Bump the npm_and_yarn group across 2 directories with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 3 updates in the / directory: lodash, @tiptap/extension-link and vite.
Bumps the npm_and_yarn group with 1 update in the /src/components/elements/element-9ae1fce8-2e31-4bfd-a4d2-0450235bdfd5/src/components/elements/element-9ae1fce8-2e31-4bfd-a4d2-0450235bdfd5 directory: @tiptap/extension-link.

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates @tiptap/extension-link from 2.8.0 to 2.10.4

Changelog

Sourced from @​tiptap/extension-link's changelog.

2.10.4

Patch Changes

• 1c2fefe: Added checks for allowed protocols in link commands & exported isValidUri helper for manual checks outside of the extension

2.10.3

2.10.2

2.10.1

2.10.0

Patch Changes

• 7619215: The link extension's validate option now applies to both auto-linking and XSS mitigation. While, the new shouldAutoLink option is used to disable auto linking on an otherwise valid url.

2.9.1

2.9.0

Commits

• f2afde0 chore(release): release version 2.10.4 (#5947)
• 1c2fefe Fixed Link extension's commands not respecting XSS prevention via unallowed p...
• 7567ace chore(release): release version 2.10.3 (#5874)
• ccd0147 fix(link): change type HTMLLinkElement to HTMLAnchorElement (#5858)
• c5d87d6 chore(release): release version 2.10.2 (#5861)
• 9d1c41e chore(release): publish a new release version (#5855)
• 4b2de33 chore(release): release version 2.10.0 (#5843)
• 7619215 revert: "chore(release): publish a new pre-release version (#5769)"
• 177868a chore(release): publish a new pre-release version (#5769)
• 62c6ddd fix(link): add backwards compat by deprecating validate and using isAllowedUr...
• Additional commits viewable in compare view

Updates vite from 6.3.5 to 6.4.1

Release notes

Sourced from vite's releases.

create-vite@6.4.1

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.0-beta.15 (2026-02-19)

Features

• update rolldown to 1.0.0-rc.5 (#21660) (b3ddbc5)

Bug Fixes

• dev: only treat EADDRINUSE as port conflict in wildcard pre-check (#21642) (e54e25f)
• dev: prevent concurrent server restarts (#21636) (8ce23a3)
• dev: return "502 Bad Gateway" on proxy failures instead of 500 (#21652) (e240df2)

Performance Improvements

• ssr: skip circular import check for already-evaluated modules (#21632) (235140b)
• use tsconfig cache for oxc transform in dev (#21643) (57ff177)

Miscellaneous Chores

• deps: remove fdir and @rollup/plugin-commonjs (#21639) (5abffd5)
• deps: update dependency @​rollup/plugin-alias to v6 (#21097) (44b5bdf)

8.0.0-beta.14 (2026-02-12)

Features

• update rolldown to 1.0.0-rc.4 (#21617) (1ee5c7f)
• wasm: add SSR support for .wasm?init (#21102) (216a3b5)

Bug Fixes

• clear tsconfig cache only when tsconfig.json is cached (#21622) (50c9675)
• deps: update all non-major dependencies (#21594) (becdc5d)
• lib: CSS injection point error with nested name IIFE output (#21606) (5003de6)
• module-runner: incorrect column with sourcemapInterceptor: "prepareStackTrace" (#21562) (416c095)
• module-runner: prevent crash on negative column in stacktrace (#21585) (a075590)
• rolldownOptions/rollupOptions merging at environment level (#21612) (db2ecc7)

Miscellaneous Chores

• fix broken link for future deprecations (#21603) (25f4501)
• update customResolver deprecation message to mention enforce: 'pre' (#21576) (2ce34d5)

Code Refactoring

• enable some native plugins even with enable native plugin false (#21608) (5a4f692)
• use rolldown/utils (#21577) (e56103f)
• use internal devtools config (#21609) (9aea20f)
• use parseEnv (#21586) (f859d2c)
• wasm: remove native wasm helper plugin usage (#21566) (71a86be)

Tests

... (truncated)

Commits

• 0a0c50a refactor: simplify pluginFilter implementation (#19828)
• 59d0b35 perf(css): avoid constructing renderedModules (#19775)
• 175a839 fix: reject requests with # in request-target (#19830)
• e2e11b1 fix(module-runner): allow already resolved id as entry (#19768)
• 7200dee fix: correct the behavior when multiple transform filter options are specifie...
• b125172 fix(css): remove empty chunk imports correctly when chunk file name contained...
• 8fe3538 test: tweak generateCodeFrame test (#19812)
• 36935b5 fix(types): remove the keepProcessEnv from the DefaultEnvironmentOptions ...
• a0e1a04 docs(vite): fix description of transformIndexHtml hook (#19799)
• 71227be fix: unbundle fdir to fix commonjsOptions.dynamicRequireTargets (#19791)
• Additional commits viewable in compare view

Updates @tiptap/extension-link from 2.8.0 to 2.10.4

Changelog

Sourced from @​tiptap/extension-link's changelog.

2.10.4

Patch Changes

• 1c2fefe: Added checks for allowed protocols in link commands & exported isValidUri helper for manual checks outside of the extension

2.10.3

2.10.2

2.10.1

2.10.0

Patch Changes

• 7619215: The link extension's validate option now applies to both auto-linking and XSS mitigation. While, the new shouldAutoLink option is used to disable auto linking on an otherwise valid url.

2.9.1

2.9.0

Commits

• f2afde0 chore(release): release version 2.10.4 (#5947)
• 1c2fefe Fixed Link extension's commands not respecting XSS prevention via unallowed p...
• 7567ace chore(release): release version 2.10.3 (#5874)
• ccd0147 fix(link): change type HTMLLinkElement to HTMLAnchorElement (#5858)
• c5d87d6 chore(release): release version 2.10.2 (#5861)
• 9d1c41e chore(release): publish a new release version (#5855)
• 4b2de33 chore(release): release version 2.10.0 (#5843)
• 7619215 revert: "chore(release): publish a new pre-release version (#5769)"
• 177868a chore(release): publish a new pre-release version (#5769)
• 62c6ddd fix(link): add backwards compat by deprecating validate and using isAllowedUr...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.