Skip to content

Bump the npm_and_yarn group across 1 directory with 3 updates#2342

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/frontend/npm_and_yarn-46b4b611ca
Open

Bump the npm_and_yarn group across 1 directory with 3 updates#2342
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/frontend/npm_and_yarn-46b4b611ca

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 3 updates in the /frontend directory: mjml, @vitest/browser and vitest.

Updates mjml from 4.17.1 to 5.0.0

Release notes

Sourced from mjml's releases.

v5.0.0

Upgrade Guide

These are the changes users need to actively consider when upgrading to MJML 5.x.x from MJML 4.x (and early MJML 5 alphas):

Highlights

  • Replaced legacy html-minifier and js-beautify with htmlnano + cssnano. [breaking change]
  • Added templating syntax sanitization (runs before PostCSS and is restored afterwards)
  • Safer, stricter handling of mj-include and ignoreIncludes [breaking change]
  • Restructured outer HTML: the <body> tag is now driven by mj-body, not the global skeleton. [breaking change]
  • mjml-browser build/minification pipeline updated
  • Better attribute consistency across components (including more flexible border-radius). [breaking change]
  • Migration helper removed [breaking change]
  • Updated toolchain: Node 20/22/24 in CI. Removed Node 16/18 [breaking change]

HTML/CSS minification & formatting

What changed

  • HTML minification now uses htmlnano instead of html-minifier.
  • CSS minification now uses cssnano presets wired via mjml-core.
  • Minification options can be added via .mjmlconfig.js

Impact [potential breaking changes]

  • Generated HTML is more aggressively minified. If you rely on exact formatting (e.g. diffing raw HTML, parsing by regex, or checking snapshots), you may see changes.
  • Some obscure html-minifier specific options used in custom tooling will no longer apply; options are now expressed as htmlnano/cssnano configs.
  • Template tags may error in PostCSS (see Template syntax handling and sanitization below)
  • Fixes this issue: mjmlio/mjml#2589

What to do

  • Review any automation that assumes pretty‑printed HTML (tests, diffs, CI snapshot comparisons).
  • If you previously passed minify/beautify flags or custom minifier options, re‑map them to the new htmlnano/cssnano config.

Notes

  • cssnano uses lite preset by default. Due to this issue: mjmlio/mjml#2919. default preset can be used if your fonts don’t contain numerals

More detail: (mjmlio/mjml#2858)

Template syntax handling and sanitization (PostCSS)

What changed

  • Template syntax (e.g. {{ }}) is now sanitized before PostCSS and with syntax restored post-processing.

Impact

  • A CssSyntaxError error will occur when applying CSS minification to files with some template syntax
  • Fixes this issue: mjmlio/mjml#2858

... (truncated)

Commits
  • ddb2335 v5.0.0
  • 9aac8c6 v5.0.0-beta.2
  • 1dfbc95 v5.0.0-beta.1
  • 65e81da v5.0.0-alpha.11
  • 74f3577 Merge pull request #3045 from mjmlio/bugfix/3018-mjml5-ignoreIncludes-allowIn...
  • b8e6a60 Merge pull request #3044 from mjmlio/bugfix/attributes-adding-updating-for-co...
  • 2eb56d7 feature(includes): implemented tighter controls
  • 591fd1e bugfix(ignoreIncludes): updated test files
  • 6b22a67 feature(ignoreIncludes): added option for includePath
  • 9b7991f bugfix(border-radius): accept string input
  • Additional commits viewable in compare view

Updates @vitest/browser from 4.0.18 to 4.1.6

Release notes

Sourced from @​vitest/browser's releases.

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

   🐞 Bug Fixes

... (truncated)

Commits
  • a8fd24c chore: release v4.1.6
  • 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
  • 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
  • e399846 chore: release v4.1.5
  • ac04bac chore: release v4.1.4
  • d4fbb5c feat(experimental): support aria snapshot (#9668)
  • 65c9d55 fix(browser): spread user server options into browser Vite server in project ...
  • 2dc0d62 chore: release v4.1.3
  • 487990a feat(experimental): support browser.locators.exact option (#10013)
  • 66751c9 fix(expect): remove JestExtendError.context from verbose error reporting (#...
  • Additional commits viewable in compare view

Updates vitest from 4.0.18 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

... (truncated)

Commits
  • 4150b91 chore: release v4.1.0
  • 1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
  • c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
  • eab68ba chore(deps): update all non-major dependencies (#9824)
  • 031f02a fix: allow catch/finally for async assertion (#9827)
  • 3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
  • 0c2c013 chore: release v4.1.0-beta.6
  • 8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
  • a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
  • 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 3 updates
4a7e502 
Bumps the npm_and_yarn group with 3 updates in the /frontend directory: [mjml](https://github.com/mjmlio/mjml/tree/HEAD/packages/mjml), [@vitest/browser](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `mjml` from 4.17.1 to 5.0.0
- [Release notes](https://github.com/mjmlio/mjml/releases)
- [Commits](https://github.com/mjmlio/mjml/commits/v5.0.0/packages/mjml)

Updates `@vitest/browser` from 4.0.18 to 4.1.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/browser)

Updates `vitest` from 4.0.18 to 4.1.0
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest)

---
updated-dependencies:
- dependency-name: mjml
  dependency-version: 5.0.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@vitest/browser"
  dependency-version: 4.1.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 4.1.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 8, 2026
@github-actions github-actions Bot added the 📦 Lexbox issues related to any server side code, fw-headless included label Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code 📦 Lexbox issues related to any server side code, fw-headless included

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants