #20275)

Added source support for async WASM modules. (by @magic-akari in #20364)

Patch Changes

Add a static getSourceBasicTypes method to the Module class to prevent errors across multiple versions. (by @xiaoxiaojx in #20614)

Included fragment groups in the conflicting order warning for CSS. (by @aryanraj45 in #20660)

Avoid rendering unused top-level __webpack_exports__ declaration when output ECMA module library. (by @hai-x in #20669)

Fixed resolving in CSS modules. (by @alexander-akait in #20771)

Allow external modules place in async chunks when output ECMA module. (by @hai-x in #20662)

Implement deprecate flag in schema for better TypeScript support to show which options are already deprecated by the configuration (by @bjohansebas in #20432)

Set .name to "default" for anonymous default export functions and classes per ES spec (by @xiaoxiaojx in #20773)

Hash entry chunks after runtime chunks to prevent stale content hash references in watch mode (by @xiaoxiaojx in #20724)

... (truncated)

Commits

a934b9b chore(release): new release (#20808)
ecb436b fix: use compiler context for CSS modules hash to avoid collisions (#20799)
c0e8cf4 fix: prevent !important from being renamed in CSS modules (#20798)
f8d274b fix: anonymous default export name fix-up in ES5 environment (#20796)
e370b76 chore(deps-dev): bump the dependencies group with 5 updates (#20790)
8774a01 chore(release): new release (#20593)
cc66616 fix: add @deprecated to methods
7cdc173 feat: support source phase import for WebAssembly modules (#20364)
0b60f1c chore(members): update to match @webpack/core-wg (#20784)
955a68c test: generate snapshots per stats test case (#20785)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the build-tools group in /studio with 1 update: [webpack](https://github.com/webpack/webpack). Updates `webpack` from 5.105.4 to 5.106.1 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.105.4...v5.106.1) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.106.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: build-tools ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-12T09:03:34Z

Labels

The following labels could not be found: frontend, studio. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

codacy-production · 2026-04-12T09:04:43Z

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric Results

Complexity 0

View in Codacy

_{TIP This summary will be updated as you push new changes. Give us feedback}

Bumps the github-actions group with 3 updates: [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action), [github/codeql-action](https://github.com/github/codeql-action) and [actions/cache](https://github.com/actions/cache). Updates `anthropics/claude-code-action` from 1.0.93 to 1.0.101 Release notes *Sourced from [anthropics/claude-code-action's releases](https://github.com/anthropics/claude-code-action/releases).* > v1.0.101 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.101> > > v1.0.100 > -------- > > What's Changed > -------------- > > * Upgrade Claude model from opus-4-6 to opus-4-7 by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#1227](https://redirect.github.com/anthropics/claude-code-action/pull/1227) > * fix: pass install.sh binary path to Agent SDK after 0.2.113 bump by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#1235](https://redirect.github.com/anthropics/claude-code-action/pull/1235) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.100> > > v1.0.99 > ------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.99> > > v1.0.98 > ------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.98> > > v1.0.97 > ------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.97> > > v1.0.96 > ------- > > What's Changed > -------------- > > * fix: handle fork PRs by fetching via refs/pull/N/head by [`@stakeswky`](https://github.com/stakeswky) in [anthropics/claude-code-action#963](https://redirect.github.com/anthropics/claude-code-action/pull/963) > > New Contributors > ---------------- > > * [`@stakeswky`](https://github.com/stakeswky) made their first contribution in [anthropics/claude-code-action#963](https://redirect.github.com/anthropics/claude-code-action/pull/963) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.96> > > v1.0.95 > ------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.95> > > v1.0.94 > ------- > > What's Changed > -------------- > > * Prepend system bin dirs to PATH when allowed\_non\_write\_users is set by [`@OctavianGuzu`](https://github.com/OctavianGuzu) in [anthropics/claude-code-action#1208](https://redirect.github.com/anthropics/claude-code-action/pull/1208) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.94> Commits * [`38ec876`](anthropics/claude-code-action@38ec876) chore: bump Claude Code to 2.1.114 and Agent SDK to 0.2.114 * [`0d2971c`](anthropics/claude-code-action@0d2971c) fix: pass install.sh binary path explicitly to Agent SDK ([#1235](https://redirect.github.com/anthropics/claude-code-action/issues/1235)) * [`c68f82c`](anthropics/claude-code-action@c68f82c) chore: bump Claude Code to 2.1.113 and Agent SDK to 0.2.113 * [`78758ed`](anthropics/claude-code-action@78758ed) chore: bump model version in workflows ([#1227](https://redirect.github.com/anthropics/claude-code-action/issues/1227)) * [`c3d45e8`](anthropics/claude-code-action@c3d45e8) chore: bump Claude Code to 2.1.112 and Agent SDK to 0.2.112 * [`931e620`](anthropics/claude-code-action@931e620) chore: bump Claude Code to 2.1.111 and Agent SDK to 0.2.111 * [`905d4eb`](anthropics/claude-code-action@905d4eb) chore: bump Claude Code to 2.1.110 and Agent SDK to 0.2.110 * [`5fb8995`](anthropics/claude-code-action@5fb8995) chore: bump Claude Code to 2.1.109 and Agent SDK to 0.2.109 * [`c3bf66d`](anthropics/claude-code-action@c3bf66d) fix: handle fork PRs by fetching via refs/pull/N/head ([#962](https://redirect.github.com/anthropics/claude-code-action/issues/962)) ([#963](https://redirect.github.com/anthropics/claude-code-action/issues/963)) * [`3943183`](anthropics/claude-code-action@3943183) chore: bump Claude Code to 2.1.108 and Agent SDK to 0.2.108 * Additional commits viewable in [compare view](anthropics/claude-code-action@b47fd72...38ec876) Updates `github/codeql-action` from 4.35.1 to 4.35.2 Release notes *Sourced from [github/codeql-action's releases](https://github.com/github/codeql-action/releases).* > v4.35.2 > ------- > > * The undocumented TRAP cache cleanup feature that could be enabled using the `CODEQL_ACTION_CLEANUP_TRAP_CACHES` environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the `trap-caching: false` input to the `init` Action. [#3795](https://redirect.github.com/github/codeql-action/pull/3795) > * The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. [#3789](https://redirect.github.com/github/codeql-action/pull/3789) > * Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. [#3794](https://redirect.github.com/github/codeql-action/pull/3794) > * Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. [#3807](https://redirect.github.com/github/codeql-action/pull/3807) > * Update default CodeQL bundle version to [2.25.2](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2). [#3823](https://redirect.github.com/github/codeql-action/pull/3823) Changelog *Sourced from [github/codeql-action's changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md).* > CodeQL Action Changelog > ======================= > > See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. > > [UNRELEASED] > ------------ > > No user facing changes. > > 4.35.2 - 15 Apr 2026 > -------------------- > > * The undocumented TRAP cache cleanup feature that could be enabled using the `CODEQL_ACTION_CLEANUP_TRAP_CACHES` environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the `trap-caching: false` input to the `init` Action. [#3795](https://redirect.github.com/github/codeql-action/pull/3795) > * The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. [#3789](https://redirect.github.com/github/codeql-action/pull/3789) > * Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. [#3794](https://redirect.github.com/github/codeql-action/pull/3794) > * Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. [#3807](https://redirect.github.com/github/codeql-action/pull/3807) > * Update default CodeQL bundle version to [2.25.2](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2). [#3823](https://redirect.github.com/github/codeql-action/pull/3823) > > 4.35.1 - 27 Mar 2026 > -------------------- > > * Fix incorrect minimum required Git version for [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158): it should have been 2.36.0, not 2.11.0. [#3781](https://redirect.github.com/github/codeql-action/pull/3781) > > 4.35.0 - 27 Mar 2026 > -------------------- > > * Reduced the minimum Git version required for [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) from 2.38.0 to 2.11.0. [#3767](https://redirect.github.com/github/codeql-action/pull/3767) > * Update default CodeQL bundle version to [2.25.1](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1). [#3773](https://redirect.github.com/github/codeql-action/pull/3773) > > 4.34.1 - 20 Mar 2026 > -------------------- > > * Downgrade default CodeQL bundle version to [2.24.