Bump the prod-dependencies-minor group across 1 directory with 6 updates

[dependabot]

Bumps the prod-dependencies-minor group with 6 updates in the / directory:

Package	From	To
css-tree	3.1.0	3.2.1
mermaid	11.12.3	11.14.0
overlayscrollbars	2.14.0	2.15.1
react-frame-component	5.2.7	5.3.2
ws	8.19.0	8.20.0
sass	1.91.0	1.99.0

Updates css-tree from 3.1.0 to 3.2.1

Release notes

Sourced from css-tree's releases.

3.2.1

• Fixed parsing of nested function in a group in definition syntax (#358)

3.2.0

• Added "sideEffects": false in package.json
• Added list option to the parse() method to specify whether the parser should produce a List (by default, list: true) or an array (list: false) for node's children (e.g., SelectorList, Block, etc.)
• Added support for Functional Notation in definition syntax (for now by wrapping function arguments into an implicit group when necessary, see #292)
• Added support for stacked multipliers {A}? and {A,B}? according to spec in definition syntax parsing (#346)
• Added math functions support in syntax matching (e.g., min(), max(), etc.) (#344)
• Added onToken option to the parse() method, which can be either an array or a function:
  • When the value is an array, it is populated with objects { type, start, end } (token type, and its start and end offsets).
  • When the value is a function, it accepts type, start, end, and index parameters, and is invoked with a token API as this, enabling advanced token handling (see onToken). For example, the following demonstrates checking if all block tokens have matching pairs:

    parse(css, {
        onToken(type, start, end, index) {
            if (this.isBlockOpenerTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No closing pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            } else if (this.isBlockCloserTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No opening pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            }
        }
    });

• Extended TokenStream with the following methods:
  • getTokenEnd(tokenIndex) – returns the token's end offset by index, complementing getTokenStart(tokenIndex)
  • getTokenType(tokenIndex) – returns the token's type by index
  • isBlockOpenerTokenType(tokenType) – returns true for <function-token>, <(-token>, <[-token>, and <{-token>
  • isBlockCloserTokenType(tokenType) – returns true for <)-token>, <]-token>, and <}-token>
  • getBlockTokenPairIndex(tokenIndex) – returns the index of the pair token for a block, or -1 if no pair exists
• Changed generate() to not auto insert whitespaces between tokens for raw values (#356)
• Fixed fork() to extend node definitions instead of overriding them. For example, fork({ node: { Dimension: { generate() { /* ... */ } } } }) will now update only the generate() method on the Dimension node, while inheriting all other properties from the previous syntax definition.
• Bumped mdn/data to 2.27.1 and various fixes in syntaxes

Changelog

Sourced from css-tree's changelog.

3.2.1 (March 5, 2026)

• Fixed parsing of nested function in a group in definition syntax (#358)

3.2.0 (March 4, 2026)

• Added "sideEffects": false in package.json
• Added list option to the parse() method to specify whether the parser should produce a List (by default, list: true) or an array (list: false) for node's children (e.g., SelectorList, Block, etc.)
• Added support for Functional Notation in definition syntax (for now by wrapping function arguments into an implicit group when necessary, see #292)
• Added support for stacked multipliers {A}? and {A,B}? according to spec in definition syntax parsing (#346)
• Added math functions support in syntax matching (e.g., min(), max(), etc.) (#344)
• Added onToken option to the parse() method, which can be either an array or a function:
  • When the value is an array, it is populated with objects { type, start, end } (token type, and its start and end offsets).
  • When the value is a function, it accepts type, start, end, and index parameters, and is invoked with a token API as this, enabling advanced token handling (see onToken). For example, the following demonstrates checking if all block tokens have matching pairs:

    parse(css, {
        onToken(type, start, end, index) {
            if (this.isBlockOpenerTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No closing pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            } else if (this.isBlockCloserTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No opening pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            }
        }
    });

• Extended TokenStream with the following methods:
  • getTokenEnd(tokenIndex) – returns the token's end offset by index, complementing getTokenStart(tokenIndex)
  • getTokenType(tokenIndex) – returns the token's type by index
  • isBlockOpenerTokenType(tokenType) – returns true for <function-token>, <(-token>, <[-token>, and <{-token>
  • isBlockCloserTokenType(tokenType) – returns true for <)-token>, <]-token>, and <}-token>
  • getBlockTokenPairIndex(tokenIndex) – returns the index of the pair token for a block, or -1 if no pair exists
• Changed generate() to not auto insert whitespaces between tokens for raw values (#356)
• Fixed fork() to extend node definitions instead of overriding them. For example, fork({ node: { Dimension: { generate() { /* ... */ } } } }) will now update only the generate() method on the Dimension node, while inheriting all other properties from the previous syntax definition.
• Bumped mdn/data to 2.27.1 and various fixes in syntaxes

Commits

• 8a6caba 3.2.1
• 7c7f9ee Fix parsing of nested function in a group in definition syntax (fixes #358)
• c42fee2 3.2.0
• aad332e Add Function Notation in syntax definition (#292)
• 264d09d Fix GitHub actions
• 5766a65 Fix syntax definition issues
• 307d8df Bump deps
• c008c01 Add support for stacked multipliers {A}? and {A,B}? in definition syntax ...
• 20f5671 Add list option for parser (fixes #348)
• 39a0c72 Update nodejs versions
• Additional commits viewable in compare view

Updates mermaid from 11.12.3 to 11.14.0

Release notes

Sourced from mermaid's releases.

mermaid@11.14.0

Thanks to our awesome mermaid community that contributed to this release: @​ashishjain0512, @​tractorjuice, @​autofix-ci[bot], @​aloisklink, @​knsv, @​kibanana, @​chandershekhar22, @​khalil, @​ytatsuno, @​sidharthv96, @​github-actions[bot], @​dripcoding, @​knsv-bot, @​jeroensmink98, @​Alex9583, @​GhassenS, @​omkarht, @​darshanr0107, @​leentaylor, @​lee-treehouse, @​veeceey, @​turntrout, @​Mermaid-Chart, @​BambioGaming, Claude

Releases

@​mermaid-js/examples@​1.2.0

Minor Changes

• #7526 efe218a - add new TreeView diagram

mermaid@11.14.0

Minor Changes

• #7526 efe218a - Add Wardley Maps diagram type (beta)

  Adds Wardley Maps as a new diagram type to Mermaid (available as wardley-beta). Wardley Maps are visual representations of business strategy that help map value chains and component evolution.

  Features:

  • Component positioning with [visibility, evolution] coordinates (OWM format)
  • Anchors for users/customers
  • Multiple link types: dependencies, flows, labeled links
  • Evolution arrows and trend indicators
  • Custom evolution stages with optional dual labels
  • Custom stage widths using @​boundary notation
  • Pipeline components with visibility inheritance
  • Annotations, notes, and visual elements
  • Source strategy markers: build, buy, outsource, market
  • Inertia indicators
  • Theme integration

  Implementation includes parser, D3.js renderer, unit tests, E2E tests, and comprehensive documentation.

• #7526 efe218a - feat: implement neo look styling for state diagrams

• #7526 efe218a - feat: implement neo look support for sequence diagrams with drop shadows, and enhanced styling

• #7526 efe218a - feat: add randomize config option for architecture diagrams, defaulting to false for deterministic layout

• #7526 efe218a - feat: Add option to change timeline direction

• #7526 efe218a - Fix duplicate SVG element IDs when rendering multiple diagrams on the same page. Internal element IDs (nodes, edges, markers, clusters) are now prefixed with the diagram's SVG element ID across all diagram types. Custom CSS or JS using exact ID selectors like #arrowhead should use attribute-ending selectors like [id$="-arrowhead"] instead.

