build(deps): bump protobufjs and cesium

[dependabot]

Bumps protobufjs to 8.6.3 and updates ancestor dependency cesium. These dependencies need to be updated together.

Updates protobufjs from 7.5.8 to 8.6.3

Release notes

Sourced from protobufjs's releases.

protobufjs: v8.6.3

8.6.3 (2026-06-10)

Bug Fixes

• Consistently reject truncated 64-bit varints (#2322) (ec868f3)
• Include interfaces in API docs and fix FieldMask doc comment (#2319) (c98a4e5)
• Preserve explicit URLs in path resolution (#2320) (c97cdbe)
• Remove renamed reflection objects by identity (#2324) (9c9f8ee)
• Support Node ESM named imports from CommonJS entrypoints (#2315) (3359e64)
• Support utf8_validation during decode (#2325) (4dff8e4)

protobufjs: v8.6.2

8.6.2 (2026-06-09)

Bug Fixes

• Discard unknown fields by default (#2310) (bf12d56)

protobufjs: v8.6.1

8.6.1 (2026-06-07)

Bug Fixes

• cli: Consistently wait for pbts output before JSDoc exit (#2306) (87ff02f)
• cli: Preserve indentation in multiline declarations (#2307) (b38748d)
• Preserve descriptor metadata needed by protoc-gen-pbjs (#2308) (a3b8dc7)
• Remove inquire submodule (#2305) (cc42616)

protobufjs: v8.6.0

8.6.0 (2026-06-04)

Features

• Add spec-compliant protojson extension (#2297) (ffd3d51)

Bug Fixes

• Avoid name collisions in generated code (#2302) (ce013ab)
• cli: Vendor patched Catharsis for pbts (#2304) (29f7c96)
• Remove postinstall script (#2299) (b8ed7be)
• Support null-prototype plain objects in converters (#2300) (bf20d84)

protobufjs: v8.5.0

8.5.0 (2026-05-29)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

8.6.3 (2026-06-10)

Bug Fixes

• Consistently reject truncated 64-bit varints (#2322) (ec868f3)
• Include interfaces in API docs and fix FieldMask doc comment (#2319) (c98a4e5)
• Preserve explicit URLs in path resolution (#2320) (c97cdbe)
• Remove renamed reflection objects by identity (#2324) (9c9f8ee)
• Support Node ESM named imports from CommonJS entrypoints (#2315) (3359e64)
• Support utf8_validation during decode (#2325) (4dff8e4)

8.6.2 (2026-06-09)

Bug Fixes

• Discard unknown fields by default (#2310) (bf12d56)

8.6.1 (2026-06-07)

Bug Fixes

• cli: Consistently wait for pbts output before JSDoc exit (#2306) (87ff02f)
• cli: Preserve indentation in multiline declarations (#2307) (b38748d)
• Preserve descriptor metadata needed by protoc-gen-pbjs (#2308) (a3b8dc7)
• Remove inquire submodule (#2305) (cc42616)

8.6.0 (2026-06-04)

Features

• Add spec-compliant protojson extension (#2297) (ffd3d51)

Bug Fixes

• Avoid name collisions in generated code (#2302) (ce013ab)
• cli: Vendor patched Catharsis for pbts (#2304) (29f7c96)
• Remove postinstall script (#2299) (b8ed7be)
• Support null-prototype plain objects in converters (#2300) (bf20d84)

8.5.0 (2026-05-29)

Features

• Add option to discard unknown fields (#2289) (f8c489b)

... (truncated)

Commits

• 8076a5e chore: release master (#2318)
• 4dff8e4 fix: Support utf8_validation during decode (#2325)
• 9c9f8ee fix: Remove renamed reflection objects by identity (#2324)
• de18bbe docs: Document custom constructor registration order (#2323)
• c98a4e5 fix: Include interfaces in API docs and fix FieldMask doc comment (#2319)
• c97cdbe fix: Preserve explicit URLs in path resolution (#2320)
• ec868f3 fix: Consistently reject truncated 64-bit varints (#2322)
• 3359e64 fix: Support Node ESM named imports from CommonJS entrypoints (#2315)
• 41d3517 chore: release master (#2316)
• bf12d56 fix: Discard unknown fields by default (#2310)
• Additional commits viewable in compare view

Updates cesium from 1.120.0 to 1.142.0

Release notes

Sourced from cesium's releases.

CesiumJS 1.142

1.142 - 2026-06-01

Highlights include:

• Added GeoJsonPrimitive for loading GeoJSON directly into BufferPrimitiveCollections, bypassing the entity/DataSource layer for significantly improved performance with large datasets. CesiumGS/cesium#13505
• Added MVTDataProvider for loading Mapbox Vector Tiles (MVT) directly into CesiumJS as 3D Tiles. Supports per-feature styling via Cesium3DTileStyle, feature picking with metadata (getProperty), and automatic property table encoding via EXT_structural_metadata. CesiumGS/cesium#13404
• Added blendOption constructor parameter to BufferPointCollection, BufferPolylineCollection, and BufferPolygonCollection, supporting BufferPrimitiveMaterial#color.alpha. Added support for BufferPrimitiveMaterial#outlineColor.alpha to BufferPointCollection. CesiumGS/cesium#13384
• Added experimental support for EXT_mesh_polygon draft glTF extension and 3DTILES_content_gltf_vector draft 3D Tiles extension. CesiumGS/cesium#13478
• Added EdgeDisplayMode enum and edgeDisplayMode property to Model and Cesium3DTileset for controlling how edges from the KhronosGroup/glTF#2479 glTF extension are rendered. Supports three modes: SURFACES_ONLY, SURFACES_AND_EDGES, and EDGES_ONLY (CAD-style wireframe rendering). CesiumGS/cesium#13192

See the changelog for the complete list of changes.

CesiumJS 1.141

1.141 - 2026-05-01

Highlights include:

• Bumped minimum required Node version to 22.0.0
• BufferPrimitiveCollection properties modelMatrix, boundingVolume, and boundingVolumeWC are now readonly. They may be modified, but not reassigned. #13448
• Added support for properties (EXT_structural_metadata) in vector tilesets. #13426
• Fixed lighting affecting EquirectangularPanorama. #13369
• Fixed incorrect matrix multiplication for non worldspace instance transforms in pickModel. #13433

See the changelog for the complete list of changes.

CesiumJS 1.140

1.140 - 2026-04-01

Highlights include:

• Billboards and labels now require device support for WebGL 2, or WebGL 1 with ANGLE_instanced_arrays and MAX_VERTEX_TEXTURE_IMAGE_UNITS > 0. CesiumGS/cesium#13053 CesiumGS/cesium#13253
• Added experimental, performance-focused vector primitive APIs: BufferPointCollection, BufferPolylineCollection, and BufferPolygonCollection. CesiumGS/cesium#13212
• Added support for Reality Data of type ITwinPlatform.RealityDataType.GaussianSplat3DTiles to ITwinData.createTilesetForRealityDataId. CesiumGS/cesium#13208
• Added GetFeatureInfo support to WebMapTileServiceImageryProvider, enabling WebMapTileServiceImageryProvider.pickFeatures for both KVP and RESTful WMTS services. New class parameters include enablePickFeatures, getFeatureInfoFormats, getFeatureInfoUrl, and getFeatureInfoParameters. CesiumGS/cesium#13196
• Added limited support (via downcasting) for double-precision metadata types in custom shaders. CesiumGS/cesium#13323
• Added a new experimental property PathGraphics.relativeTo which allows entity PathGraphics to be displayed in a reference frame relative to another entity, or a different reference frame than the entity's Position.ReferenceFrame. CesiumGS/cesium#13223

See the changelog for the complete list of changes.