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3) due to issues with a small percentage of Actions and JavaScript analyses. [#3762](https://redirect.github.com/github/codeql-action/pull/3762) > > 4.34.0 - 20 Mar 2026 > -------------------- > > * Added an experimental change which disables TRAP caching when [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. [#3569](https://redirect.github.com/github/codeql-action/pull/3569) > * We are rolling out improved incremental analysis to C/C++ analyses that use build mode `none`. We expect this rollout to be complete by the end of April 2026. [#3584](https://redirect.github.com/github/codeql-action/pull/3584) > * Update default CodeQL bundle version to [2.25.0](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0). [#3585](https://redirect.github.com/github/codeql-action/pull/3585) > > 4.33.0 - 16 Mar 2026 > -------------------- > > * Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. [#3562](https://redirect.github.com/github/codeql-action/pull/3562) > > To opt out of this change: > > + **Repositories owned by an organization:** Create a custom repository property with the name `github-codeql-file-coverage-on-prs` and the type "True/false", then set this property to `true` in the repository's settings. For more information, see [Managing custom properties for repositories in your organization](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization). Alternatively, if you are using an advanced setup workflow, you can set the `CODEQL_ACTION_FILE_COVERAGE_ON_PRS` environment variable to `true` in your workflow. > + **User-owned repositories using default setup:** Switch to an advanced setup workflow and set the `CODEQL_ACTION_FILE_COVERAGE_ON_PRS` environment variable to `true` in your workflow. > + **User-owned repositories using advanced setup:** Set the `CODEQL_ACTION_FILE_COVERAGE_ON_PRS` environment variable to `true` in your workflow. > * Fixed [a bug](https://redirect.github.com/github/codeql-action/issues/3555) which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. [#3557](https://redirect.github.com/github/codeql-action/pull/3557) > * The CodeQL Action now loads [custom repository properties](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization) on GitHub Enterprise Server, enabling the customization of features such as `github-codeql-disable-overlay` that was previously only available on GitHub.com. [#3559](https://redirect.github.com/github/codeql-action/pull/3559) > * Once [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries) can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. [#3563](https://redirect.github.com/github/codeql-action/pull/3563) > * Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". [#3564](https://redirect.github.com/github/codeql-action/pull/3564) > * A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. [#3570](https://redirect.github.com/github/codeql-action/pull/3570) > > 4.32.6 - 05 Mar 2026 > -------------------- ... (truncated) Commits * [`95e58e9`](github/codeql-action@95e58e9) Merge pull request [#3824](https://redirect.github.com/github/codeql-action/issues/3824) from github/update-v4.35.2-d2e135a73 * [`6f31bfe`](github/codeql-action@6f31bfe) Update changelog for v4.35.2 * [`d2e135a`](github/codeql-action@d2e135a) Merge pull request [#3823](https://redirect.github.com/github/codeql-action/issues/3823) from github/update-bundle/codeql-bundle-v2.25.2 * [`60abb65`](github/codeql-action@60abb65) Add changelog note * [`5a0a562`](github/codeql-action@5a0a562) Update default bundle to codeql-bundle-v2.25.2 * [`6521697`](github/codeql-action@6521697) Merge pull request [#3820](https://redirect.github.com/github/codeql-action/issues/3820) from github/dependabot/github\_actions/dot-github/wor... * [`3c45af2`](github/codeql-action@3c45af2) Merge pull request [#3821](https://redirect.github.com/github/codeql-action/issues/3821) from github/dependabot/npm\_and\_yarn/npm-minor-345b93... * [`f1c3393`](github/codeql-action@f1c3393) Rebuild * [`1024fc4`](github/codeql-action@1024fc4) Rebuild * [`9dd4cfe`](github/codeql-action@9dd4cfe) Bump the npm-minor group across 1 directory with 6 updates * Additional commits viewable in [compare view](github/codeql-action@c10b806...95e58e9) Updates `actions/cache` from 5.0.4 to 5.0.5 Release notes *Sourced from [actions/cache's releases](https://github.com/actions/cache/releases).* > v5.0.5 > ------ > > What's Changed > -------------- > > * Update ts-http-runtime dependency by [`@yacaovsnc`](https://github.com/yacaovsnc) in [actions/cache#1747](https://redirect.github.com/actions/cache/pull/1747) > > **Full Changelog**: <actions/cache@v5...v5.0.5> Changelog *Sourced from [actions/cache's changelog](https://github.com/actions/cache/blob/main/RELEASES.md).* > Releases > ======== > > How to prepare a release > ------------------------ > > > [!NOTE] > > Relevant for maintainers with write access only. > > 1. Switch to a new branch from `main`. > 2. Run `npm test` to ensure all tests are passing. > 3. Update the version in [`https://github.com/actions/cache/blob/main/package.json`](https://github.com/actions/cache/blob/main/package.json). > 4. Run `npm run build` to update the compiled files. > 5. Update this [`https://github.com/actions/cache/blob/main/RELEASES.md`](https://github.com/actions/cache/blob/main/RELEASES.md) with the new version and changes in the `## Changelog` section. > 6. Run `licensed cache` to update the license report. > 7. Run `licensed status` and resolve any warnings by updating the [`https://github.com/actions/cache/blob/main/.licensed.yml`](https://github.com/actions/cache/blob/main/.licensed.yml) file with the exceptions. > 8. Commit your changes and push your branch upstream. > 9. Open a pull request against `main` and get it reviewed and merged. > 10. Draft a new release <https://github.com/actions/cache/releases> use the same version number used in `package.json` > 1. Create a new tag with the version number. > 2. Auto generate release notes and update them to match the changes you made in `RELEASES.md`. > 3. Toggle the set as the latest release option. > 4. Publish the release. > 11. Navigate to <https://github.com/actions/cache/actions/workflows/release-new-action-version.yml> > 1. There should be a workflow run queued with the same version number. > 2. Approve the run to publish the new version and update the major tags for this action. > > Changelog > --------- > > ### 5.0.4 > > * Bump `minimatch` to v3.1.5 (fixes ReDoS via globstar patterns) > * Bump `undici` to v6.24.1 (WebSocket decompression bomb protection, header validation fixes) > * Bump `fast-xml-parser` to v5.5.6 > > ### 5.0.3 > > * Bump `@actions/cache` to v5.0.5 (Resolves: <https://github.com/actions/cache/security/dependabot/33>) > * Bump `@actions/core` to v2.0.3 > > ### 5.0.2 > > * Bump `@actions/cache` to v5.0.3 [#1692](https://redirect.github.com/actions/cache/pull/1692) > > ### 5.0.1 > > * Update `@azure/storage-blob` to `^12.29.1` via `@actions/cache@5.0.1` [#1685](https://redirect.github.com/actions/cache/pull/1685) > > ### 5.0.0 > > > [!IMPORTANT] > > `actions/cache@v5` runs on the Node.js 24 runtime and requires a minimum Actions Runner version of `2.327.1`. ... (truncated) Commits * [`27d5ce7`](actions/cache@27d5ce7) Merge pull request [#1747](https://redirect.github.com/actions/cache/issues/1747) from actions/yacaovsnc/update-dependency * [`f280785`](actions/cache@f280785) licensed changes * [`619aeb1`](actions/cache@619aeb1) npm run build generated dist files * [`bcf16c2`](actions/cache@bcf16c2) Update ts-http-runtime to 0.3.5 * See full diff in [compare view](actions/cache@6682284...27d5ce7) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

