chore(deps): bump the npm_and_yarn group across 1 directory with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: @grpc/grpc-js, protobufjs, tmp and vite.

Updates @grpc/grpc-js from 1.9.15 to 1.9.16

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.9.16

• Fix a bug that could cause servers to crash when handling malformed requests (advisory GHSA-5375-pq7m-f5r2)
• Fix a bug that could cause clients and servers to crash when handling malformed compressed messages (advisory GHSA-99f4-grh7-6pcq)

Commits

• 0acbec3 Merge pull request #3057 from murgatroid99/grpc-js_1.9.16
• dc863ba Merge commit from fork
• 5174091 Merge commit from fork
• 343ef83 grpc-js: Bump version to 1.9.16
• f7d3eec Make compression error a static string
• b6dcfc3 Fix crashes when receiving malformed compressed data
• 1cf4bfa Fix server crash when handling invalid requests
• 1aec8d8 Merge pull request #2992 from murgatroid99/grpc-js_fix_buffer_type_1.9.x
• b9797cf grpc-js: Declare buffer type to avoid build error
• ff204f7 Merge pull request #2887 from murgatroid99/grpc-js-xds_preserve_type_state_1.9.x
• Additional commits viewable in compare view

Updates protobufjs from 7.5.4 to 7.6.4

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.6.4

7.6.4 (2026-06-12)

Bug Fixes

• Reconfigure and speed up CI (#2329) (574f761)
• Remove inquire submodule (#2327) (06ddd07)

protobufjs: v7.6.3

7.6.3 (2026-06-09)

Bug Fixes

• Avoid name collisions in generated code (#2311) (78a9576)
• Preserve null conversion behavior for fieldless messages (#2312) (df91652)

protobufjs: v7.6.2

7.6.2 (2026-05-30)

Bug Fixes

• Backport consistency and correctness fixes (#2294) (a92f72e)

protobufjs: v7.6.1

7.6.1 (2026-05-22)

Bug Fixes

• Backport misc utility hardening (#2280) (8a45c13)
• Treat fixed64 as unsigned in converters (#2266) (479dfdc)

protobufjs: v7.6.0

7.6.0 (2026-05-18)

Features

• Support BigInt conversions (7.x) (#2258) (f769242)

protobufjs: v7.5.9

7.5.9 (2026-05-17)

Bug Fixes

• Backport bundler-safe optional module lookups (#2254) (0853a62)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.6.4 (2026-06-12)

Bug Fixes

• Reconfigure and speed up CI (#2329) (574f761)
• Remove inquire submodule (#2327) (06ddd07)

7.6.3 (2026-06-09)

Bug Fixes

• Avoid name collisions in generated code (#2311) (78a9576)
• Preserve null conversion behavior for fieldless messages (#2312) (df91652)

7.6.2 (2026-05-30)

Bug Fixes

• Backport consistency and correctness fixes (#2294) (a92f72e)

7.6.1 (2026-05-22)

Bug Fixes

• Backport misc utility hardening (#2280) (8a45c13)
• Treat fixed64 as unsigned in converters (#2266) (479dfdc)

7.6.0 (2026-05-18)

Features

• Support BigInt conversions (7.x) (#2258) (f769242)

7.5.9 (2026-05-17)

Bug Fixes

• Backport bundler-safe optional module lookups (#2254) (0853a62)

7.5.8 (2026-05-12)

Bug Fixes

... (truncated)

Commits

• f8f64ef chore: release protobufjs-v7.x (#2330)
• 574f761 fix: Reconfigure and speed up CI (#2329)
• 06ddd07 fix: Remove inquire submodule (#2327)
• 1d3796d chore: release protobufjs-v7.x (#2317)
• df91652 fix: Preserve null conversion behavior for fieldless messages (#2312)
• 78a9576 fix: Avoid name collisions in generated code (#2311)
• ec90ef9 chore: release protobufjs-v7.x (#2295)
• a92f72e fix: Backport consistency and correctness fixes (#2294)
• f0b50d2 chore: release protobufjs-v7.x (#2268)
• 8a45c13 fix: Backport misc utility hardening (#2280)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

Updates tmp from 0.2.5 to 0.2.7

Commits

• 8ea1f37 Bump up the version
• 8f24f78 Merge commit from fork
• ce787f3 Reject non-string prefix, postfix, template
• 41f7159 Bump up the version
• efa4a06 Merge commit from fork
• 7ef2728 Check for relative values
• See full diff in compare view

Updates vite from 8.0.8 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

• extend server.fs.deny list with common files (#22707) (61ba8fd)
• update rolldown to 1.1.2 (#22695) (4f008a6)
• use ~ for Rolldown (#22693) (9928722)

Bug Fixes

• bundled-dev: errors should be kept when incremental build fails (#22617) (9a0dd48)
• cache falsy values in perEnvironmentState (#22715) (0e91e79)
• glob: respect caseSensitive option in hmr matcher (#22711) (65f525e)
• html: omit nonce on import map when cspNonce is unset (#22713) (8340bb5)
• optimizer: skip null-valued exports in expandGlobIds glob resolution (#22611) (8b9f5cd)
• resolved build options should be kept as a getter (#22691) (3527191)
• server: handle malformed URI in memory files middleware (#22714) (df9e0a5)
• use literal envPrefix queries for Vite Task (#22706) (da72733)
• warn on deprecated envFile (#22555) (ed7b283)

Code Refactoring

• client: inline dev-id value in CSS selector (#22736) (57f59bc)
• remove unused removeRawQuery util (#22724) (403cc60)
• use rolldownOptions property for chunkImportMap (#22692) (8e8816c)

8.1.0-beta.0 (2026-06-15)

Features

• import.meta.glob support caseSensitive option (#21707) (2ad6737)
• add warning to discourage Vite with yarn pnp (#21906) (3fbb55a)
• build: chunk importmap (#21580) (e180312)
• css: support lightningcss plugin dependency (#21748) (0b7aaed)
• deps: bump @​vitejs/devtools peer dependency version (#22542) (d2c2bc0)
• html: add html.additionalAssetSources option (#21412) (a41404b)
• integrate with Vite Task for zero-config build caching (#22453) (f8d75f7)
• rename server.hmr options to server.ws options (#21357) (9ce3036)
• server: support multiple hosts in __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS (#21501) (735f9a1)
• track dependencies when loading config with native (#22602) (a7e2da8)
• types: add more precise typing for known query types to match known as types (#21863) (cc39e55)
• update rolldown to 1.1.1 (#22593) (8a13d63)
• wasm: direct .wasm imports (WASM ESM Integration) (#21779) (c23d85b)

Bug Fixes

• apply correct fs restrictions for pnpm gvs (#22415) (092320b)
• css: support external CSS with lightningcss (#18389) (d64a1a5)
• deps: update all non-major dependencies (#22637) (44bb9d9)
• deps: update all non-major dependencies (#22681) (f4f0633)
• html: insert import map before modulepreload that is not self-close tag (#21409) (e399c89)
• optimizer: preserve sourcemaps for transformed optimized deps with follow-up transforms (#22428) (1298951)

... (truncated)

Commits

• 5909efd fix: allow multiple bindCLIShortcuts calls with shortcut merging (#21103)
• 39a0a15 chore(deps): update rolldown-related dependencies (#21095)
• 6a34ac3 fix(deps): update all non-major dependencies (#21096)
• 02ceaec chore(deps): update dependency @​rollup/plugin-commonjs to v29 (#21099)
• 572aaca release: v7.2.2
• 728c8ee fix: revert "refactor: use fs.cpSync (#21019)" (#21081)
• a532e68 release: v7.2.1
• 82d2d6c fix(worker): some worker asset was missing (#21074)
• f83264f refactor(build): rename indexOfMatchInSlice to findPreloadMarker (#21054)
• 8293de0 release: v7.2.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.