CesiumJS 1.139.1

1.139.1 - 2026-03-05

Highlights include:

• Fixes a regression with the NGA-GPM local extension and custom shaders. #13247

... (truncated)

Changelog

Sourced from cesium's changelog.

Change Log

1.143 - 2026-07-01

@​cesium/engine

Fixes 🔧

• Fixed invalid glTF sampler wrap modes causing a DeveloperError to be thrown instead of falling back to TextureWrap.REPEAT. #13562
• Fixed missing InterpolationAlgorithm documentation page that was returning a 404. #13550
• Fixed EdgeVisibilityRendering release test failures. #13545
• Fix for BufferPointCollection preventing outlineColor from bleeding slightly into the visible area when outlineWidth=0px. #13543
• Fixed a bug where callbacks registered with Scene.updateHeight could receive positions computed for other tiles, causing clamped entities to show incorrect heights. #12602

1.142 - 2026-06-01

@​cesium/engine

Breaking Changes 📣

• The boundingVolume property on BufferPointCollection, BufferPolylineCollection, and BufferPolygonCollection is now defined in world space, not local/model space. #13477

Additions 🎉

• Added GeoJsonPrimitive for loading GeoJSON directly into BufferPrimitiveCollections, bypassing the entity/DataSource layer for significantly improved performance with large datasets. #13505
• Added MVTDataProvider for loading Mapbox Vector Tiles (MVT) directly into CesiumJS as 3D Tiles. Supports per-feature styling via Cesium3DTileStyle, feature picking with metadata (getProperty), and automatic property table encoding via EXT_structural_metadata. #13404
• Added blendOption constructor parameter to BufferPointCollection, BufferPolylineCollection, and BufferPolygonCollection, supporting BufferPrimitiveMaterial#color.alpha. Added support for BufferPrimitiveMaterial#outlineColor.alpha to BufferPointCollection. #13384
• Added experimental support for EXT_mesh_polygon draft glTF extension and 3DTILES_content_gltf_vector draft 3D Tiles extension. #13478
• Added boundingVolume constructor parameter to BufferPointCollection, BufferPolylineCollection, and BufferPolygonCollection. For larger animated collections, providing a precomputed bounding volume can eliminate the performance cost of automatically updating the bounding volume frequently. #13477
• Added EdgeDisplayMode enum and edgeDisplayMode property to Model and Cesium3DTileset for controlling how edges from the EXT_mesh_primitive_edge_visibility glTF extension are rendered. Supports three modes: SURFACES_ONLY, SURFACES_AND_EDGES, and EDGES_ONLY (CAD-style wireframe rendering). #13192
• Added support for multiple key modifiers in ScreenSpaceEventHandler.setInputAction. #13307

Fixes 🔧

• Fixed a bug causing BufferPointCollection to not update after changes to point positions. #13465
• Improved the default voxel shader for common metadata types. #13517

1.141 - 2026-05-01

cesium

Breaking Changes 📣

• Bumped minimum required Node version to 22.0.0

@​cesium/engine

Breaking Changes 📣

• BufferPrimitiveCollection properties modelMatrix, boundingVolume, and boundingVolumeWC are now readonly. They may be modified, but not reassigned. #13448

... (truncated)

Commits

• 3d07db3 update ThirdParty.json
• a092212 version bumps and token updates for release
• f630b94 Merge pull request #13514 from CesiumGS/token-updater/auto-update-26386933369
• 68c472a Merge pull request #13517 from CesiumGS/voxel-default-shader
• 1e60e84 Merge pull request #13524 from CesiumGS/pano-sandcastle-fix
• 8cca916 Merge pull request #13532 from CesiumGS/june-26-npm-updates
• f615b99 more updates
• 4689399 more package updates
• 0c71098 update dependency
• c47a9da Merge pull request #13188 from CesiumGS/cesium-copilot
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lukemckinstry, a new releaser for cesium since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.