dependabot Bot added dependencies Pull requests that update a dependency file security labels Apr 12, 2026

robfrank approved these changes Apr 13, 2026

View reviewed changes

mergify Bot merged commit 1c8f7f5 into main Apr 13, 2026
17 of 23 checks passed

dependabot Bot deleted the dependabot/npm_and_yarn/studio/main/build-tools-f27b643545 branch April 13, 2026 08:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(studio-deps-dev)(deps-dev): bump webpack from 5.105.4 to 5.106.1 in /studio in the build-tools group#3823

chore(studio-deps-dev)(deps-dev): bump webpack from 5.105.4 to 5.106.1 in /studio in the build-tools group#3823
mergify[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/studio/main/build-tools-f27b643545

dependabot Bot commented on behalf of github Apr 12, 2026

Uh oh!

dependabot Bot commented on behalf of github Apr 12, 2026

Uh oh!

codacy-production Bot commented Apr 12, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Apr 12, 2026

v5.106.1

Patch Changes

v5.106.0

Minor Changes

Patch Changes

5.106.1

Patch Changes

5.106.0

Minor Changes

Patch Changes

Uh oh!

dependabot Bot commented on behalf of github Apr 12, 2026

Labels

Uh oh!

codacy-production Bot commented Apr 12, 2026

Up to standards ✅

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant