Bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
highlight.js	9.18.5	11.11.1
koa	2.16.1	3.0.1
marked	0.7.0	16.1.1
next	7.0.3	15.4.4
node-sass	4.14.1	9.0.0

Updates highlight.js from 9.18.5 to 11.11.1

Release notes

Sourced from highlight.js's releases.

v11.11.1 - Merry Christmas!

Version 11.11.1

• Fixes regressions with Rust grammar in 11.11.0 release.

v11.11.0 - Happy Holidays

Version 11.11.0

CAVEATS / POTENTIALLY BREAKING CHANGES

• Nothing.

Core Grammars:

• fix(rust) - adds emoji support in single quote strings [joshgoebel][]
• fix(apache) - support line continuation via \ [Josh Goebel][]
• fix(makefile) - allow strings inside $() expressions [aneesh98][]
• enh(arcade) updated to ArcGIS Arcade version 1.29 [Kristian Ekenes][]
• enh(css) add all properties listed on MDN (96 additions including anchor-name, aspect-ratio, backdrop-filter, container, margin-trim, place-content, scroll-timeline, ...) [BaliBalo][]
• enh(excel) add built-in functions for Excel 365 release to 2024 [Danny Winrow][]
• enh(erlang) OTP 27 triple-quoted strings [nixxquality][]
• enh(erlang) OTP 27 doc attribute [nixxquality][]
• enh(erlang) OTP 27 Sigil type [nixxquality][]
• enh(erlang) OTP25/27 maybe statement [nixxquality][]
• enh(dart) Support digit-separators in number literals [Sam Rawlins][]
• enh(csharp) add Contextual keywords file, args, dynamic, record, required and scoped [Alvin Joy][]
• enh(lua) add 'pluto' as an alias [Sainan]
• enh(bash) add reserved keywords time and coproc [Álvaro Mondéjar][]
• enh(nix) update keywords [h7x4][]
• enh(nix) support paths [h7x4][]
• enh(nix) support lookup paths [h7x4][]
• enh(nix) support operators [h7x4][]
• enh(nix) support REPL keywords [h7x4][]
• enh(nix) support markdown comments [h7x4][]
• enh(nix) support basic function params [h7x4][]
• enh(nix) better parsing of attrsets [h7x4][]
• fix(c) - Fixed hex numbers with decimals [Dxuian]
• fix(typescript) - Fixedoptional property not highlighted correctly [Dxuian]
• fix(ruby) - fix |= operator false positives (as block arguments) [Aboobacker MK]
• enh(gcode) rewrote language for modern gcode support [Barthélémy Bonhomme][]
• fix(sql) - Fixed sql primary key and foreign key spacing issue [Dxuian]
• fix(cpp) added flat_set and flat_map as a part of cpp 23 version [Lavan]
• fix(yaml) - Fixed special chars in yaml [Dxuian]
• fix(basic) - Fixed closing quotation marks not required for a PRINT statement [Somya]
• fix(nix) remove add builtin [h7x4][]
• fix(nix) mark or as builtin instead of literal [h7x4][]
• fix(nix) handle ''' string escapes [h7x4][]
• fix(nix) handle backslash string escapes [h7x4][]
• fix(nix) don't mix escapes for " and '' strings [h7x4][]

... (truncated)

Changelog

Sourced from highlight.js's changelog.

Version 11.11.1

• Fixes regression with Rust grammar.

Version 11.11.0

CAVEATS / POTENTIALLY BREAKING CHANGES

• Nothing yet.

Core Grammars:

• fix(rust) - adds emoji support in single quote strings [joshgoebel][]
• fix(apache) - support line continuation via \ [Josh Goebel][]
• fix(makefile) - allow strings inside $() expressions [aneesh98][]
• enh(arcade) updated to ArcGIS Arcade version 1.29 [Kristian Ekenes][]
• enh(css) add all properties listed on MDN (96 additions including anchor-name, aspect-ratio, backdrop-filter, container, margin-trim, place-content, scroll-timeline, ...) [BaliBalo][]
• enh(excel) add built-in functions for Excel 365 release to 2024 [Danny Winrow][]
• enh(erlang) OTP 27 triple-quoted strings [nixxquality][]
• enh(erlang) OTP 27 doc attribute [nixxquality][]
• enh(erlang) OTP 27 Sigil type [nixxquality][]
• enh(erlang) OTP25/27 maybe statement [nixxquality][]
• enh(dart) Support digit-separators in number literals [Sam Rawlins][]
• enh(csharp) add Contextual keywords file, args, dynamic, record, required and scoped [Alvin Joy][]
• enh(lua) add 'pluto' as an alias [Sainan]
• enh(bash) add reserved keywords time and coproc [Álvaro Mondéjar][]
• enh(nix) update keywords [h7x4][]
• enh(nix) support paths [h7x4][]
• enh(nix) support lookup paths [h7x4][]
• enh(nix) support operators [h7x4][]
• enh(nix) support REPL keywords [h7x4][]
• enh(nix) support markdown comments [h7x4][]
• enh(nix) support basic function params [h7x4][]
• enh(nix) better parsing of attrsets [h7x4][]
• fix(c) - Fixed hex numbers with decimals [Dxuian]
• fix(typescript) - Fixedoptional property not highlighted correctly [Dxuian]
• fix(ruby) - fix |= operator false positives (as block arguments) [Aboobacker MK]
• enh(gcode) rewrote language for modern gcode support [Barthélémy Bonhomme][]
• fix(sql) - Fixed sql primary key and foreign key spacing issue [Dxuian]
• fix(cpp) added flat_set and flat_map as a part of cpp 23 version [Lavan]
• fix(yaml) - Fixed special chars in yaml [Dxuian]
• fix(basic) - Fixed closing quotation marks not required for a PRINT statement [Somya]
• fix(nix) remove add builtin [h7x4][]
• fix(nix) mark or as builtin instead of literal [h7x4][]
• fix(nix) handle ''' string escapes [h7x4][]
• fix(nix) handle backslash string escapes [h7x4][]
• fix(nix) don't mix escapes for " and '' strings [h7x4][]
• fix(swift) - Fixed syntax highlighting for class func/var declarations [guuido]

... (truncated)

Commits

• 08cb242 (release) 11.1.1
• 048ba65 bump versions to 11.11.1
• c5b6ad5 fix - ignored .DS_Store files
• d020e48 enh(rust) can also escape a singe quote
• 2db4c16 fix(rust) prevent symbol from gobbling strings
• 93e6358 fix(rust) fix regression with string matching
• 40883e1 (release) version 11.11.0 with npm bumps (#4185)
• a667cde fix(rust) emoji supported in single quote strings (#4156)
• 55b0deb enh(apache) support line continuation with \ (#4158)
• 3e06867 fix(parser) prevent gobbling of illegal newlines (#4142)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by highlightjs_bot, a new releaser for highlight.js since your current version.

Updates koa from 2.16.1 to 3.0.1

Release notes

Sourced from koa's releases.

v3.0.1

What's Changed

• fix(security): only allow same origin referer on response back koajs/koa@422c551
• chore: adds initial doc text refresh; migration guide [CHORE-1870] by @​yowainwright in koajs/koa#1877
• build(deps-dev): bump formidable from 3.5.2 to 3.5.4 by @​dependabot[bot] in koajs/koa#1878
• chore: removes done callbacks in tests [CHORE-1870] by @​yowainwright in koajs/koa#1875
• build(deps-dev): bump supertest from 7.1.0 to 7.1.1 by @​dependabot[bot] in koajs/koa#1879
• build(deps): bump debug from 4.4.0 to 4.4.1 by @​dependabot[bot] in koajs/koa#1880
• feat: replace debug module with pure node:util::debuglog by @​3imed-jaberi in koajs/koa#1885
• feat: replace cache-content-type with mime-types directly by @​3imed-jaberi in koajs/koa#1886
• build(deps): bump statuses from 2.0.1 to 2.0.2 by @​dependabot[bot] in koajs/koa#1888
• build(deps-dev): bump supertest from 7.1.1 to 7.1.4 by @​dependabot[bot] in koajs/koa#1895
• build(deps-dev): bump form-data from 4.0.3 to 4.0.4 by @​dependabot[bot] in koajs/koa#1894

Full Changelog: koajs/koa@v3.0.0...v3.0.1

v3.0.0

This is a major release.

Breaking

• Minimum node v18
• Removes .redirect('back'), adds .back(fallback_url) @​fl0w koajs/koa#1115
• For .redirect(), don't render redirect values in anchor ref koajs/koa@ff25eb4
• req.origin should display the origin header if it exists, not the current hostname koajs/koa#1008. origin now aligns with the Origin header as used in CORS.
• .body=<json> should not overwrite type if type already json koajs/koa#1120
• Remove special ENOENT support koajs/koa#1861 - this is a big change and will require any file servers to adapt to this change for handling 404s / files not found
• Removes generator deprecation messages. Generators are no longer supported. Koa no longer asserts if generators are used. Set content-length: 0 if body is explicitly set to null @​ognjenjevremovic #1528 Remove obsolete createAsyncCtxStorageMiddleware koajs/koa#1817
• ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors

New

• Support custom streams @​KristapsR koajs/koa#1825
• Support WHATWG response bodies koajs/koa#1830 @​kravorkid
• Use asyncLocalStorage to get current context from app, e.g.: const ctx = app.currentContext.

Fixes

• Handle responses when socket is no longer writable @​titanism @​azlond koajs/koa#1593
• fix: Do not response Content-Length if Transfer-Encoding is defined #1562 @​charlyzeng
• fix: Set body to 'null' if ctx.type = 'json' and ctx.body = null #1059 @​likegun
• fix: can not get currentContext in error handler (#1758) (Gxkl <gxkl203@gmail.com>)
• Fix exports.defaults in package.json koajs/koa#1630
• Fix leaky handles in tests koajs/koa#1838
• Fix body null checks koajs/koa#1814
• Fix reformatting redirect URLs koajs/koa#1805 koajs/koa#1804
• Fix passing ctx in error handler koajs/koa#1758

... (truncated)

Changelog

Sourced from koa's changelog.

[!IMPORTANT] Moving forwards we are using the GitHub releases page at https://github.com/koajs/koa/releases in combination with np for publishing releases and their changelogs.

---

3.0.0-alpha.3 / 2025-02-11

fixes

• Avoid redos on host and protocol getter

3.0.0-alpha.2 / 2024-11-04

breaking changes

• Update http-errors to v2.0.0 #1486
  • ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors
• Remove res.redirect('back'), add back() method to ctx #1115
• Replace node querystring with URLSearchParams #1828
• Remove obsolete createAsyncCtxStorageMiddleware #1817

features

• Add support for web WHATWG #1830

updates

• Update cookies to ~0.9.1 #1846
• Update statuses to ^2.0.1
• Update supertest to ^7.0.0 #1841

fixes

• Fix exports.defaults in package.json #1630
• Fix leaky handles in tests #1838
• Fix body null checks #1814
• Fix reformatting redirect URLs #1805 #1804
• Fix passing ctx in error handler #1758

migrations

• Migrate from jest to the native node test runner #1845

3.0.0-alpha.1 / 2023-04-12

fixes

• [e98b8d1] - fix: can not get currentContext in error handler (#1758) (Gxkl <gxkl203@gmail.com>)

3.0.0-alpha.0 / 2023-01-02

Breaking Changes

... (truncated)

Commits

• 1ddb048 3.0.1
• 422c551 Merge commit from fork
• 6e51eb1 build(deps-dev): bump form-data from 4.0.3 to 4.0.4 (#1894)
• d378e5c build(deps-dev): bump supertest from 7.1.1 to 7.1.4 (#1895)
• cb22d8d build(deps): bump statuses from 2.0.1 to 2.0.2 (#1888)
• 0acad8f feat: replace cache-content-type with mime-types directly (#1886)
• 2f6e814 feat: replace debug module with pure node:util::debuglog (#1885)
• 8620ced build(deps): bump debug from 4.4.0 to 4.4.1 (#1880)
• dec1ffc build(deps-dev): bump supertest from 7.1.0 to 7.1.1 (#1879)
• 9057541 chore: removes done callbacks in tests [CHORE-1870] (#1875)
• Additional commits viewable in compare view

Updates marked from 0.7.0 to 16.1.1

Release notes

Sourced from marked's releases.

v16.1.1

16.1.1 (2025-07-18)

Bug Fixes

• fix stong and em tokens in angle brackets (#3731) (ad8535c)

v16.1.0

16.1.0 (2025-07-17)

Features

• add generic types for parser and renderer output (#3722) (39a0ee3)

v16.0.0

16.0.0 (2025-06-27)

Bug Fixes

• remove cjs build & update min node to 20 (#3687) (0a35d8f)

BREAKING CHANGES

• minify ./lib/marked.esm.js and ./lib/marked.umd.js
• remove ./marked.min.js use ./lib/marked.umd.js instead
• remove ./lib/marked.cjs
• update minimum supported node version to 20 to support require('marked.esm.js'). see https://nodejs.org/docs/latest-v20.x/api/modules.html#loading-ecmascript-modules-using-require

v15.0.12

15.0.12 (2025-05-20)

Bug Fixes

• use esbuild for accurate sourcemaps (#3670) (7a6b2d7)

v15.0.11

15.0.11 (2025-04-25)

Bug Fixes

• fix image alt text rendered to match common mark (#3668) (2c0e47a)

... (truncated)

Commits

• 9ba9c02 chore(release): 16.1.1 [skip ci]
• ad8535c fix: fix stong and em tokens in angle brackets (#3731)
• eb3ad1a chore(release): 16.1.0 [skip ci]
• 39a0ee3 feat: add generic types for parser and renderer output (#3722)
• 1d687e0 docs: add marked-html-renderer to known extensions (#3724)
• d816635 chore(deps-dev): Bump semantic-release from 24.2.6 to 24.2.7 (#3725)
• 052f9ed chore(deps-dev): Bump esbuild from 0.25.5 to 0.25.6 (#3726)
• 7fc8692 chore(deps-dev): Bump eslint from 9.30.1 to 9.31.0 (#3727)
• 56642d9 chore(deps-dev): Bump eslint from 9.30.0 to 9.30.1 (#3723)
• dbf29d9 chore(deps-dev): Bump semantic-release from 24.2.5 to 24.2.6 (#3721)
• Additional commits viewable in compare view

Updates next from 7.0.3 to 15.4.4

Release notes

Sourced from next's releases.

v15.4.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix dynamicParams false layout case in dev (#82026)
• Turbopack: fix scope hoisting variable renaming bug (#81640)
• Upgrade to swc v33 (#81750)
• Revert "[metadata] use https protocol for schema urls" (#81934)

Credits

Huge thanks to @​bgw @​mischnic @​huozhi @​lukesandberg and @​ijjk for helping!

v15.4.3

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Turbopack: fix dist dir on Windows (#81758)

Credits

Huge thanks to @​mischnic for helping!

v15.4.2

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• pages router metadata bugs with React 19 (#81733)
• [metadata] replace for initial body icon case (#81688)
• Ensure custom NextServer config is honored (#81681)

Credits

Huge thanks to @​huozhi, @​ijjk, and @​ztanner for helping!

v15.4.2-canary.19

Core Changes

• Turbopack: write tasks doesn't need to be session dependent, as effects will restore: #78727

... (truncated)

Commits

• fe5db65 v15.4.4
• 4a90ff7 [backport] Fix dynamicParams false layout case in dev (#82026)
• 9bf932c Turbopack: fix scope hoisting variable renaming bug (#81640)
• 6d0ffcc Upgrade to swc v33 (#81750)
• e545417 Turbopack: Use workaround for rustc miscompilation bug on macos intel
• 7d76cb8 Revert "[metadata] use https protocol for schema urls" (#81934)
• f980400 v15.4.3
• a5b73c3 Backport: Turbopack: fix dist dir on Windows (#81758) (#81925)
• 1617b26 v15.4.2
• 8f64c82 fix: pages router metadata bugs with React 19 (#81733)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for next since your current version.

Updates node-sass from 4.14.1 to 9.0.0

Release notes

Sourced from node-sass's releases.

v9.0.0

What's Changed

• Node 20 support by @​nschonni in sass/node-sass#3355

Breaking changes

• Drop support for Node 14 (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	16, 18, 19, 20
OSX	x64	16, 18, 19, 20
Linux*	x64	16, 18, 19, 20
Alpine Linux	x64	16, 18, 19, 20

*Linux support refers to major distributions like Ubuntu, and Debian

v8.0.0

What's Changed

• Fix binaries being partially downloaded by @​xzyfer in sass/node-sass#3313
• Bump node-gyp and nan for node 19 support by @​xzyfer in sass/node-sass#3314
• feat: Node 18 and 19 support and drop Node 17 by @​nschonni in sass/node-sass#3257

Breaking changes

• Drop support for Node 12 (@​nschonni)
• Drop support for Node 17 (@​nschonni)
• Set rejectUnauthorized to true by default (@​scott-ut, #3149)

Features

• Add support for Node 18 (@​nschonni)
• Add support for Node 19 (@​nschonni)
• Replace request with make-fetch-happen (@​CamilleDrapier @​xzyfer, #3193, #3313)

Dependencies

• Bump true-case-path@2.2.1
• Bump node-gyp @​9.0.0
• Bump nan@^2.17.0
• Bump sass-graph@^4.0.1

Misc

• Bump various GitHub Actions dependencies (@​nschonni)

... (truncated)

Commits

• 87f3899 feat: Node 20 support (#3355)
• 06ae4c7 build(deps): bump coverallsapp/github-action from 2.0.0 to 2.1.0 (#3350)
• e069f73 build(deps): bump coverallsapp/github-action from 1.2.0 to 2.0.0
• c34837d build(deps): bump coverallsapp/github-action from 1.1.3 to 1.2.0
• ee13eb9 8.0.0
• 98e75b3 feat: Node 18 and 19 support and drop Node 17 (#3257)
• e9bb866 Bump node-gyp and nan for node 19 support (#3314)
• ab7840b Fix binaries being partially downloaded (#3313)
• d595abf 7.0.3
• 3b556c1 7.0.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.