• #7526 efe218a - feat: implement neo look styling for ER diagrams

• #7526 efe218a - feat: implement neo look styling for requirement diagrams

• #7526 efe218a - feat: add theme support for data label colour in xy chart

... (truncated)

Commits

• 2b9d054 Version Packages (#7561)
• efe218a Release candidate 11.14.0 (#7526)
• d2b5b2b chore: Editor Picker V2 (#7497)
• 07c554e Setting the link to Get started to the correct on
• b1a5e9b Version Packages (#7466)
• bdd7abd fix: use correct package name for elk
• a900618 dummy commit
• a60e615 Fix: ER diagram edge label positioning (#7453)
• 1d17c14 Merge branch 'master' of https://github.com/mermaid-js/mermaid
• 500be12 chore: Update coupon
• Additional commits viewable in compare view

Updates overlayscrollbars from 2.14.0 to 2.15.1

Changelog

Sourced from overlayscrollbars's changelog.

2.15.1

Improvements

• The instance.sleep function will now also put the scrollbars.autoHide timer to sleep.

2.15.0

Features

• The option options.scrollbars.clickScroll now also accepts a function which can be used to customize the click scroll behavior. #754
• Added the instance.sleep function. Can be used to optimize performance or visual feedback. (for example during animations) #755

Commits

• See full diff in compare view

Updates react-frame-component from 5.2.7 to 5.3.2

Release notes

Sourced from react-frame-component's releases.

v5.3.2

Patch Changes

• f191d58: Add types condition to package.json exports to fix TypeScript resolution with TSGo and modern ESM tools

• 1820bc3: ## Fix race condition in getMountTarget() (issue #250)

  Fixed "Cannot read properties of null" errors when initialContent changes rapidly by adding null checks for doc and doc.body in getMountTarget().

  Changes

  • src/Frame.jsx: Added null check in getMountTarget() to handle cases when iframe document is temporarily unavailable during rapid rerenders

v5.3.0

What's Changed

Add fallback to document.write() for initial frame rendering via dangerouslyUseDocWrite prop to support libraries like Repcaptcha and Google Maps that depend on the frame's location/origin.

PR #248: Add document.write() fallback (@​andrewpye)

---

Previous releases: https://github.com/ryanseddon/react-frame-component/releases

Changelog

Sourced from react-frame-component's changelog.

5.3.2

Patch Changes

• f191d58: Add types condition to package.json exports to fix TypeScript resolution with TSGo and modern ESM tools

• 1820bc3: ## Fix race condition in getMountTarget() (issue #250)

  Fixed "Cannot read properties of null" errors when initialContent changes rapidly by adding null checks for doc and doc.body in getMountTarget().

  Changes

  • src/Frame.jsx: Added null check in getMountTarget() to handle cases when iframe document is temporarily unavailable during rapid rerenders

5.3.1

Patch Changes

• 14c215c: Fix React 19 and Vite compatibility by externalizing react/jsx-runtime

  The ESM and UMD builds were incorrectly bundling react/jsx-runtime inline from CommonJS source, which caused two issues:

  1. ESM builds contained __require("react") calls - This failed in browser ESM environments with "Could not dynamically require react" errors when using Vite.
  2. UMD builds referenced __SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED.ReactCurrentOwner - This internal API was removed in React 19, causing "Cannot read properties of undefined" errors.

  The fix adds react/jsx-runtime and react/jsx-dev-runtime to the external dependencies list in the Vite configuration. This ensures the JSX transform is loaded from the proper module format rather than being bundled inline from CJS source.

  Bundle size improvements:

  • ESM: 35.7 KB → 4.6 KB (-87%)
  • UMD: 37.9 KB → 6.8 KB (-82%)

  Fixes #280

5.3.0

Minor Changes

• 8d922c3: Add fallback to document.write() for initial frame rendering via dangerouslyUseDocWrite prop to support libraries like Repcaptcha and Google Maps that depend on the frame's location/origin.

Commits

• 3f4cb97 Update npm to latest for OIDC trusted publishing (#290)
• eddb677 Revert "Update npm to latest for OIDC trusted publishing"
• 194d769 Update npm to latest for OIDC trusted publishing
• ed62652 Version Packages (#289)
• fb302a0 Bump follow-redirects from 1.15.0 to 1.15.11
• c44e385 Merge pull request #285 from ryanseddon/dependabot/npm_and_yarn/picomatch-2.3.2
• 722560a Bump picomatch from 2.3.1 to 2.3.2
• d6b8e30 Merge pull request #288 from ryanseddon/fix/issue-287-types-exports
• f191d58 Add changeset
• 1820bc3 fix: add null check in getMountTarget to prevent race condition (#286)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for react-frame-component since your current version.

Updates ws from 8.19.0 to 8.20.0

Release notes

Sourced from ws's releases.

8.20.0

Features

• Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

Commits

• 8439255 [dist] 8.20.0
• d3503c1 [minor] Export the PerMessageDeflate class and header utils
• 3ee5349 [api] Convert the isServer and maxPayload parameters to options
• 91707b4 [doc] Add missing space
• 8b55319 [pkg] Update eslint to version 10.0.1
• ca533a5 [pkg] Update globals to version 17.0.0
• See full diff in compare view

Updates sass from 1.91.0 to 1.99.0

Release notes

Sourced from sass's releases.

Dart Sass 1.99.0

To install Sass 1.99.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

• User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

• User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

• User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

  See the Sass website for details.

• In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

  See the Sass website for details.

• Calls to functions whose names begin with - and end with -progid:... are deprecated.

  See the Sass website for details.

See the full changelog for changes in earlier releases.

Dart Sass 1.98.0

To install Sass 1.98.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Command-Line Interface

• Gracefully handle dependency loops in --watch mode.

Dart API

• Add a const Logger.defaultLogger field. This provides a logger that emits to standard error or the browser console, but automatically chooses whether to use terminal colors.

JavaScript API

• Fix a crash when manually constructing a SassCalculation for 'calc' with an argument that can't be simplified.

... (truncated)

Changelog

Sourced from sass's changelog.

1.99.0

• Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

• User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

• User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

• User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

  See the Sass website for details.

• In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

  See the Sass website for details.

• Calls to functions whose names begin with - and end with -progid:... are deprecated.

  See the Sass website for details.

1.98.0

Command-Line Interface

• Gracefully handle dependency loops in --watch mode.

Dart API

• Add a const Logger.defaultLogger field. This provides a logger that emits to standard error or the browser console, but automatically chooses whether to use terminal colors.

JavaScript API

• Fix a crash when manually constructing a SassCalculation for 'calc' with

... (truncated)

Commits

• 83c39fe Support the top-level parent selector (#2758)
• ec85871 Bump EndBug/add-and-commit from 9 to 10 (#2756)
• a604acd [Function Name] Implement changes (#2731)
• 5a81ae3 Bump version to 1.98.0 (#2754)
• e25e71d Update immutable to v5.1.5 (#2753)
• 43fac1a Bump actions/upload-artifact from 6 to 7 (#2747)
• 8b85c9a Bump actions/download-artifact from 7 to 8 (#2749)
• 00f83f0 Bump postcss from 8.5.6 to 8.5.8 in /pkg/sass-parser (#2752)
• 0a325a4 Bump actions/attest-build-provenance from 3 to 4 (#2748)
• 7fb3c0f Gracefully handle dependency loops in watch mode (#2746)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for sass since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cloudflare-workers-and-pages]

Deploying waveterm with    Cloudflare Pages

Latest commit:	df9c82b
Status:	✅  Deploy successful!
Preview URL:	https://378b3109.waveterm.pages.dev
Branch Preview URL:	https://dependabot-npm-and-yarn-prod-x2x7.waveterm.pages.dev

View logs