chore (deps): bump the patch-updates group across 1 directory with 5 updates

[dependabot]

Bumps the patch-updates group with 5 updates in the / directory:

Package	From	To
dompurify	3.4.1	3.4.2
moment-timezone	0.6.1	0.6.2
protobufjs	7.5.5	7.5.6
@babel/preset-env	7.29.2	7.29.5
postcss	8.5.10	8.5.14

Updates dompurify from 3.4.1 to 3.4.2

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.2

• Fixed an issue with URI validation on attributes allowed via ADD_ATTR callback, thanks @​nelstrom
• Fixed an issue with source maps referring to non-existing files, thanks @​cmdcolin
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

Commits

• 6f67fd3 Sync/3.4.2 (#1322)
• See full diff in compare view

Updates moment-timezone from 0.6.1 to 0.6.2

Release notes

Sourced from moment-timezone's releases.

Release 0.6.2

• Updated data to IANA TZDB 2026b. #1145

Changelog

Sourced from moment-timezone's changelog.

0.6.2 2026-04-26

• Updated data to IANA TZDB 2026b. #1145

Commits

• 466c890 Bump version and build moment-timezone 0.6.2
• e311deb Merge pull request #1145 from moment/data/2026b
• 3270009 data: Add 2026b
• f498d96 build(deps): bump picomatch from 2.3.1 to 2.3.2 (#1143)
• See full diff in compare view

Updates protobufjs from 7.5.5 to 7.5.6

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

• Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

Changelog

Sourced from protobufjs's changelog.

7.5.6 (2026-04-27)

Bug Fixes

• Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

7.5.4 (2025-08-15)

Bug Fixes

• invalid syntax in descriptor.proto (#2092) (5a3769a)

7.5.3 (2025-05-28)

Bug Fixes

• descriptor extensions handling post-editions (#2075) (6e255d4)

7.5.2 (2025-05-14)

Bug Fixes

• ensure that types are always resolved (#2068) (4b51cb2)

7.5.1 (2025-05-08)

Bug Fixes

• optimize regressions from editions implementations (#2066) (6406d4c)
• reserved field inside group blocks fail parsing (#2058) (56782bf)

7.5.0 (2025-04-15)

Features

• add Edition 2023 Support (f04ded3)
• add Edition 2023 Support (ac9a3b9)
• add Edition 2023 Support (e5ca5c8)
• add Edition 2023 Support (a84409b)
• add Edition 2023 Support (9c5a178)
• add Edition 2023 Support (b2c6867)
• add Edition 2023 Support (60f3e51)
• add Edition 2023 Support (a656361)
• add Edition 2023 Support (869a95b)

... (truncated)

Commits

• 2189e5b chore: release protobufjs-v7.x (#2174)
• 75392ea fix: Backport input hardening and CLI fixes to 7.x (#2173)
• 8af8d7c chore(ci): Fix 7.x release please configuration (#2169)
• e92ca42 chore(ci): Enable release-please for 7.x (#2166)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

Updates @babel/preset-env from 7.29.2 to 7.29.5

Release notes

Sourced from @​babel/preset-env's releases.

v7.29.5 (2026-05-05)

🏠 Internal

• babel-preset-env
  • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

• babel-plugin-transform-modules-systemjs
  • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

• Huáng Jùnliàng (@​JLHwung)

v7.29.3 (2026-04-30)

👓 Spec Compliance

• babel-parser
  • #17923 Support flow extends bound (@​JLHwung)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
• babel-register
  • #17915 Fix thread synchronization issues in @babel/register (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env
  • #17788 Add bugfix plugin for Safari array rest destructuring bug (@​JLHwung)

💅 Polish

• babel-parser
  • #17782 Improve trailing comma comment handling (@​JLHwung)

📝 Documentation

• #17847 Replace npmjs.com links with npmx.dev (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules
  • #17818 Load async Wasm and JSON imports in parallel (@​nicolo-ribaudo)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

Commits

• 3cd910d v7.29.5
• 3d399f8 [7.x backport]docs(preset-env): update CONTRIBUTING.md (#17976)
• 183db7b v7.29.3
• 268f246 Add bugfix plugin for Safari array rest destructuring bug (#17788)
• f8524d8 Update compat data (#17686)
• See full diff in compare view

Updates postcss from 8.5.10 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

Changelog

Sourced from postcss's changelog.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

Commits

• 3ec1394 Release 8.5.14 version
• f2bb827 Update dependencies
• d75953d Merge pull request #2084 from 43081j/raw-raws-rawing
• 68bd213 fix: always call raw to retrieve raw values
• af58cf1 Release 8.5.13 version
• f227dbd Temporary ignore pnpm 11 config
• d3abd40 Update dependencies
• dd06c3e Revert stringifier changes because of the conflict with postcss-scss
• ae889c8 Try to fix CI
• e0093e4 Move to pnpm 11
• Additional commits viewable in compare view

[GCHQDeveloper581]

Due diligence:

• All versions are >=3 days old and no reports of supply chain issues
• Changelogs checked
• All tests pass
• No new issues on npm ci